Responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
ondeso GmbH
Osterhofener Str. 16, 93055 Regensburg
Germany
Link to the imprint: https://www.ondeso.com/impressum/
You can reach our data protection officer at
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Germany
E-mail: kontakt@buglundkollegen.de
As a data subject, you have the following rights under the EU General Data Protection Regulation (GDPR):
You have the right to request information about what personal data is stored about you, for what purpose it is processed, from whom it was received or to whom it is disclosed, and how long it will be stored.
You can request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
Under certain circumstances, you may request the erasure of your personal data, e.g. if it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.
You have the right to request the restriction of the processing of your personal data, for example if you dispute the accuracy of the data or if the processing is unlawful but you request restriction instead of erasure.
You can request that the personal data concerning you that you have provided to us be transmitted to you in a structured, commonly used and machine-readable format – or that we transfer this data directly to another controller.
You have the right to object to the processing of your personal data at any time, provided that the processing is based on the legitimate interests of our company or on a task that is in the public interest. In the event of a justified objection, we will cease processing unless there are compelling legitimate grounds for the processing.
If you have given us your consent, you can withdraw it at any time for the future without giving reasons.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
The hosting services we use (services for operating and providing the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offering.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
You can contact us by email, telephone, contact form, or letter, which may involve the processing of personal data. We process your data for the purpose of handling and processing your request. We will not disclose your data to third parties without your consent.
The legal basis for processing is our legitimate interest in the effective processing of your request in accordance with Art. 6 (1) lit. f GDPR.
When you contact us by email, we store your email address and the information contained in the email. If you use the contact form, your IP address will also be pseudonymized in addition to the information provided in the contact form. If you contact us by letter, your sender address and the content of the letter will be stored. If you contact us by telephone, we will collect personal data depending on the individual case.
We store your data until you request us to delete it or until the purpose of processing (the processing of your request) has been fulfilled.
When you apply for a job with us, your personal data will be processed. The legal basis for processing is Art. 6 (1) (b) GDPR in connection with the implementation of pre-contractual measures. If your data is required after the application process has been completed in order to defend against legal claims, processing will be carried out on the basis of our legitimate interest in a duty of proof in accordance with Art. 6 (1) lit. f GDPR, for example in connection with the Equal Treatment Act.
We process the data that you have provided to us in your application and that we need to assess your suitability for the position in question.
The purposes of the processing are to manage your application, assess your suitability for the vacant position, and contact you in connection with your application or possible alternative positions.
We delete your data after six months. If you have agreed to be included in the applicant pool, we will delete it after two years. If your application leads to employment, we will store your data for the duration of your employment with us.
When you use our website purely for information purposes, we only store your personal data for the duration of your visit. After you leave the website, this data is automatically deleted.
In the case of active use, e.g. for contacting us, we initially store your personal data for the duration of processing your request. In addition, we store the data for as long as this is necessary to safeguard or enforce possible legal claims. The regular limitation period is 12 to 36 months, but can be up to 30 years in individual cases.
After expiry of the limitation period, your data will be deleted unless there is a legal obligation to retain it. Such obligations arise in particular from the German Commercial Code (§§ 238, 257 para. 4 HGB) or the German Fiscal Code (§ 147 para. 3, 4 AO) and are generally between two and ten years.
As part of our business activities, we work together with various external bodies. Personal data is only passed on to these recipients if this is necessary to fulfill contractual obligations, if we are legally obliged to do so (e.g. to tax authorities), if there is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, if you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR or if another legal basis permits the transfer of data.
If we use service providers as processors, the transfer of personal data takes place exclusively on the basis of a valid contract for order processing. In the case of joint controllership, a joint processing agreement is concluded in accordance with Art. 26 GDPR.
You will receive more detailed information on the recipients used in the course of this privacy policy or you can contact us using the contact details provided above.
Personal data is only transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if this is necessary or permitted by law, if you have given us your express consent or as part of order processing.
If service providers are used in a third country, we oblige them to comply with the level of data protection applicable in the EU by means of suitable guarantees – usually the EU standard contractual clauses. If the European Commission has issued an adequacy decision, we base the data transfer on this. You can obtain further information on this via the contact options listed above.
We may process the personal data of our customers, interested parties, suppliers, vendors and partners for communication, planning, implementation of the contractual relationship, marketing, administration and security purposes.
The legal basis for the processing of the data provided is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and the fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.
As part of the business relationship, we process contact information, billing information and payment data, other necessary information in a project or contractual relationship or information that is voluntarily provided to us.
We use the ScoreApp platform to create and manage interactive content, particularly quizzes and scorecards, in order to provide personalized results and enhance the user experience.
Processing of Personal Data
When using ScoreApp, users’ personal data is processed. This may include, among other things, the following categories of data:
– Name and contact information
– Answers to quiz questions and interactions with the platform
– IP address and technical usage data
Purpose and Legal Basis of Processing
The processing of personal data is based on:
– Art. 6(1)(f) GDPR (legitimate interest): We have a legitimate interest in using ScoreApp to analyze and optimize our interactive content and to improve the user experience.
Data Disclosure and Data Processing
ScoreApp processes personal data on our behalf as a so-called data processor in accordance with Art. 28 GDPR. In doing so, ScoreApp ensures that the processing is carried out in accordance with the General Data Protection Regulation (GDPR).
For more information on data processing by ScoreApp, please refer to their privacy policy: https://www.scoreapp.com/privacy-policy/
If you provided us with your email address when purchasing goods or services (including the OT Maturity Check), we reserve the right to send you regular email offers for similar products or services from our range. Separate consent from you is not required for this pursuant to Section 7(3) of the German Unfair Competition Act (UWG).
Email advertising without express consent is permitted under the following conditions:
– Your email address was collected in connection with the purchase of a product or service.
– We use this address exclusively for direct marketing of our own, comparable products or services.
– You have not objected to the use of your data for this purpose.
– You were informed at the time your email address was collected, as well as upon any subsequent use, that you may object to its use for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates.
The processing of your data is based on our legitimate interest in personalized direct marketing pursuant to Art. 6(1)(f) GDPR. If you have already objected to the use of your email address for this purpose, we will not send you any promotional emails. You may revoke your consent at any time with future effect by sending us a corresponding notification. You will only incur transmission costs in accordance with standard rates. Upon receipt of your revocation, your email address will be immediately blocked for advertising purposes. However, the processing carried out up to the time of revocation remains lawful.
We use the ‘Borlabs Cookie’ service on our website to manage cookie consent preferences of our visitors. The provider is Borlabs GmbH Rübenkamp 32 22305 Hamburg, Deutschland. Borlabs Cookie is hosted on our own servers so that no data is passed on to third parties.
The legal basis for the use of Borlabs Cookie is the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
The data processed by Borlabs Cookie includes your consent preferences, consent status, and cookie settings, and the service sets cookies in your browser to store these preferences.
The purpose of data processing is to manage user consent for cookies and store user preferences regarding cookie usage.
We use the ‘Google Analytics’ service on our website to evaluate user behavior. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Google Analytics includes your IP address, browser and device information, location data, time of visit, information on website interaction, and it sets cookies.
If you are logged into a Google account, this data can be linked to a user profile.
The purpose of data processing is the statistical analysis of website usage and user interactions to optimize website performance and user experience.
The default data retention period for Google Analytics is 14 months.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
Further information on the privacy policy of Google Analytics can be found at: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008,3544742,2986333,&sjid=1881441919987619365-EU
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://tools.google.com/dlpage/gaoptout
We use the ‘Google Analytics’ service on our website to evaluate user behavior. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Google Universal Analytics is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Google Analytics includes your IP address, browser and device information, location data, time of visit, information on website interaction, and it sets cookies.
If you are logged into a Google account, this data can be linked to a user profile.
The purpose of data processing is the statistical analysis of website usage and user interactions to optimize website performance and user experience.
The default data retention period for Google Analytics is 2 months.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
Further information on the privacy policy of Google Universal Analytics can be found at: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008,3544742,2986333,&sjid=1881441919987619365-EU
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://tools.google.com/dlpage/gaoptout
We use the ‘Google Fonts’ service on our website to integrate external fonts for improved visual presentation. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Google Fonts is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Google Fonts includes your IP address, browser and device information, and the time of the request.
The purpose of data processing is the optimized and uniform presentation of fonts on the website.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
Further information on the privacy policy of Google Fonts can be found at: https://policies.google.com/privacy
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://policies.google.com/privacy#infochoices
We use the ‘Google reCAPTCHA’ service on our website to protect against spam and automated abuse. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of reCAPTCHA is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Google reCAPTCHA includes your IP address, browser information, operating system, cookies set by Google, and user interactions necessary to distinguish humans from bots.
The purpose of data processing is to verify user interactions and protect the website from spam and abuse.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
We use the ‘Google Tag Manager’ service on our website to manage website tags efficiently. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Google Tag Manager is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Google Tag Manager includes your IP address, browser and device information, and information on website interaction; Google Tag Manager itself does not set cookies but may trigger other services that do.
The purpose of data processing is the simplified integration and management of website tags and tracking codes to analyze user interactions.
Further information on the privacy policy of Google Tag Manager can be found at: https://policies.google.com/privacy
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://tools.google.com/dlpage/gaoptout
We use Youtube NoCookie (also known as Youtube in privacy-enhanced mode) on our website to embed videos without using cookies that track user behavior. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Youtube NoCookie is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
The data processed by Youtube NoCookie includes your IP address, device information and information on video interaction. It stores data in the browser’s web storage.
The purpose of data processing is the integration of videos while minimizing the use of cookies and enhancing user privacy.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
Further information on the privacy policy of Youtube NoCookie can be found at: https://policies.google.com/privacy#infocollect
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://policies.google.com/privacy#infochoices
We use the video service “Youtube” on our website. The provider of the service is the company Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
The legal basis for the use of Youtube is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
Google collects and processes your IP address, browser and operating system information, and location data. Actions such as watching videos or creating playlists are also processed. Cookies are also set during this process. YouTube integrates other Google services, such as Google Fonts, Google Photos, and Google Ads (formerly Doubleclick).
If you are logged into a Google account, this data can be linked to a user profile. Your user behavior is recorded and analyzed for advertising purposes.
The purpose of data processing is to provide video content and integrate it on our website.
According to Google’s privacy policy, the retention period for data processed by YouTube varies depending on the type of data and user settings. By default, activity data (such as watched videos, search history, etc.) is automatically deleted after 36 months (3 years) for new accounts or users who have not previously set a retention period. Users can manually adjust this retention period to 3 months, 18 months, or choose to retain data indefinitely. Detailed information can be found at: https://policies.google.com/privacy#inforetaining
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
Further information on the privacy policy of Youtube can be found at: https://policies.google.com/privacy
Information about the cookies used can be found at: https://policies.google.com/technologies/cookies
You can prevent the processing of your data by clicking on this link: https://myaccount.google.com/data-and-privacy
We use the web analysis software Matomo on our website. Matomo is hosted on our own servers so that no data is passed on to third parties.
The legal basis for the use of Matomo is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to analyze and optimize our website by understanding user behavior and improving user experience.
The data processed by Matomo includes your IP address (anonymized), location and time of visit, device information, browser details and information on website interaction.
The purpose of data processing is the statistical analysis of user behavior and the creation of anonymous user profiles.
Matomo’s default data retention period is 24 months (2 years). You can find this information in Matomo’s official documentation at: https://matomo.org/faq/general/faq_34856/
We use the Leadinfo web service. Leadinfo is a service provided by LeadInfo B.V., Crooswijksesingel 50, 3034 CJ Rotterdam, Netherlands, which identifies anonymous website visitors and provides complete contact details and insights into their browsing history.
Leadinfo uses cookies and other browser technologies to analyze user behavior and recognize users. Among other things, Leadinfo shows us which companies have visited our website, tracks the course of your visit—including all pages you visited and viewed—and the length of your stay on this website.
Leadinfo collects and processes data about companies, such as company name, phone number, address, website address, industry, company profile, revenue, and key personnel on LinkedIn.
We process your data using Leadinfo for the purpose of optimizing our website and for marketing purposes based on our legitimate interest pursuant to Art. 6(1)(f) of the GDPR.
We have no influence over the specific retention period of the processed data; this is determined by LeadInfo B.V. For further information, please refer to the Leadinfo Privacy Policy: https://www.leadinfo.com/de/datenschutz/.
We maintain online profiles on the following social networks (hereinafter referred to as “social media”) in order to communicate with customers, interested parties, and the public and to draw attention to our services:
For information on the scope and purpose of data processing, please refer to the applicable privacy policies of the respective networks:
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR, as we have a legitimate interest in contemporary public relations work. If consent is required, processing is carried out on the basis of Art. 6 (1) lit. a GDPR.
If you provide additional data (e.g., personal messages) to the services, your consent is generally required. Please note that we have no influence on data processing by social media providers. If you have any questions or wish to exercise your rights as a data subject (e.g., information, deletion), please contact the respective platform operator directly.
You can subscribe to or unsubscribe from our social media profiles at any time. If you do not want social media service providers to collect data about your visit to our profiles, please use the deactivation options (e.g., log out, advertising tracker blocking) in your user account or install appropriate browser add-ons.
Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.
Here you can learn more about our company and our expertise as a pioneer and market leader.
Where does your company stand today
and where is room to grow? 
Our OT Maturity Check provides you
with a well-founded assessment.
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from reCAPTCHA. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information
