Data Protection Declaration

  1. Content of our website
  2. Application management/list of vacancies
  3. Newsletter
  4. Our social networking activities
  5. Website tracking
  6. Handling of customer and supplier data
  7. Handling of visitor data
  8. OASE Control App

I. Content of our website

1. User registration

In order to become a registered user of our website, you must provide certain personal data.

The personal data transferred to us is defined from the input screen used during the registration process. Any personal data you enter will be collected and stored exclusively for our internal use and our own purposes. We may arrange for the data to be transferred to one or more contract processors, for example a parcel shipment company; these processors will also use the personal data solely for internal purposes, for which we will be responsible.

If you register on our website, the IP address assigned by your Internet Service Provider (ISP) and the date and time of registration will also be stored. This is necessary to prevent misuse of our services and investigate any crimes that might be committed. We store this data as a means of protecting our interests. As a basic principle, this data will not be transferred to third parties unless there is a legal obligation to do so or the transfers are necessary for law enforcement purposes.

By registering and providing your personal data on a voluntary basis, you will also enable us to offer you content or services whose nature means that they can only be offered to registered users. Individuals who have registered on the website are free to request that the personal data provided during registration be amended or completely erased from our database at any time.

We are always happy to provide information on the personal data we have stored about you. We are also happy to correct or erase personal data in response to a request, provided that we are not obliged by law to retain the data. Data subjects are welcome to contact the data protection officer named in this privacy statement or any other employees in this regard.

Your data will be processed for the purpose of allowing you to use our website in the most convenient and straightforward way possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

2. Data protection officer

Pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation), OASE GmbH has appointed a data protection officer who reports directly to the management as part of his role.

The data protection officer of OASE GmbH can be contacted by sending an email to the following address: datenschutzbeauftragter(at)oase.com

3. Data processing in connection with the opening of a customer account and the performance of a contract

Pursuant to Article 6(1)(b) GDPR, data may be collected and processed if you have provided us with this data in connection with the performance of a contract or the opening of a customer account. The types of data that are collected can be determined from the relevant input forms. You can delete your customer account at any time by emailing the controller (using the email address provided above). We will store and use the data that you provide for performance of the contract. Once the contract has been performed in full or your customer account has been deleted, your data will be blocked until expiry of the relevant retention periods under tax and commercial law and then erased, unless you have expressly consented to further use of your data or we are permitted by law to continue using the data; we will inform you below of any such permitted uses of your data.

4. Data processing for order handling

To the extent necessary, and within the framework of contract performance, the personal data that we collect will be transferred to the shipping company responsible for delivering the goods. In so far as is necessary for the purpose of processing your payment, we will transfer your payment details to the relevant financial institution. If payment service providers are used, we will explicitly inform you thereof in the following paragraphs. The legal basis for this transfer of data is Article 6(1)(b) GDPR.

5. Conclusion of contracts for online shop, dealers and shipment of goods

We only transfer personal data to third parties if this is necessary in connection with performance of the contract, for example to the companies responsible for delivering the goods or the financial institution responsible for processing the payment. Further data transfers will not take place or will only take place if you have expressly consented to them. Your data will not be transferred to third parties, e.g. for advertising purposes, without your express consent.

The basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data in connection with the performance of a contract or pre-contractual measures.

6. Contact/contact form

Your personal data will be collected if you make contact with us (e.g. via a contact form or by email). The types of data collected if you contact us via a contact form can be determined from the relevant contact form. The data will be stored and used exclusively for the purpose of answering your query or for making contact, and for the associated technical administrative matters. The legal basis for the processing of the data is our legitimate interest in responding to your query pursuant to Article 6(1)(f) GDPR. If you have made contact for the purpose of concluding a contract, Article 6(1)(b) GDPR will serve as an additional legal basis for processing. Once your query has been answered, your data will be deleted; this can be assumed to be the case if it is clear from the circumstances that the matter has been concluded and if there are no statutory retention obligations that would prevent deletion of the data.

7. Services/digital assets

We only transfer personal data to third parties if this is necessary in connection with performance of the contract, for example to the financial institution responsible for processing the payment.

Further data transfers will not take place or will only take place if you have expressly consented to them. Your data will not be transferred to third parties, e.g. for advertising purposes, without your express consent.

The basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data in connection with the performance of a contract or pre-contractual measures.

II. Application management/list of vacancies

We collect and process job applicants' personal data for the purpose of handling the application procedure. This data may also be processed electronically. In particular, this will be the case if an applicant sends us the relevant application documents electronically, for example by email or via a web form on the website. If we enter into an employment contract with an applicant, the data that has been transferred will be stored in accordance with the statutory provisions for the purpose of handling the employment relationship. If we decide not to enter into an employment contract with the applicant, the application documents will automatically be deleted two months after the applicant has been notified of the corresponding decision, provided that there are no other legitimate interests on our part that would prevent their deletion. Other legitimate interests in this connection include e.g. an obligation to provide evidence in proceedings under the General Equal Treatment Act [Allgemeines Gleichbehandlungsgesetz, AGG].

Data will be processed in this connection on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR.

III. Newsletter

1. Newsletter for existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers by email regarding goods or services from our range that are similar to those that you have already purchased. Pursuant to Section 7(3) of the Unfair Competition Act [Gesetz gegen den unlauteren Wettbewerb, UWG], we do not have to obtain any separate consent from you for this. Data will be processed in this connection solely on the basis of our legitimate interest in personalised direct advertising pursuant to Article 6(1)(f) GDPR. If you initially object to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect, by emailing the controller (email address provided above). You will only be charged the transmission costs in accordance with the basic tariffs. After we receive your objection, we will immediately stop using your email address for advertising purposes.

2. Advertising newsletter

You can subscribe to our company's newsletter on our website. The personal data transferred to us is defined from the input screen when you subscribe to the newsletter.

We send a newsletter to our customers and business partners at regular intervals to inform them about our offers. As a basic principle, you may only receive our company's newsletter if

1. you have a valid email address, and

2. you have registered to receive a newsletter.

For legal reasons, a double opt-in confirmation email will be sent to the email address you first provided when subscribing to the newsletter. This confirmation email is used to check that you are the owner of the email address and that you have authorised a subscription to the newsletter.

When you register for the newsletter, we also store the IP address (assigned by your Internet Service Provider or ISP) of the IT system you used at the time you registered, as well as the date and time of your registration. It is necessary to collect this data as a basis for investigating any (potential) misuse of your email address at a later date, or in other words as a means of protecting our legal interests.

The personal data collected in connection with a subscription to the newsletter will be used exclusively for the purpose of sending out the newsletter. Subscribers to the newsletter may also receive emails in so far as this is necessary for operation of the newsletter service or if an additional registration is required, for example if changes are made to the newsletters that are offered or if technical changes are made. The personal data collected in connection with a subscription to the newsletter is not transferred to third parties. You can cancel your subscription to our newsletter at any time. Consent to the storage of personal data that has been granted for the purpose of receiving the newsletter can be withdrawn at any time. Each newsletter contains a link that can be followed to withdraw consent. It is also possible to unsubscribe from the newsletter at any time directly on our website or to contact us in another way with an unsubscribe request.

The legal basis for the processing of data for the purpose of sending out the newsletter is Article 6(1)(a) GDPR.

3. Episerver newsletter

Full details of the privacy policy adopted by the corporate group Episerver can be found here.

IV. Our social networking activities

We have our own pages on social networks in order to communicate with you and provide you with information about our services.

We are not the original provider (controller) of these pages; we use them only within the scope of the opportunities offered to us by the relevant providers.

As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use of the data may therefore involve data protection risks since it may be more difficult for you to exercise your rights, e.g. the right to information, the right to erasure, the right to object etc., and data is frequently processed directly by social networks for advertising purposes or to analyse user behaviour in a manner that is beyond our control. If the provider creates user profiles, this often involves the use of cookies or the direct assignment of user behaviour to your member profile on social networks (if you are logged in to those sites).

These processing operations will only be carried out if you grant express consent pursuant to Article 6(1)(a) GDPR.

Since we do not have access to the providers' databases, we would like to point out that it is advisable for you to contact the relevant provider directly to exercise your rights (e.g. to information, correction, erasure etc.). Further information on the processing of your data by social networks and the options available to you to exercise your right to object or withdraw ("opt out") are listed below for the individual providers of social networks on which we have a presence:

1. Facebook

Data controller in Europe:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy notice: https://www.facebook.com/about/privacy

Opt-out and ad preferences:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Facebook has joined the EU-US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

https://de-de.facebook.com/about/privacy/

2. YouTube

Data controller:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy notice:  https://policies.google.com/privacy

Opt-out and ad preferences:  https://adssettings.google.com/authenticated

Google has joined the EU-US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

3. LinkedIn

Data controller in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy notice: https://www.linkedin.com/legal/privacy-policy

Opt-out and ad preferences:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn has joined the EU-US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

V. Website tracking

Google Analytics

On our websites we use Google Analytics, a web analytics service provided by Google Ireland Limited (https://about.google/intl/en/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google"). In this context, we create pseudonymous user profiles and use cookies (see the section "Cookies"). The information generated by the cookie concerning your use of the website, such as

  1. your browser type/version,
  2. your operating system,
  3. the referrer URL (the last page you visited before our website),
  4. the host name of the computer used to access the website (IP address),
  5. the time of the server request,

are transferred to a Google server in the USA and stored there. This information is used to assess the use of the website, to compile reports on website activities and to provide other services related to the use of the website and of the Internet for the purposes of market research, as well as to allow us to design our website to better suit user needs. This information may also be transferred to third parties if required by law or if these third parties process this data on our behalf. Under no circumstances will your IP address be combined with other data from Google. IP addresses are anonymised to ensure that it is not possible to make any associations (IP masking).

You can prevent the storage of cookies using the appropriate settings in your browser; however, please note that you may not be able to access the full functionality of some of the features of our website.

Google Analytics is only used with prior consent in accordance with Article 6(1)(a) GDPR.

You can prevent the collection of data generated by the cookie and related to your use of this website (including your IP address) as well as Google's processing of this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en-GB).

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on the following link: Disable Google Analytics. This will set an opt-out cookie, which will prevent your data being collected during any future visits to this website. The opt-out cookie only works for this browser and our website, and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

You can prevent Google Analytics collecting your data by clicking on the following link. This will set an opt-out cookie, which will prevent your data being collected during any future visits to this website.

Disable Google Analytics

For more information on data protection in connection with the use of Google Analytics, please refer to the following Google Analytics help page (https://support.google.com/analytics/answer/6004245?hl=en).

VI. Handling of customer and supplier data

We will process your data (including your personal data) for the purpose of arranging, performing and handling contractual relationships, for preparing offers and for invoicing, as well as for making contact and providing information as part of the customer service relationship.

1. Legal basis for data processing

The processing of data is necessary for performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) GDPR or to protect our legitimate interest pursuant to Article 6(1)(f) GDPR, and there are no overriding interests or fundamental rights and freedoms on the part of the data subject.

2. Categories of recipients

Internal recipients include Consulting, Contract Management, Accounting, Controlling and Back Office. We also use service providers (contract processors) to fulfil our tasks, such as IT service providers and hosting providers, and transfer data to authorities or courts within the scope of our legal obligations.

VII. Handling of visitor data

We will process your data (including your personal data) for the purpose of checking whether you are entitled to access the building. We will store the following data in this connection:

contact details of visitors (title, surname, first name, email address)

details of the actual visit (location, building, date, time)

1. Legal basis for data processing

Processing is necessary for the purpose of monitoring access to the building and protecting our legitimate interest pursuant to Article 6(1)(f) GDPR; there are no overriding interests or fundamental rights and freedoms on the part of the data subject.

2. Retention period

Your personal data will be stored for a period of one year from your last visit.

VIII. OASE Control App

 

1. Name and contact details of the data controller 

OASE GmbH

Tecklenburger Str. 161

48477 Hörstel, Germany

info@oase.com

Tel.: +49 (0) 5454/80-0

 

2. Contact details of the data protection officer

You can contact our data protection officer by writing to the above address (FAO Data Protection Officer) or sending an email to datenschutzbeauftragter@oase.com

 

3. Purposes and legal bases of processing

3.1. Downloading the app from the App Store or Play Store
When you download the app, the required information is transferred to the operator of the relevant store. Furthermore, the store independently collects various data and analyses your usage patterns. We have no influence over this data processing and are not responsible for it. We only process data if doing so is necessary in order for you to download the app to your device. The legal basis for this is our legitimate interest in making the app available for you to download from app stores (as per Art. 6(1)(f) GDPR). The legal basis for concluding a user agreement with you for our app when you download the app is Art. 6(1)(b) GDPR. When you download our app, your personal data is transferred to a third country, specifically to the USA; we assume that you consent to this due to the fact that you downloaded the app in the first place. We have also concluded EU standard contractual clauses with the operators of the stores.

3.2. User account and social login
You need to create a user account in order to use our app. The legal basis for processing personal data in connection with this is Art. 6(1)(b) GDPR.
Alternatively, our app has an integrated social login feature that enables you to log in using existing information from a social networking service. The legal basis for using the social login feature is Art. 6(1)(a) GDPR, i.e. this feature is only used and integrated once you have given your consent. Your consent also covers any transferral of data to a third country.
We do not know exactly how the operator of the respective social network processes your personal data. However, it can be assumed firstly that the operator of the social network will assign your data to your social media profile and use that data for advertising, market research and profiling purposes, and secondly that your data will be transferred to a third country, e.g. the USA. We have no influence over data processing by the operator of the respective social network.  
To justify data transfer to a third country, we have concluded EU standard contractual clauses with social network operators in addition to obtaining your consent.

3.3. Using the features of our app
The app gives you convenient control over all your smart OASE garden and aquarium products, either locally via Bluetooth or remotely from anywhere in the world via our cloud.  
The legal basis for processing personal data in this context is the user agreement for the app that we concluded with you (as per Art. 6(1)(b) GDPR).
If an account is created for you by a primary user as part of a multi-user account, we will receive your personal data from the primary user.

3.4. Use of Google Analytics
This app uses Google Analytics, a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the use of Google Analytics is your consent pursuant to Art. 6(1)(a) GDPR, which also applies to your data potentially being transferred to the USA.  
The information created when you use our services may be transferred to a Google server in the USA and stored there. We have therefore agreed EU standard contractual clauses with Google, which we use in conjunction with your consent as the basis for transferring your personal data to the USA.
We use Google Analytics to analyse your usage patterns so that we can continually improve our app and our services.

3.5. Voluntary customer surveys
Every so often we will invite you to take part in voluntary customer surveys, the results of which we use for internal analyses, product improvements and advertising purposes. The legal basis for this is your consent pursuant to Art. 6(1)(a) GDPR.

3.6. Direct marketing by email
When we receive your email address upon conclusion of the user agreement for this app, we will occasionally use it to send you direct marketing for our garden and aquarium products and services. You can object to us using your email address for this purpose at any time, for example by sending an email to datenschutzbeauftragter@oase.com. We will also make you aware of your right to object each time we send you a marketing email.  
 

4. Storage period and criteria used to determine the storage period

We will process your data for as long as your user account remains active. If you delete your user account, your data will be erased immediately unless we are legally obliged by, for example, the storage and documentation requirements of tax and commercial law (German Commercial Code, German Criminal Code and German Fiscal Code) to store your data for longer or you have consented to a longer storage period pursuant to Art. 6(1)(a) GDPR.
 

5. Recipients or categories of recipients

 

RecipientPurposeLegal basis

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052-6399

USA

Operating our app in the Microsoft Azure CloudEU standard contractual clauses + consent

Amazon Europe Core S.à r.l

38 Avenue John F. Kennedy

1855 Luxembourg

Alexa integrationEU standard contractual clauses + consent

Google Ireland Limited

Gordon House, Barrow Street

Dublin 4, Ireland

Google Assistant integrationEU standard contractual clauses + consent

 

6. Automated decision-making, including profiling

Your data will not be subject to automated decision-making, including profiling.

 

7. Rights of the data subject

You have the right to:

- Obtain access

- Obtain rectification

- Obtain erasure

- Obtain restriction of processing

- Data portability

- Lodge a complaint with a supervisory body

- Object to processing carried out on the basis of legitimate interests

- Withdraw your consent at any time without affecting the lawfulness of any processing carried out on the basis of your consent prior to its withdrawal.