Responsible in the sense of the general data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
Rother OSS GmbH
Legally represented by Stefan Rother
T DE: +49 (0)9427 68 39 000
T CH: +41 (0)552 08 80
You can find further details on the controller in our Imprint.
Data protection officer
We are not legally obliged to appoint a data protection officer and have not appointed one.
2. Server location
The servers on which our website, our e-mail system and the support portal are operated, are located in data centers in Germany and Switzerland.
Switzerland is a safe third country within the meaning of the GDPR; the appropriate level of data protection results from an adequacy decision of the European Commission according to Art. 45 GDPR as well as binding internal data protection regulations of the subcontractor according to Art. 47 in conjunction with Art. 46 Para. 2 lit b GDPR.
We have contracts regulating the data processing on our behalf with the hosting providers.
3. Data processing when using our website for information purposes
If you visit our website without using the contact options we offer (contact form, email, login for support customers, comment function in the blog, forum), only the personal data that your web browser transmits to our server will be collected.
We collect the following data that is technically necessary to display the website and ensure its stability and security:
– IP address
– date and time of access
– browser type and version used
– operating system used
– website from which you came to our website
– websites that you access via our website
This data is stored in so-called log files on our servers. It is not stored together with other personal data from you.
In addition, the application with which this site is operated ("Wordpress" + plugins) saves some types of access to this website for 14 days. Incorrect login attempts, attempts to access non-existent content ("404 Detection") and IP addresses that were blocked due to incorrect login attempts are logged.
The collection and temporary storage of the IP address is necessary to enable delivery of our website to your device. To do this, your IP address must remain stored for the duration of the session. The data listed above are saved in log files and by WordPress to ensure the functionality of the website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes.
Our legitimate interest in data processing lies in the purposes described above. The legal basis for the collection and temporary storage of the aforementioned data and the log files is Art. 6 Para. 1 lit. f GDPR.
The data will be deleted or blocked as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. The data collected by WordPress will be deleted after 14 days. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.
Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
The collection and storage of this data as described above is absolutely necessary for the provision of the website and its operation. There is no possibility to object.
The following essential cookies are set:
You can prevent the setting of cookies at any time by making the appropriate setting in your internet browser. Cookies that have already been set can be deleted manually or automatically at any time. This is possible in all common internet browsers. If the setting of cookies is deactivated in the browser, not all functions of the website may be fully usable.
The following cookies are set, unless you prevent storage by your browser settings or by clicking the corresponding link in the cookie banner or the following section:
Google Analytics' Cookies
If you give your consent, when you visit this website, cookies are set by Google Analytics, which enable your use of our website to be analysed. Your IP address is pseudonymised through technical precautions (IP anonymisation and deactivation of the user ID). An assignment of the data to the accessing user is therefore no longer possible. The data is not stored together with other personal data of the users.
We use the analysis cookies for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimise our offer and your user experience. Our legitimate interest in the processing of personal data also lies in these purposes.
The legal basis is Art. 6 Para. 1 lit. a GDPR.
We have a contract with Google governing the data processing on our behalf.
You can adjust your settings for Google Analytics cookies here:
Log-in of registered users at the support portal
A cookie is also created when registered users log in to our support portal via the website. This cookie enables the website to recognise you and is usually saved for 7 days. If you activate the function to remember the password / stay logged in, the storage period of the cookie is extended to one year. You can delete this cookie at any time using the settings in your browser.
The legal basis for the storage is Art. 6 Para. 1 lit. f GDPR. Our interest: The provision of contractual services and ease of use.
5. Contact form and email contact
We offer a contact form on our website, which can be used to contact us electronically. If you use this, the following data entered in the input mask will be sent to us by e-mail and saved:
phone number (if specified).
Alternatively, you can contact us using the email address provided. In this case, the personal data transmitted with the email will be saved.
The processing of the transmitted personal data serves only to process your request. If you contact us by email, this also includes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. Your data will not be passed on to third parties and will only be used to process your request.
The legal basis for processing the data with the user's consent is Art. 6 Para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis for the processing.
Subject to statutory retention periods, the data will be deleted as soon as we have processed your request.
You have the opportunity to send an email to email@example.com at any time to declare your objection or to withdraw your consent to data processing.
In this case, all personal data saved in the course of contacting us will be deleted. It will then no longer be possible to process your request.
6. Comment function and share buttons in the blog on the website
We offer users of our website the opportunity to leave individual comments on individual blog posts.
If users leave a comment in the blog published on this website, in addition to the comment itself, information about when the comment was entered as well as the name and email of the user are saved.
The comment will be published with the name. The e-mail address, the time stamp of the comment entry and the IP address of the user are saved in a database in the background. These personal data processed during the sending process serve to prevent misuse of the comment function and to ensure the security of our information technology systems.
The personal data collected will not be passed on to third parties unless such transfer is required by law or serves to defend the rights of the controller.
The legal basis for processing the data with the user's consent is Art. 6 Para. 1 lit. a GDPR. Insofar as the processing is based on our legitimate interests, the legal basis is Art. 6 Para. 1 lit. f GDPR.
The stored IP addresses are automatically anonymized after two months. We save your email address as long as your comment is publicly visible.
If you have given your consent to the storage of the data, you can revoke it at any time.
In this case, all personal data saved in the course of contacting us will be deleted. The entered comment will also be deleted.
We use the “Shariff” plugin to provide share buttons under blog posts. This was developed by the specialists of the computer magazine c’t as an alternative to the “share” buttons on social networks to enable more privacy on the net. More information on the Shariff project can be found here.
To subscribe to our newsletter, all you have to do is provide your email address. The dispatch takes place via a service provider from Germany. Your data will not be passed on to other third parties. By subscribing to the newsletter, you consent to the use of analysis functions to optimise the newsletter content. For detailed information on the newsletter subscription, please refer to the separate information on data protection for the OTOBO newsletters.
The forum software used and the associated databases are also operated on servers in Germany and Switzerland.
If you want to actively participate in the forum, you need a user account. This account is created in the forum software.
In order to offer the functionalities of the forum and also to be able to monitor and enforce the rules of forum usage, personal data of the forum users are processed.
A user of the forum can see the so-called "display names" of other users. Users can therefore choose this display name themselves. However, they cannot be changed arbitrarily in order to guarantee a comprehensible forum discussion.
The IP addresses of user actions are stored for a period of three days in order to ensure compliance with the forum rules.
Due to the range of functions, it is hardly possible to describe every single data processing in detail here. If you have specific questions about data processing in the context of the forum, please contact us. Of course you can have your account deleted in the forum at any time.
9. Data processing for job applications and in the application process
We may offer the opportunity to apply for a job online on our website. As part of the application process, we collect and process applicants' personal data. Processing can also be done electronically. This is particularly the case if you send your application documents to us by email.
In this case, the data is processed for the purpose of carrying out the application process.
If an employment contract is concluded, the transmitted data is stored for the purpose of handling the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be deleted two months after the announcement of the rejection decision. Deletion does not take place if further processing and storage of personal data is required in individual cases to assert, exercise or defend legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data.
The legal basis for data processing in the application process is Art. 6 Para. 1 lit. b GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process, Art. 6 para. lit. a GDPR. The legal basis for data processing after a rejection is Art. 6 Para. 1 lit. f GDPR.
You can revoke your consent at any time, you can object to the processing of your personal data at any time. In particular, you have the option to withdraw your application at any time.
10. Facebook link
We link from our website to our Facebook profile.
This is a pure link. We have not integrated any Facebook plugins into our website.
Further information on data protection at Facebook can be found in their data protection declaration: https://de-de.facebook.com/policy.php
11. Twitter link
We link from our website to our profile on Twitter.
This is a pure link. We have not integrated any Twitter plugins into our website.
You can change your data protection settings on Twitter in the account settings at http://twitter.com/account/settings.
12. Your rights as data subjects
If you process personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access
You can request information from the controller about the processing of personal data concerning you.
Right to rectification, erasure, restriction of processing and object
You have the right to have your personal data corrected and / or completed. If the legal requirements are met, you can request that the data be deleted or processing restricted and you can object to the processing.
Right to data portability
You have the right to data portability within the framework of the legal requirements.
Right to lodge a complaint with a supervisory authority
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
As of 13 December 2019. In the event of doubt, the original German version is binding.