(1) This data privacy statement explains how and what personal data we collect from you through our website and other Internet presence. Personal data means all data that can relate to you personally, such as your name, address, e-mail account(s), user behaviour.
(2) The party responsible in accordance with Article 4 Clause 7 of the EU General Data Protection Regulation (GDPR) is ODU GmbH & Co. KG, Pregelstrasse 11, 84453 Mühldorf, Phone: +49/8631/6156-0, Fax: +49/8631/6156-49 (please refer to our imprint details). You can contact our Data Protection Officer under firstname.lastname@example.org or at our postal address by adding, “Attention of the Data Protection Officer”.
(3) Whenever you contact us by e-mail or through a contact form, we save the data provided by you (your e-mail account, possibly your name and phone number) to be able to deliver answers to your questions. We delete the data collected in this context after its storage is no longer necessary, or we limit its procession where it is subject to legal obligations to retain data.
(4) If we involve contracted third party providers to support individual functions of our offer or should we want to use your data for advertisement, the relevant applicable procedures are described in detail below. Below, we also describe the established criteria for the duration of data storage period.
(5) The data processed by us are deleted or their procession is limited in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this data privacy statement, the data stored by us is deleted as soon as it is no longer required for its intended purpose and no legal obligations to retain data prevent its deletion. Limitations are imposed on procession of the data which has not been not deleted because it is required for other legally allowed purposes. In other words, such data is blocked and not accessible for procession for any other purpose. This rule applies for example to the data which has to be retained for reasons associated with commercial or tax law.
(1) You have the following rights in respect to us regarding the personal data relating to you: You have the right to obtain information about your personal data processed by us. We hope for your understanding because in case of an inquiry submitted to us other than in writing we will most probably request proof from you in such a situation in order to confirm that you are actually the person you claim to be. You also have the right to adjust or to delete or to limit procession of your data to an extent legally allowed. Moreover, you have the right to object against procession of your data to an extent permitted by law. The same can be said about the right to “data transmissibility”.
(2) Furthermore, you have the right to apply to a competent data protection supervisory authority with complaints concerning how your personal data is processed by us.
Under Article 29 of the PIPA, a data controller is required to undertake “technical, managerial, and phyhsical measures necessary to ensure safety as prescribed by presidential decree so that the personal information may not be lost, stolen, divulged, forged, altered or damaged.” Articles 30 and 48-2 of the Enforcement Decree of the same act further stipulate the specific required measures, which include: (1) establishing and implementing an internal management plan; (2) Management of Access Authority, and implementation of access control measures; (3) encryption of personal information (or a measure to the same effect as encryption); (4) retention of log-in records to be able to respond to data breach incidents and to take measures to prevent the forgery / falcification thereof; (5) installation and periodic updates of security programs (i.e. firewall), and (6) physical restrictions on access to Company’s sites, offices and data rooms.
(1) Administrative Measures:
Establish and implement an internal management plan;
Commitment of employees to confidentiality and data protection
Regular trainings of the staff in data protection affairs
(2) Technical Measures:
Manage access authorization and implement access control measures;
Authentification via password; password requirements are governed by the password policy. Blocking after three logon attempts.
Installation and regular updating of security programs (e.g. firewall)
Parent company location: Server and client systems are secured by firewall; malware or critical attachments in emails are automatically removed; implementation of 2-factor authentication
Encryption of personal data
Mobile devices (notebooks) are encrypted and can only access internal resources via VPN. In addition, hard disk encryption is in use.
(3) Physical restrictions on access to the company's sites, offices and data rooms
Parent company location: Server rooms incl. PBX are only accessible to IT employees. Access is by entering a code and scanning the employee ID card;
ODU Korea site: access to office by means of numerical code, accessible only to selected employees.
(1) Where our website is accessed purely to gain information, i.e. where you do not register or provide us information in any other way, we only collect the personal data provided by your browser to our server. Where you want to view our website, we collect the following data necessary for technical purposes to be able to demonstrate our website to you and to ensure adequate access stability and security (the legal framework is Article 6 Paragraph 1 Section (1) Letter (f) of the GDPR):
This data is retained for security reasons (e.g. for investigation of misuses or prevention of fraud) for maximum seven days and deleted upon expiry thereof. The data which has to be retained for a longer period as evidence will only be deleted after the relevant incident is finally clarified.
(2) Additionally to the data listed in the foregoing, your computer will save our cookies when you access our website. Cookies are small text files which are stored on your hard drive as files assigned to your browser and through which certain information is provided to the cookie sender (in this case to us). Cookies are not able to execute any programmes or to infect your computer with any virus. Their purpose is to make your work in the internet generally more user-friendly and effective.
a) This website uses the following cookie types whose scope and functions are explained in more detail below:
b) Transient cookies are deleted automatically when you close your browser. They include in particular session cookies. They store information about the so-called session ID with which diverse enquiries of your browser are assigned within the entire session. They enable us to recognise your computer as that of our former visitor when you return to our website. The session cookies are deleted when you log out or close your browser.
c) Persistent cookies are deleted automatically after a pre-set period of time which can differ from cookie to cookie. You can delete the cookies at any time using the security settings of your browser.
d) You can configure your browser settings at your discretion and in particular decline acceptance of third party cookies or of all cookies. We point out, however, that in such case you will not be able most probably to make use of some of the functions at this website.
(1) Next to the possibility to use our website purely for information purposes, we offer diverse services which you can use if they are of interest for you. As a rule, to be able to use them you would be requested to provide your more detailed personal data which we use for the provision of the concerned service and which are covered by the data procession principles described in the foregoing.
(2) We use the services of external service providers to process some of your data. We select and engage our service providers with thoroughness and care; they are bound by our instructions and monitored on regular basis.
(3) Where our service providers or partners are located in a state outside the European Economic Area (EEA), we inform you about the consequences of this situation in the description of our offer.
(1) You can withdraw your agreement earlier granted us for procession of your personal data at any time. Such withdrawal of your agreement will affect the accessibility of your personal data for procession as soon as you make it known to us.
(2) To the extent we process your personal data to support our legitimate interests, you can file an objection against such procession. That is the case in particular where procession of the concerned data is not necessary for the purpose of executing our agreement with you, which fact we point out in the description of the concerned function below. If you file an objection with us, please kindly provide reasons why we should not process your personal data the way we are processing them currently. If your objection is found to be substantiated, we will investigate the matter and either suspend procession of your data and make appropriate adjustments or disclose to you our overriding reasons to continue procession of the concerned data where protection is necessary.
(1) This website uses Google Analytics, a web analytics tool by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files stored in your computer which enable us to analyse how you use our website. The information automatically collected by cookies concerning your use of this website is typically transmitted to and stored on a Google server in the United States. If IP anonymization is enabled on this website, Google will mask some parts of your IP address and shorten it within the EU member states or within other states - parties to the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the United States and shortened there solely in exceptional circumstances. Upon instruction from the operator of this website, Google will use this information to analyse use of the website by you, to compile reports about your website activity and to provide the website operator other services concerning use of the website and of the Internet.
(2) Google will not associate the IP address transmitted from your browser through Google Analytics with any other data held by Google.
(3) You can also disable acceptance of cookies by your computer by configuring your browser settings accordingly; please note, however, that in such case you most probably will not be able to make use of some of the functions at this website. Additionally you can prevent registration and transmission to Google as well as procession by Google of the data generated by cookies in respect of your use of this website (including your IP address) by downloading and installing the browser plugin available through this link: tools.google.com/dlpage/gaoptout.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. That ensures further procession of shortened IP addresses, thus disabling their direct referencing to persons. To the extent the data collected about you can be directly referenced to you, such referencing is immediately ruled out and the personal data is deleted at once.
(5) We use Google Analytics to analyse use of our website and to be able to improve our website on regular basis. The collected statistics helps us improve our offer and position ourselves in a more interesting way for you as our user. By using Google Analytics, personal data may also be transferred to the USA, which ist o be understood as an unsafe third country according to the data protection regulations of the European Union. Legal basis for the use of Google Analytics is your consent in our cookie banner according to Art. Paragraph 6 1 p. 1 lit. a DS-GVO i. F. m. Art. Article 49, paragraph. 1 sentence 1 lit. a DSGVO. You can revoke this at any time by changing the "Cookie settings" item at the bottom of the homepage.
(6) Information on the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Utilisation terms and conditions: www.google.com/analytics/terms/de.html, Data Privacy Synopsis: www.google.com/intl/de/analytics/learn/privacy.html and the data privacy statement: www.google.de/intl/de/policies/privacy.
(1) We maintain our on-line presence in social networks such as Xing, LinkedIn, YouTube, Instagram and Facebook to be able to communicate with customers, interested parties and users who are active there and to inform them about our services there. We point out that when you access the relevant network the applicable terms of business and the data privacy policies are those of the network operator.
(2) Unless our data privacy statement for our Internet presence explicitly says otherwise, we process user data, provided they communicate with us in social networks and on on-line platforms, for example, if they contribute to our on-line presence or send us their news.
Version until 19/05/2021: See here.
Changes: Removal of the wiredminds count, as this is no longer used for ODU Korea.
Additions of the TOMs.