Privacy Policy
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the OHB SE. The use of the Internet pages of the OHB SE is possible without any indication of personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the OHB SE. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller, the OHB SE has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
1. Definitions
The data protection declaration of OHB SE is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this Privacy Policy:
a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) person concerned
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
e) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
f) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
g) Receiver
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
h) Third
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
i) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. External hosting
This website is hosted externally. The personal data processed on the OHB SE website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TDDDG. Consent can be revoked at any time.
Our host will only process your data in accordance with your instructions to the extent that this is necessary to fulfill its performance obligations.
We use the following host:
Stefan Siedau
WebMen Internet Dresden GmbH
Marienallee 2
01099 Dresden
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract that is required under data protection law and ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the law.
3. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
OHB SE
Manfred-Fuchs-Platz 2-4
D-28359 Bremen
4. Name and address of the data protection officer
The data protection officer of the controller is:
Jochen Zurborg
Manfred-Fuchs-Platz 2-4
D-28359 Bremen
Phone: +49 (0)421 2020 9720
E-mail: datenschutz@ohb.de
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
5. Cookies
The Internet pages of the OHB SE use cookies. Cookies are text files that are stored on a computer system via an Internet browser.
Through the use of cookies, the OHB SE can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Cookies are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser. Cookies can be used to optimize the information and offers on our website for the benefit of the user. Cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.
Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested or to optimize the website (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. OHB SE has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG); the consent can be revoked at any time.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies.
Only necessary session cookies are used on our website.
6. Collection of general data and information
The website of the OHB SE collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. The following can be recorded
(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrer),
(4) the sub-websites that are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an Internet Protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the OHB SE does not draw any conclusions about the data subject. Rather, this information is required to
(1) to deliver the content of our website correctly,
(2) to optimize the content of our website and the advertising for it,
(3) to ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
Therefore, the OHB SE analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
7. SSL or TLS encryption
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
8. Contact via the website
The website of the OHB SE contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
9. Routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
10. Rights of the data subject
a) Right to confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact the data protection officer.
b) Right to information
Any person affected by the processing of personal data has the right to receive information free of charge at any time from the controller about the personal data stored about them and a copy of this information.
If a data subject wishes to exercise this right to information, they can contact the data protection officer at any time.
c) Right to rectification
Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, they can contact the data protection officer at any time.
d) Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right to demand from the controller that the personal data concerning them be deleted immediately, provided that the processing is no longer necessary:
If a data subject wishes to request the erasure of personal data stored by OHB SE, he or she may contact the Data Protection Officer at any time. The Data Protection Officer of OHB SE shall promptly ensure that the erasure request is complied with immediately.
The Data Protection Officer of OHB SE will arrange for deletion in individual cases in accordance with Art. 17 para. 1 GDPR, insofar as processing is no longer necessary.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:
• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by OHB SE, he or she may at any time contact the Data Protection Officer. The data protection officer of OHB SE will arrange for the restriction of processing.
f) Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to a third party. Insofar as it is technically feasible and the rights and freedoms of other persons are not affected by this, data may be transferred directly to another controller.
In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer of the OHB SE.
g) Right to object
Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
The OHB SE shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If the OHB SE processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the OHB SE to the processing for direct marketing purposes, the OHB SE will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the OHB SE for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may directly contact the Data Protection Officer of OHB SE.
h) Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
If the data subject wishes to assert rights relating to automated decisions, they can contact the data protection officer at any time.
i) Right to withdraw consent under data protection law
If you have given us your consent to process your personal data in accordance with Section 25 (1) sentence 1 TDDDG, Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, you have the right to withdraw this consent at any time. If the data subject wishes to exercise their right to withdraw consent, they can contact the data protection officer at any time.
j) Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement.
11. Legal basis of the processing
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax or commercial law obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person, in which case the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
12. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
13. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g. tax or commercial law regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
14. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
15. Data processing by social networks
We maintain publicly accessible profiles in social networks. A list of the networks we use can be found below.
Social networks such as Facebook, Instagram, LinkedIn or X have the ability to comprehensively analyze your user behavior when you visit their website or pages with integrated social media content. Visiting our social media presences can trigger numerous data protection-relevant processing operations:
If you are logged into your social media account and visit our website, the operator of the social network can assign your visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account. In this case, data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
The data collected enables the operators of the social networks to create user profiles in which your preferences and interests are stored. This allows interest-based ads to be displayed to you both within and outside the respective social media presence. If you have an account on the relevant network, this advertising may appear on all devices on which you are or have been logged in.
Please note that we cannot track all processing operations on the social media platforms. Depending on the provider, further processing steps may be carried out by the operators of the social networks. Details on this can be found in the terms of use and privacy policies of the respective platforms.
15.1 Legal basis
Our social media presences serve to ensure comprehensive visibility on the internet. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on other legal bases, which must be provided by the operators of the networks (e.g. consent pursuant to Art. 6 para. 1 lit. a GDPR).
15.2 Responsible party and assertion of rights
If you visit one of our social media sites, we are jointly responsible with the operator of this platform for the data processing that takes place. You have the right to assert your claims (such as information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media platform.
Please note that despite this shared responsibility with the operators of the social media platforms, we do not have full control over the data processing processes. Our options are largely dependent on the guidelines and practices of the respective provider.
16. Integration of YouTube videos
The provider has integrated YouTube videos into its website, which are stored on www.YouTube.com and can be played directly from its website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The videos are all integrated in "extended data protection mode", i.e. no data about the user is transferred to YouTube or Google if the user does not play the videos. Data is only transferred when the user plays the videos. The provider has no influence over this.
By visiting the website, YouTube receives the information that the user has accessed the corresponding subpage of the website. This occurs regardless of whether YouTube provides a user account through which the user is logged in or whether no user account exists.
YouTube stores this data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising. Users have the right to object to the creation of these user profiles, whereby they must contact YouTube to exercise this right.
By integrating YouTube, the user is given the opportunity to access videos and, if necessary, to use the functionalities of YouTube. The provider thereby aims to improve its offering. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.
Further information on the purpose and scope of data collection and its processing by the third-party provider can be found in the YouTube or Google privacy policy provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.com/policies/privacy/partners/
17. Social media plugins
We use social media buttons (also known as social media plugins) on our website. These are small buttons that you can use to publish content from our website on social networks under your profile.
If you activate such a button, a connection is established between our website and the relevant social network. In addition to the relevant content, the operator of the social network receives further information, some of which is personal. This includes, for example, the fact that you are currently visiting our site.
The social media buttons are integrated using the so-called Shariff solution. This solution prevents a connection to a social network from being established simply because you access a page with a social media button without activating it. This means that information is only transmitted to the social network when you use the button.
We use the following social media plugins:
a) Facebook:
We use social plugins from the social network Facebook on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Meta, some of the data collected is also transferred to the USA and other third countries. Meta complies with the data protection provisions of the US Privacy Shield and is registered with the US Privacy Shield program of the US Department of Commerce. For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's data protection information: www.facebook.com/privacy/policy.
b) Instagram:
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (EU), or Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. You can view their privacy policy at help.instagram.com/519522125107875.
c) X (Twitter):
We have a profile on X. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Some information is transmitted to the parent company Twitter Inc. based in the USA. This company observes the data protection provisions of the "US Privacy Shield" and is registered with the "US Privacy Shield" program of the US Department of Commerce. Further information on data protection at Twitter can be found in the privacy policy of X: x.com/en/privacy.
d) Xing:
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: privacy.xing.com/en/privacy-policy.
e) LinkedIn:
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. In some cases, information is transmitted to the parent company based in the USA The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.linkedin.com/legal/l/dpa and www.linkedin.com/legal/l/eu-sccs.
Further information on data protection at LinkedIn can be found in LinkedIn's privacy policy: www.linkedin.com/legal/privacy-policy
f) YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Details on how they handle your personal data can be found in YouTube's privacy policy: policies.google.com/privacy.