Legal Center
Privacy Policy
Privacy policy of OKOMO AG
Status August 2023
OKOMO may unilaterally modify this policy at any time.
Table of contents
I.Name and address of the responsible person
II.Contact details of the data protection officer
III.General information on data processing
IV.Rights of the data subject
V.Provision of the website and creation of log files
VI.Use of cookies
VII.Newsletter
VIII.E-mail contact
IX.Contact form
X.Application by e-mail and application form
XI.Use of company presences in job-oriented networks
XII.Hosting
XIII.Content Delivery Networks
XIV.Plugins used
I.Name and address of the responsible person
The responsible person within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
OKOMO AG
Sihleggstrasse 23
8832 Wollerau
Switzerland
legal@okomo.com
II.Contact details of the data protection officer
The data protection officer is:
DataCo GmbH
Dachauer Street 65
80335 Munich
Germany
+49 89 7400 45840
III.General information on data processing
1. Scope of the processing of personal data
As a matter of principle, we only process personal data of our visitors insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our visitors is only carried out after the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible and the processing of the data is required by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 ( 1 ) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 ( 1 ) sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another physical person make it necessary to process personal data, Article 6 ( 1 ) sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 ( 1 ) sentence 1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European Union or national regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
IV.Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. The right of access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have a right of access to this data and to the following information:
-Processing purposes
-Categories of personal data
-Recipients or categories of recipients
-Planned storage duration or the criteria for determining this duration
-The existence of the rights of rectification, erasure or restriction or opposition
-Right of appeal to the competent supervisory authority
-If applicable, origin of the data (if collected from a third party)
-If applicable, existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected.
-If applicable, transfer of personal data to a third country or international organisation
2. Right of rectification (Art. 16 GDPR)
If your personal data is incorrect or incomplete, you have the right to request that the personal data be corrected or completed without delay.
3. Right to restriction of processing (Art. 18 GDPR)
If one of the following conditions is met, you have the right to request a restriction of the processing of your personal data:
-You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data.
-In the context of unlawful processing, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
-We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal rights, or
-After you have objected to the processing, for the duration of the examination as to whether our legitimate reasons outweigh your reasons.
4. Right to erasure ("right to be forgotten") (Art. 17 GDPR)
If one of the following reasons applies, you have the right to request the immediate deletion of your personal data:
-Your data is no longer necessary for the processing purposes for which it was originally collected.
-You withdraw your consent and there is no other legal basis for the processing.
-You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) GDPR.
-Your personal data is processed unlawfully.
-Deletion is necessary to comply with a legal obligation under European Union law or the law of a Member State to which we are subject.
-The personal data have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
Please note that the above reasons do not apply insofar as the processing is necessary:
-To exercise the right to freedom of expression and information;
-To comply with a legal obligation or to perform a task which is in the public interest and to which we are subject.
-For reasons of public interest in the field of public health.
-For archival purposes in the public interest, scientific or historical research purposes or statistical purposes.
-For the assertion, exercise or defence of legal claims.
5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, common and machine-readable format or to request that it be transferred to another controller.
6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 ( 1) sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
7. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
V.Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
-Information about the browser type and version used
-The user's operating system
-The IP address of the user
-Date and time of access
-Websites from which the user's system accesses our website
-Websites that are accessed by the user's system via our website
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f GDPR.
3. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after six months at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the visitor.
5. Possibility of opposition
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful is to be determined within the framework of a balancing of interests.
VI.Use of cookies
1. Description and scope of data processing
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager.
Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you are using so that certain information can flow to the entity that sets the cookie. Below we describe the type of cookies we use:
We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies:
-Opt-in privacy statement
-Authorisation/prevention of data transmission to Hubspot (hosting our website)
-Prevent the cookie banner from being displayed again
-Cookie consent categories
-A/B testing consistency
-Preferred language
-Rate cap protection
-Bot protection
We use cookies on our website that are not technically necessary. Text files that do not solely serve the functionality of the website but also collect other data are considered technically unnecessary cookies.
When accepting technically unnecessary cookies, the following data is processed:
-Number of visits and pages visited
-Identification of the visitor
-Date and time the website was accessed
2. Purpose of the data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We require the technically necessary cookies for the following applications:
-Website functionality
The use of technically unnecessary cookies is for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus constantly optimise our offer. In particular, we use these cookies for the following purposes:
-Better understanding of users' needs and expectations
3. Legal basis for the data processing
The provisions of the Telecommunications and Telemedia Data Protection Act (TTDPA) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of § 25 para. 2 no. 2 TTDPA. This storage of and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information on different storage periods for cookies can be found in the following sections of this data protection declaration.
Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. The basis for storing and accessing information in this case is § 25 para. 1 TTDPA in conjunction with Art. 6 para. 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using. If personal data is processed following the storage of and access to the information on your terminal equipment, the provisions of the GDPR are relevant. Information on this can be found in the following sections of this privacy policy.
VII.Newsletter
1. Description and scope of data processing
On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.
-E-mail address
-Name
-First name
-Date and time of registration
No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
2. Purpose of the data processing
The collection of the user's email address is used to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
3. Legal basis for the data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a GDPR if the user has given their consent.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.
5. Possibility of revocation
The subscription to the newsletter can be cancelled by the user at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables revocation of consent to the storage of personal data collected during the registration process.
VIII.E-mail contact
1. Description and scope of data processing
On our website, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
2. Purpose of the data processing
The data is used exclusively for processing the conversation. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
3. Legal basis for the data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. Our legitimate interest is to optimally answer your enquiry that you send by e-mail.
If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of three months at the latest.
5. Possibility of opposition
If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
A user may request to withdraw consent and object to storage by sending an email to legal@okomo.com.
All personal data stored in the course of contacting us will be deleted in this case.
IX.Contact form
1. Description and scope of data processing
Our website contains a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted to us and stored.
The following data is stored at the time the message is sent:
-e-mail address
-Name
-First name
-Date and time of contact
-Company (automatic)
-Position (non-mandatory)
-Telephone number (non-mandatory)
2. Purpose of the data processing
The processing of personal data from the input mask of the contact form or via the e-mail address provided serves us solely to process the contact.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Legal basis for the data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1p. 1 lit. f GDPR. Our legitimate interest is to optimally answer your enquiry that you send to us via the contact form.
If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of opposition
If the user contacts us via the input mask in the contact form, he can object to the storage of his personal data at any time.
A user may request to withdraw consent and object to storage by sending an email to legal@okomo.com.
All personal data stored in the course of contacting us will be deleted in this case.
X.Application by e-mail and application form
1. Scope of the processing of personal data
Our website contains an application form that can be used for electronic applications. If an applicant uses this option, the data entered in the input mask will be transmitted to us and stored. These data are:
-First name
-Name
-Telephone / mobile phone number
-e-mail address
-Salary expectation
-Available from
-Curriculum vitae
Alternatively, you can also send us your application by e-mail. In this case, we will collect your e-mail address and the data you provide in the e-mail.
After sending your application, you will receive a confirmation of receipt of your application documents by e-mail from us.
Your data will not be passed on to third parties. The data will only be used for processing your application.
2. Purpose of the data processing
The processing of personal data from the application form is solely for the purpose of processing your application. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the submission process serve to prevent misuse of the application form and to ensure the security of our information technology systems.
3. Legal basis for the data processing
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 p. 1 lit. b Alt. 1 GDPR.
The legal basis for the processing of data within the framework of the applicant pool is the applicant's express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. You can revoke your consent at any time with effect for the future.
4. duration of the storage
After completion of the application process, the data will be stored for up to six months. Your data will be deleted after the six months at the latest. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions.
XI.Use of company presences in job-oriented networks
1. Scope of data processing
We make use of the possibility of company presences in profession-oriented networks. We maintain a company presence on the following professional networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
On our site, we provide information and offer users the opportunity to communicate.
The company website is used for applications, information/PR and active sourcing.
We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. You can find more information on this in the privacy policy of:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public.
2. Legal basis for the data processing
The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest here is to answer your enquiry in the best possible way or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
3. Purpose of the data processing
Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.
4. Duration of the storage
We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.
5. Possibility of opposition
You can object at any time to the processing of your personal data that we collect in the course of your use of our company website and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal e-mail to the e-mail address stated in this data protection declaration. You can find further information on exercising your rights here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XII.Hosting
The website is hosted on servers of a service provider commissioned by us.
Our service provider is:
Hubspot
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:
-Browser type and version
-Operating system used
-Referrer URL
-Host name of the accessing computer
-Date and time of the server request
-IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1lit. f GDPR. Our legitimate interest for processing this data is to present our website without errors and to optimise its functions.
The website server is geographically located in the United States of America.
XIII.Content DeliveryNetworks
CloudFlare
1. description and scope of data processing
On our website, we use functions of the CloudFlare content delivery network of CloudFlareGermany GmbH, Rosental 7, 80331 Munich, Germany (hereinafter referred to as: CloudFlare ). A Content DeliveryNetwork (CDN) is a network of regionally distributed servers connected via the Internet, with which content - in particular large media files such as videos - is delivered. CloudFlare provides web optimisation and security services that we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection is established to CloudFlare's servers in order to retrieve content, for example. Personal data may be stored and analysed in server log files, especially the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system). Further information on the collection and storage of data by CloudFlare can be found here: https://www.cloudflare.com/de-de/privacypolicy/
2. Purpose of the data processing
The use of CloudFlare's functions serves to deliver and accelerate online applications and content.
3. Legal basis for the data processing
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.
4. Duration of the storage
Your personal information will be retained for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law.
5. Possibility of opposition
Information on how to exercise your rights against CloudFlarecan be found at:
https://www.cloudflare.com/de-de/privacypolicy/
XIV.Plugins used
We use plugins for various purposes. The plugins used are listed below:
- OKOMO: for video communication with OKOMO employees, please refer to the OKOMO service privacy statement.
- Personio: for the presentation of job opportunities and the processing of job applications, please refer to Personio privacy policy.
This privacy policy was created with the support of DataGuard.