Privacy statement

Otark GmbH, based in Frankfurt am Main (hereinafter “Otark”), attaches great importance to the protection of personal data. This privacy policy applies to any interaction between visitors to the Otark and Otark websites. This privacy policy applies to all Otark websites, services and platforms, including all sub-pages and subdomains. We strictly comply with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). By using websites - interaction options with Otark (using our information, our services, applications or platforms), you agree to this privacy policy.

Responsibility and responsible body

Otark GmbH

Legal representative:

Jan Quecke

Address and registered office:

Otark GmbH
Bockenheimer Landstraße 2-4,
60306 Frankfurt/Main
Germany
Phone: 069/950 640 100
Fax: 069/ 950 640 199

Data Protection Officer:

heyData GmbH
Martin Bastius
E-Mail datenschutz@heydata.eu
Telefon +498941325320

Competent data protection authority

Rights of data subjects and contact
You have the right to obtain information about the personal data processed by us, to have incorrect data corrected, to request the deletion or restriction of the processing of your data and to object to data processing. You also have the right to data portability in accordance with Article 20 GDPR.

If you believe that we are not processing your personal data lawfully, you have the right to complain to a supervisory authority. The data protection supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1
65189 Wiesbaden
Telephone: +49 611 1408 - 0
Fax: +49 611 1408 - 611

email: poststelle@datenschutz.hessen.de
Web page: www.datenschutz.hessen.de

Data processing

(Storage and deletion)

Outside of a contract concluded with Otark for services to use the Otark marketplace platform, Otark only collects and processes personal data if you provide it to us voluntarily. Visitors can find information on the processing of personal data when visiting our website under the section “Collection of personal data when visiting our website.” Your personal data will only be processed on the basis of your express consent in excess of the statutory permission.

Legal bases and purposes of data processing

1. Consent (Art. 6 para. 1 lit. a GDPR):

Consent to the processing of personal data is always given for a specific purpose. Examples include:

Contacting us: When you provide us with your contact details to receive information or offers from us.

Newsletter delivery: Your email address and optional further information will only be used to send you our newsletter.

You can withdraw your consent at any time with effect for the future by sending us an email to privacy@otark.io.

2. Fulfilment of (pre-) contractual obligations (Art. 6 para. 1 lit. b GDPR):

Personal data is processed to fulfill our contractual obligations to you. Examples include:

Contract execution: Processing customer data in order to be able to properly provide our services within the framework of the Otark platform, including the Service Agreement, the General Contractual Terms and Conditions (AVB) and associated annexes.

Processing of inquiries: Processing of data that you submit to us as part of an enquiry in order to provide you with an offer or to provide pre-contractual advice.

3. Due to legal obligations (Art. 6 para. 1 lit. c GDPR):

As a company, Otark is subject to various legal obligations, in particular commercial and tax law requirements. Examples include:

Reporting obligations: Processing and storage of data to fulfill legal reporting and storage obligations.

Accounting: Storage of billing data to comply with legal accounting obligations.

4. Legitimate interest (Art. 6 para. 1 lit. f GDPR):

Personal data may be processed to protect Otark's legitimate interests. Examples include:

Business operations: Maintaining and optimizing our business operations, e.g. by analyzing the use of our website to improve our services.

Direct marketing: Using your email address, which we have received in connection with the sale of a service, for direct advertising for similar services, unless you have objected to this use.

Categories of data

The categories of data listed below are collected and processed for the purposes mentioned above (in particular for contract execution). The collection is preceded by the transfer of the data to us by you.

Application details to complete the application process.

Customer/interested party data, employee data and supplier data common in business transactions for contract execution and pre-contractual interaction.

Data required to use the video conferencing software or webinar software (in particular Zoom) to conduct video conferences or webinars.

Recipient categories

We only transfer personal data to the extent necessary for the respective processing purposes. The following categories of recipients may receive personal data:

1. Public authorities where there is overriding legislation:

Authorities: Tax offices, supervisory authorities and other public bodies, provided that there is a legal obligation to submit.

2. External service providers or other contractors:

IT service providers: Service providers who support us in maintaining, operating and securing our IT systems, e.g. for hosting our platform or for carrying out backups.

Cloud hosting providers: Cloud service providers that provide us with storage space, computing power, and other IT infrastructure services, such as Microsoft Azure.

Payment service providers: Companies that process payments for us, e.g. banks, credit card companies, PayPal.

Communications service providers: Providers of communication services, e.g. email service providers or providers of video and web conferencing solutions such as Google Meet, Zoom, etc.

Marketing service providers: Agencies and platforms that help us carry out marketing measures, e.g. sending newsletters or carrying out online advertising.

3. Other external bodies:

Consulting and audit firms: tax advisors, auditors, lawyers who provide us with legal, tax or business advice and audit.

4. Third country transfers:

As part of contract execution, contract processors outside the European Union may also be used, e.g. through the use of IT and cloud services based in the USA. In such cases, we ensure that the requirements of Art. 44 ff. GDPR are met, in particular by concluding EU standard contractual clauses to ensure an appropriate level of data protection.

Data security

We attach great importance to protecting your personal data and have implemented extensive technical and organizational measures (TOMs) to ensure an adequate level of protection in accordance with Article 32 GDPR. These measures include:

1. Encryption technologies:

Transport encryption: All data transfers between your browser and our servers are secured by current encryption technologies such as TLS (Transport Layer Security) to prevent eavesdropping or manipulation by unauthorized third parties.

Storage encryption: Sensitive data, such as passwords or payment information, is encrypted when stored on our servers to prevent unauthorized access.

2. Access control systems:

Physical access controls: Our IT infrastructure is located in secured data centers with strict physical security measures, including biometric access controls and video surveillance to prevent unauthorized access.

Access controls: Access to personal data is limited to authorized employees who need access to this data to perform their duties. Access is controlled through an authorization concept and regular reviews of access rights.

3. Data minimization and separation:

Data minimization: We only process the personal data required for the respective processing purposes and use pseudonymization measures where possible.

Data separation: Personal data is stored separately from other data to ensure that it is only processed by authorized processes and applications.

4. Data backup and backups:

Regular backups: We regularly back up our data assets and store them at secure locations to ensure quick recovery in the event of data loss.

Emergency management: Our emergency plans ensure that, in the event of a system failure, we can respond quickly to restore data availability and maintain business operations.

5. Logging and monitoring:

Monitoring measures: Our systems are continuously monitored in order to identify unusual activities or potential security incidents at an early stage and to be able to take appropriate measures.

Logging: All access to personal data is logged and regularly checked to ensure compliance with security requirements.

6. Data protection through technology design and privacy-friendly default settings (Art. 25 GDPR):

Software development: When designing and developing our software solutions, we attach great importance to data protection by implementing principles such as “Privacy by Design” and “Privacy by Default.”

Privacy-friendly default settings: Our platforms and applications are configured by default in such a way that only the minimum necessary personal data is collected and processed.

These measures ensure the confidentiality, integrity, and availability of your personal information. Our security measures are regularly reviewed and adapted to the latest state of the art.

Duration of data storage

We only store personal data for as long as is necessary for the respective purposes or as required by law. The storage periods differ depending on the type of data and the purpose of processing:

1. Customer data:

Contract data: Data collected as part of a contractual relationship with you (e.g. name, contact details, billing data) is stored for the duration of the contract and also for a period of 10 years after the end of the contract in order to comply with our commercial and tax storage obligations.

Inquiries without conclusion of a contract: Data that is collected as part of inquiries and does not result in a contract being concluded will be deleted after 6 months, unless you have agreed to storage for a longer period of time.

2. Applicant data:

Successful applications: Data from applicants who lead to an employment relationship is transferred to the personnel file and stored in accordance with legal requirements.

Unsuccessful applications: Applicant data is usually deleted 6 months after completion of the application process, unless the applicant has agreed to storage for a longer period of time (e.g. for inclusion in a talent pool).

3. Data on business partners (e.g. in the energy sector):

Contract data: Data from business partners is stored for the duration of the business relationship and also for a period of 10 years after the end of the business relationship in order to comply with our commercial and tax storage obligations.

4. Newsletter data:

Newsletter subscription: Your email address and other data provided when signing up for the newsletter will be stored until you unsubscribe from the newsletter or stop sending the newsletter.

Use for direct marketing: E-mail addresses that we have received as part of the sale of a service are used for direct advertising and stored until you object to their use.

5. Log data (e.g. access data to our website):

Website access data: Log data collected when you visit our website, such as IP address, time stamp and pages viewed, is usually stored for a period of 6 months and then deleted or anonymized, unless it is needed longer to clarify security incidents.

6. Data for legal purposes:

Litigation and compliance: Data necessary to assert, exercise or defend legal claims may be stored until the respective proceedings have been completed and furthermore until the legal limitation periods have expired.

If the purpose for data storage no longer applies and there are no legal storage obligations, the data will be deleted or irrevocably anonymized.

Collection of personal data when you visit our website

If you use our website exclusively for informational purposes, i.e. do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. This data is technically necessary to display our website to you and to ensure stability and security. This includes:

• IP address
• Date, time, and duration of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page and click paths)
• Access status/HTTP status code
• Each amount of data transferred
• Website from which the request comes
• Browser, operating system and its interface
• screen resolution
• language and version of the browser software

Cookie banners and opt-in

When you use our website for the first time, a cookie banner appears informing you that we use cookies and similar technologies. You can use the cookie banner to give your consent to various categories of cookies (e.g. functional, analytical, marketing). You have the option to accept or decline certain categories of cookies and change your settings at any time via the cookie settings area on our website.

Functional cookies: These cookies are necessary to ensure the basic functions of the website and therefore cannot be deactivated.

Analytical cookies: These cookies collect information about how our website is being used to improve its performance.

Marketing cookies: These cookies are used to show you personalized advertising based on your interests.

You can generally prevent cookies from being saved by deactivating the storage of cookies in your browser. Please note that in this case, you may not be able to use all functions of our website to their full extent.

Google Analytics and IP anonymization

We use Google Analytics, a web analysis service provided by Google Inc., to analyze website usage by visitors. Google Analytics uses cookies, which are stored on your device and enable an analysis of the use of our website.

To protect your privacy, we have activated IP anonymization in Google Analytics. This means that your IP address will be abbreviated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Your full IP address will never be stored or processed, meaning that direct personal reference is ruled out.

The information collected by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of the website, compile reports on website activity and provide us with other services related to website and Internet usage.

You can prevent the collection of data generated by cookies and related to your use of the website (including your anonymized IP address) by Google and the processing of this data by Google by downloading and installing a browser plug-in: Google Analytics Opt-Out.

Alternatively, you can prevent Google Analytics from collecting data about you on this website by clicking on this link: Google Analytics Opt-Out. With the click, an opt-out cookie is set, which prevents the future collection of your data when you visit this website. Please note that if you delete your cookies, you must set this opt-out cookie again.

Using a newsletter

When registering for our newsletter, you provide us with your email address and, optionally, other data. We use this information exclusively to send you the newsletter. We will store the data you entered when you subscribe to our newsletter until you unsubscribe from our newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending us a corresponding message (info@Otark.io). By unsubscribing, you object to future use of your email address.

We also use your e-mail address, which we receive in connection with the sale of a service, exclusively for direct advertising in the form of our newsletter for our own services similar to those you use, unless you have objected to this use. This advertising purpose represents a legitimate interest of Otark. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. Your objection (and thus the cancellation of our newsletter) can be exercised by sending a corresponding message to our e-mail address (info@Otark.io).

Use of our own “cookies” and support and analysis tools

This website uses its own “cookies” to improve usability. Cookies are data sets that are sent from the web server to the user's browser and stored there for later retrieval. Unless you have authenticated yourself accordingly, our own cookies do not store any personal data. You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Using Plausible.io

Use and purpose:

We use Plausible.io, a privacy-friendly web analysis tool, to analyze user behavior on our website and improve the user experience. Plausible.io collects anonymous data about page views and interactions without using cookies and without saving any personal data.

data processing:

Plausible.io only processes aggregated and anonymized data, such as the number of visitors, the time spent on the website and the pages visited. No personal data such as IP addresses, user agents or other identifiers is collected or stored. This data helps us measure the performance of our website and optimize content.

Safety Precautions:

Anonymization: All collected data is completely anonymized and does not allow any conclusions to be drawn about individual visitors.

Privacy-friendly design: Plausible.io is designed so that no personal data is collected, which protects user privacy.

Privacy at Plausible.io:

For more information about Plausible.io's privacy policy, please see Plausible.io's privacy policy.

Social media plug-ins

We use LinkedIn (LinkedIn Ireland Unlimited Company) plug-ins on our website (collectively “operator”) to promote our presence in the relevant networks. This advertising purpose represents a legitimate interest of Otark. A plug-in creates a direct connection between your browser and the LinkedIn server. This gives the operator the information that you have visited our website with your IP address. In addition, the operator is then able to associate your visit to our website with your user account. We would like to point out that we have no knowledge of the content of the (personal) data transmitted and its use by the operators. Responsibility for the privacy-compliant operation of the networks must be guaranteed by the respective provider. For more information, please see LinkedIn's privacy policy.

Social media presence

LinkedIn (“operator”) is generally solely responsible for processing personal data when you visit our LinkedIn page. Otark only receives insights from the processing activity of the respective operator in the form of so-called anonymized page insights. These insights show, for example, what kind of actions are being taken on our site. For this purpose, the operator in particular uses information stored in your profile. The processing of personal data is used to evaluate actions taken on our network company site. We use the knowledge gained from this to improve the company's website. The processing is therefore in our legitimate interest. Under certain circumstances, personal data may also be processed in third countries. However, data transmission only takes place if an appropriate level of protection within the meaning of the GDPR is guaranteed. Further information on the processing of personal data can be found in the respective privacy policy of the operators (see above).

Third party services

Google Analytics

From September 2024, we will use the web analysis service Google Analytics on our website, which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics helps us to better understand usage behavior on our website and to optimize our content accordingly.

How Google Analytics works

Google Analytics uses so-called cookies, i.e. text files that are stored on your device and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Activated IP anonymization

To protect your privacy, we have activated IP anonymization on this website. This means that your IP address will be abbreviated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Your full IP address will never be stored or processed, meaning that direct personal reference is ruled out.

Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity and provide us with other services related to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Objection options against Google Analytics

You have various options to object to the use of Google Analytics:

1. Browser plug-in:

You can prevent cookies from being saved by setting your browser software accordingly. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your anonymized IP address) by Google and the processing of this data by Google by downloading and installing the following browser plug-in: Google Analytics Opt-Out.

2. Opt-out cookie:

Alternatively, you can prevent Google Analytics from collecting your data by clicking on the following link: Google Analytics Opt-Out. This stores an opt-out cookie on your device, which prevents future collection of your data when you visit this website. Please note that if you delete your cookies, you must set this opt-out cookie again.

3. Cookie settings:

You can manage and adjust your consent to the use of Google Analytics at any time via the cookie settings on our website. There, you have the option to withdraw or adjust your consent.

By using these options, we ensure that you retain control of your data and can object to analysis by Google Analytics.

Alternatively, by clicking on this link, you can prevent Google Analytics from collecting data about you within this website. By clicking on the link above, you download an “opt-out cookie.” Your browser must therefore always allow cookies to be stored for this purpose. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.

Links to and from other websites

Our websites may contain links to websites of other providers that are not covered by this privacy policy. Otark is not responsible for the privacy policies or content of linked websites. We assume no liability or guarantee for the content of websites to which our website directly or indirectly links.

Visitors follow links to other websites at their own risk and use them in accordance with the applicable terms of use of the corresponding operators. Our site may have been linked by third parties without our knowledge. Otark assumes no responsibility for representations, content or any links to third-party websites.

The Otark.com website uses several tools that are used for various purposes:

1. Google Analytics: From September 1, 2024, Otark uses Google Analytics to analyze the usage behavior of website visitors. This uses cookies that collect information about the use of the website and transfer it to Google servers, including servers in the USA. It is important that users' IP addresses are anonymized before transmission in order to protect privacy.

2. Cookies: The website uses cookies to improve usability and to enable certain functions. A cookie banner is used that allows users to give their consent to the use of cookies, including functional, analytical and marketing cookies. Users can change their cookie settings at any time.

3. Using Calendly

Use and purpose: We use the Calendly scheduling service, which is offered by Calendly LLC (3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA). Calendly allows you to select available time slots online and make appointments with us directly via our website.

Data processing: When using Calendly, personal data such as name, email address, and optional other information such as telephone number or additional information to make an appointment are collected and processed. This data is used to confirm and manage the booked appointment and, if necessary, to provide further information about the appointment.

Safety Precautions:

Encryption: Data is transmitted via encrypted connections (TLS) to ensure the security of the data during transmission.Server location: The data is stored in the USA. To ensure an adequate level of data protection, we have concluded EU standard contractual clauses with Calendly.

Privacy at Calendly: For more information about Calendly's privacy policy, please see Calendly's privacy policy.

Safety notice

The confidential treatment of all data and information is a strict corporate philosophy. Our security measures are constantly being improved in line with technological developments. Please note that the Internet is an open system. Data can be transmitted to other websites that have little or no security regulations. As a result, third parties may be able to access your data for whom it is not intended. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

Data subject rights and contacts

As a data subject, you have the following rights with regard to your personal data under the EU General Data Protection Regulation (GDPR):

1. Right to information (Art. 15 GDPR): You have the right to request confirmation as to whether and which personal data we process from you. You can also request information about the purposes of processing, the categories of personal data, the recipients of the data and the planned storage period.

2. Right to correction (Art. 16 GDPR): If your personal data stored by us is incorrect or incomplete, you have the right to request that it be corrected or completed.

3. Right to deletion (Art. 17 GDPR): You can request the deletion of your personal data under certain conditions, in particular if the data is no longer required for the purposes for which it was collected or if you have withdrawn your consent to data processing.

4. Right to restrict processing (Art. 18 GDPR): You have the right to request that the processing of your personal data be restricted, e.g. if you dispute the accuracy of the data or if the processing is unlawful but you refuse to delete it.

5. Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you have provided in a structured, common and machine-readable format and to transfer this data to another person responsible.

6. Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data, provided that the processing is based on a legitimate interest. This applies in particular to the processing of your data for direct marketing purposes.

7. Right to withdraw consent (Article 7 (3) GDPR): Once you have given your consent to process your personal data, you can withdraw your consent at any time with effect for the future.

8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Telephone: +49 611 1408 - 0
Fax: +49 611 1408 - 611
Email: poststelle@datenschutz.hessen.de
Web page: www.datenschutz.hessen.de

You can assert these rights at any time by sending us an informal message. To do so, please contact the following e-mail address: mail@otark.com or send us a message to our company address.