Privacy Policy

1. Privacy at a Glance

General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy outlined below.

Data Collection on this Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the section "Notice Regarding the Responsible Party" in this privacy policy.

How do we collect your data?
Your data is collected in two ways:

You provide it to us. For example, this may include data that you enter into a contact form.
Other data is automatically collected by our IT systems when you visit the website, either automatically or with your consent. This primarily includes technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure the website is provided error-free. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Additionally, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the relevant supervisory authority.

For these or any other questions regarding data protection, you can contact us at any time.

Analytics and Third-Party Tools
When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done using analysis programs.

For detailed information about these analysis programs, please refer to the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following providers:

Webflow
The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as "Webflow"). When you visit our website, Webflow collects various log files, including your IP address.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for displaying the site, providing certain website functions, and ensuring security (essential cookies).

For details, please refer to Webflow’s privacy policy: https://webflow.com/legal/eu-privacy-policy.

The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable presentation of our website. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, as far as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) as per TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://webflow.com/legal/eu-privacy-policy.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to these standards. For more information, visit the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TT9jAAG&status=Active.

Cloudflare
We use the service “Cloudflare.” The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").

Cloudflare offers a globally distributed Content Delivery Network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. This allows Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our online offerings as error-free and securely as possible (Art. 6(1)(f) GDPR).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/.

Further information on security and privacy at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

‍

3. General Information and Mandatory Notices

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data will be collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission on the internet (e.g., communication via email) can have security gaps. Complete protection of data against access by third parties is not possible.

Information About the Responsible Party

The responsible party for data processing on this website is:

OS-Webdev
Oliver Sienel
Hauptstraße 50
2020 Magersdorf

Phone: +436804406248
Email: info@oswebdev.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special data categories under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is additionally based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time.

If your data is required for the fulfillment of a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest under Art. 6(1)(f) GDPR. Specific legal bases are explained in this privacy policy as needed.

Data Transfers to Unsafe Third Countries and US Companies Without DPF Certification

We use tools from companies based in countries that are not considered secure under EU data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there.

We point out that countries considered insecure under EU law may not provide a level of data protection comparable to the EU. Data transfers to the USA are permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or provides suitable additional guarantees. Details about transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of Personal Data

In our business operations, we work with various external entities. The transfer of personal data to these entities is sometimes necessary. We only share personal data if this is required to fulfill a contract, if we are legally obliged to do so (e.g., sharing data with tax authorities), if we have a legitimate interest in sharing data (Art. 6(1)(f) GDPR), or if another legal basis allows for the transfer of data.

When using data processors, we only share personal data with valid contracts for data processing. If joint processing is required, we enter into a joint processing agreement.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent at any time. The legality of data processing carried out before the revocation remains unaffected.

Right to Object Under Art. 21 GDPR

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The relevant legal basis for data processing can be found in this privacy policy.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such purposes at any time. This includes profiling, as far as it is related to direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Complaint Rights With the Competent Supervisory Authority

In the event of violations of the GDPR, affected persons have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the location of the alleged violation. This right exists irrespective of other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. If you request the direct transfer of data to another controller, this will only be done if technically feasible.

Access, Rectification, and Deletion

You have the right to obtain information free of charge at any time about your stored personal data, its origin, recipients, and the purpose of processing, as well as a right to rectify or delete this data as per applicable laws. For further questions on personal data, feel free to contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of processing your personal data. This right applies in the following cases:

You contest the accuracy of the data, and verification is required.
The processing is unlawful, and you oppose deletion but request restriction instead.
We no longer need the data, but you require it to assert, exercise, or defend legal claims.
You have objected under Art. 21(1) GDPR, and the balancing of interests is pending.

In these cases, your data will only be processed with your consent or for legal purposes.

SSL or TLS Encryption

For security reasons and to protect confidential content, such as orders or inquiries you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix in the browser's address bar and the lock symbol.

With SSL or TLS encryption enabled, the data you transmit to us cannot be read by third parties.

Objection to Advertising Emails

The use of contact data published under legal notice obligations for sending unsolicited advertising and informational materials is prohibited. The site operators reserve the right to take legal action in the event of unsolicited promotional materials, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called "cookies." Cookies are small data packets that do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them or until your web browser automatically deletes them.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies necessary for the electronic communication process, the provision of certain functions requested by you (e.g., the shopping cart function), or the optimization of the website (e.g., cookies for measuring web audiences) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of their services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively based on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, as well as enable the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Contact Form

If you send us inquiries via the contact form, the information you provide in the form, including the contact details you specify, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, provided your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.

The data you provide in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after the inquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or carry out independent analyses. It is used solely for the management and deployment of tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on the website. If consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Certified companies commit to upholding these standards. Further details are available at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Analytics

This website uses features of the web analytics service Google Analytics, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze visitor behavior. It provides usage data such as page views, session duration, operating systems used, and user origin. This data is attributed to the respective user’s device and is not associated with a user ID.

Additionally, Google Analytics can record mouse and scroll movements as well as clicks. It also uses modeling techniques to supplement collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that allow the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is typically transmitted to and stored on a Google server in the USA.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Data transfers to the USA are safeguarded by the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). Further details can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

IP Anonymization

IP anonymization is activated for Google Analytics. This means that Google shortens your IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area before transmitting it to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide additional services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, see Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.

6. Newsletter

Newsletter Data

To subscribe to the newsletter offered on our website, we require your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No additional data is collected unless provided voluntarily. We use third-party newsletter service providers, described below, to manage our newsletters.

MailerLite

Our website also uses MailerLite for newsletter distribution. MailerLite is provided by MailerLite Limited, “MailerLite,” 38 Mount Street Upper, Dublin 2, D02PR89, Ireland.

Newsletter Analytics via MailerLite
MailerLite allows us to analyze our newsletter campaigns. For instance, we can determine whether a newsletter email was opened and which links were clicked. Additionally, actions taken after opening or clicking on a newsletter (e.g., purchases) can be tracked to measure conversion rates. MailerLite also enables segmentation of newsletter recipients into categories (e.g., age, gender, location) to tailor newsletters to specific target audiences.

For detailed information on MailerLite features, visit: https://www.mailerlite.com/features.

If you do not want your data to be analyzed by MailerLite, you can unsubscribe from the newsletter via the link provided in every email.

Legal Basis: Data processing is based on your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time.
Storage Duration: Data provided for newsletter subscription will remain in our distribution list until unsubscribed. Upon unsubscription, the data will either be deleted or blacklisted to prevent future mailings, as necessary.

Blacklist Storage
Similar to Mailchimp, email addresses may be stored in a blacklist to prevent future mailings after unsubscription, which serves both compliance and user protection interests (Art. 6(1)(f) GDPR). You may object to this storage if your interests outweigh ours.

For more information, see MailerLite’s privacy policy: https://www.mailerlite.com/legal/privacy-policy.

7. Plugins und Tools

YouTube

This website integrates videos from YouTube, which is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on our website with embedded YouTube videos, a connection is established with YouTube’s servers, which informs YouTube about the pages you’ve visited. Additionally, YouTube may store cookies or use similar technologies to recognize you (e.g., device fingerprinting). This allows YouTube to gather information about visitors to this website, which is used to collect video statistics, enhance user-friendliness, and prevent fraudulent activities.

If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube serves the purpose of presenting our online offers attractively. This constitutes a legitimate interest according to Art. 6(1)(f) GDPR. If consent is requested, the processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG, where consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in accordance with TTDSG. Consent can be withdrawn at any time.

For more information on how user data is handled, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

Google is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure that European data protection standards are adhered to in data processing within the USA. All companies certified under the DPF are committed to complying with these standards. For more details, visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Fonts (Local Hosting)

This website uses Google Fonts for consistent font display. The fonts are locally hosted, meaning no connection is made to Google servers.

For more information about Google Fonts, visit: https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google Maps

This website uses the map service Google Maps, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps allows us to embed map material on our website.

To use Google Maps' features, it is necessary to store your IP address. This information is typically transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts to ensure the uniform presentation of fonts. When Google Maps is called, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps serves the purpose of presenting our online offers attractively and making it easy to find the locations listed on our website. This constitutes a legitimate interest according to Art. 6(1)(f) GDPR. If consent is requested, the processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG, where consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in accordance with TTDSG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. For more details, visit:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

For more information about how Google handles user data, refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google is certified under the "EU-US Data Privacy Framework" (DPF). For more information, visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

8. Own Services

Scope and Purpose of Data Collection

When you send us an application, we process the personal data associated with it (e.g., contact and communication data, application documents, notes from interviews, etc.), as far as necessary for the decision on establishing an employment relationship. The legal basis for this is:

§ 26 BDSG (German Data Protection Act) – initiation of an employment relationship
Art. 6 Para. 1 lit. b GDPR – general pre-contractual arrangements
Art. 6 Para. 1 lit. a GDPR – if you have given consent (which can be withdrawn at any time)

Your personal data will only be shared within our company with persons involved in processing your application.

If your application is successful, the data you provided will be stored in our data processing systems based on § 26 BDSG and Art. 6 Para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

Data Retention Period

If we cannot offer you a position, if you decline an offer, or if you withdraw your application, we reserve the right to retain the data you provided based on our legitimate interests (Art. 6 Para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). After this period, the data will be deleted, and physical application documents will be destroyed. The retention is mainly for proof purposes in case of a legal dispute.

If it is clear that the data will be required after the 6-month period (e.g., due to an impending or ongoing legal dispute), deletion will only take place when the reason for further retention has ceased.

Longer retention may also occur if you have given specific consent (Art. 6 Para. 1 lit. a GDPR) or if legal retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we do not offer you a position, there may be the possibility to include you in our applicant pool. In the case of inclusion, all documents and details from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool is done solely based on your explicit consent (Art. 6 Para. 1 lit. a GDPR). Providing this consent is voluntary and has no impact on the ongoing application process. You may withdraw your consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided no legal retention obligations exist.

The data from the applicant pool will be irrevocably deleted no later than two years after the consent was given.

‍