Privacy Policy

Last modified: August 26, 2024

Otark GmbH, based in Frankfurt am Main (hereinafter “Otark”), attaches great importance to the protection of personal data. This privacy policy applies to any interaction between visitors to the Otark websites. This privacy policy applies to all Otark websites, services and platforms, including all sub-pages and subdomains. We strictly comply with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Responsibility and Responsible Body

Otark GmbH

Legal representative: Jan Quecke

Address and registered office: Otark GmbH Bockenheimer Landstraße 2-4 60306 Frankfurt am Main Germany

Phone: +49 69 950 640 100 Fax: +49 69 950 640 199

Data Protection Officer: Martin Bastius heyData GmbH Email: datenschutz@heydata.eu Phone: +49 89 41325320

Competent Data Protection Authority

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1 65189 Wiesbaden Phone: +49 611 1408 - 0 Fax: +49 611 1408 - 611 Email: poststelle@datenschutz.hessen.de

Rights of Data Subjects

You have the right to obtain information about the personal data processed by us, to have incorrect data corrected, to request the deletion or restriction of the processing of your data and to object to data processing. You also have the right to data portability in accordance with Article 20 GDPR.

If you believe that we are not processing your personal data lawfully, you have the right to complain to a supervisory authority.

Data Processing (Storage and Deletion)

Outside of a contract concluded with Otark for services to use the Otark marketplace platform, Otark only collects and processes personal data if you provide it to us voluntarily. Your personal data will only be processed on the basis of your express consent in excess of the statutory permission.

Legal Bases and Purposes of Data Processing

1. Consent (Art. 6 para. 1 lit. a GDPR)

Consent to the processing of personal data is always given for a specific purpose. Examples include:

• Contacting us: When you provide us with your contact details to receive information or offers from us.
• Newsletter delivery: Your email address and optional further information will only be used to send you our newsletter.

You can withdraw your consent at any time with effect for the future by sending us an email to privacy@otark.io.

2. Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)

Personal data is processed to fulfill our contractual obligations to you. Examples include:

• Contract execution: Processing customer data in order to properly provide our services within the framework of the Otark platform.
• Processing of inquiries: Processing of data that you submit to us as part of an enquiry in order to provide you with an offer or to provide pre-contractual advice.

3. Due to legal obligations (Art. 6 para. 1 lit. c GDPR)

As a company, Otark is subject to various legal obligations, in particular commercial and tax law requirements. Examples include:

• Reporting obligations: Processing and storage of data to fulfill legal reporting and storage obligations.
• Accounting: Storage of billing data to comply with legal accounting obligations.

4. Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Personal data may be processed to protect Otark’s legitimate interests. Examples include:

• Business operations: Maintaining and optimizing our business operations, e.g. by analyzing the use of our website to improve our services.
• Direct marketing: Using your email address for direct advertising for similar services, unless you have objected to this use.

Categories of Data

The categories of data listed below are collected and processed for the purposes mentioned above:

• Application details to complete the application process
• Customer/interested party data, employee data and supplier data common in business transactions
• Data required to use video conferencing software (in particular Zoom)

Recipient Categories

We only transfer personal data to the extent necessary for the respective processing purposes:

1. Public authorities where there is overriding legislation

Authorities: Tax offices, supervisory authorities and other public bodies, provided that there is a legal obligation to submit.

2. External service providers or other contractors

• IT service providers: Service providers who support us in maintaining, operating and securing our IT systems
• Cloud hosting providers: Cloud service providers such as Microsoft Azure
• Payment service providers: Companies that process payments for us
• Communications service providers: Providers such as Google Meet, Zoom, etc.
• Marketing service providers: Agencies and platforms for newsletters and online advertising

3. Other external bodies

Consulting and audit firms: tax advisors, auditors, lawyers.

4. Third country transfers

As part of contract execution, processors outside the European Union may be used. We ensure that the requirements of Art. 44 ff. GDPR are met, in particular by concluding EU standard contractual clauses.

Data Security

We attach great importance to protecting your personal data and have implemented extensive technical and organizational measures (TOMs):

1. Encryption technologies

• Transport encryption: All data transfers are secured by TLS (Transport Layer Security)
• Storage encryption: Sensitive data such as passwords or payment information is encrypted when stored

2. Access control systems

• Physical access controls: Our IT infrastructure is located in secured data centers with biometric access controls and video surveillance
• Access controls: Access to personal data is limited to authorized employees

3. Data minimization and separation

• Data minimization: We only process the personal data required for the respective processing purposes
• Data separation: Personal data is stored separately from other data

4. Data backup and backups

• Regular backups: We regularly back up our data assets
• Emergency management: Our emergency plans ensure quick response in the event of system failure

5. Logging and monitoring

• Monitoring measures: Our systems are continuously monitored
• Logging: All access to personal data is logged and regularly checked

6. Data protection through technology design (Art. 25 GDPR)

• Software development: We implement “Privacy by Design” and “Privacy by Default” principles
• Privacy-friendly default settings: Our platforms are configured to collect only minimum necessary data

Duration of Data Storage

1. Customer data

• Contract data: Stored for the duration of the contract and 10 years after the end of the contract
• Inquiries without contract: Deleted after 6 months

2. Applicant data

• Successful applications: Transferred to the personnel file
• Unsuccessful applications: Deleted 6 months after completion of the application process

3. Data on business partners

Contract data is stored for the duration of the business relationship and 10 years after the end.

4. Newsletter data

• Newsletter subscription: Stored until you unsubscribe
• Direct marketing: Stored until you object to their use

5. Log data

Website access data is usually stored for 6 months and then deleted or anonymized.

6. Data for legal purposes

Data for litigation and compliance may be stored until the respective proceedings have been completed and until the legal limitation periods have expired.

Collection of Personal Data When You Visit Our Website

If you use our website exclusively for informational purposes, we only collect the personal data that your browser transmits to our server:

• IP address
• Date, time, and duration of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page and click paths)
• Access status/HTTP status code
• Each amount of data transferred
• Website from which the request comes
• Browser, operating system and its interface
• Screen resolution
• Language and version of the browser software

Cookie Banner and Opt-in

When you use our website for the first time, a cookie banner appears informing you that we use cookies and similar technologies. You can use the cookie banner to give your consent to various categories of cookies:

• Functional cookies: These cookies are necessary to ensure the basic functions of the website and cannot be deactivated.
• Analytical cookies: These cookies collect information about how our website is being used to improve its performance.
• Marketing cookies: These cookies are used to show you personalized advertising based on your interests.

You can generally prevent cookies from being saved by deactivating the storage of cookies in your browser.

Google Analytics and IP Anonymization

We use Google Analytics, a web analysis service provided by Google Inc., to analyze website usage by visitors. Google Analytics uses cookies, which are stored on your device.

To protect your privacy, we have activated IP anonymization in Google Analytics. This means that your IP address will be abbreviated by Google within the member states of the European Union before transmission to the USA. Your full IP address will never be stored or processed.

You can prevent the collection of data by:

1. Browser plug-in: Download and install the Google Analytics Opt-Out browser plugin
2. Opt-out cookie: Click the opt-out link on our website
3. Cookie settings: Manage your consent via the cookie settings on our website

Using a Newsletter

When registering for our newsletter, you provide us with your email address and, optionally, other data. We use this information exclusively to send you the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending us a corresponding message to info@otark.io.

Using Plausible.io

We use Plausible.io, a privacy-friendly web analysis tool, to analyze user behavior on our website. Plausible.io collects anonymous data about page views and interactions without using cookies and without saving any personal data.

Data processing: Plausible.io only processes aggregated and anonymized data, such as the number of visitors, the time spent on the website and the pages visited. No personal data such as IP addresses or other identifiers is collected.

Social Media Plug-ins

We use LinkedIn plug-ins on our website to promote our presence in the relevant networks. A plug-in creates a direct connection between your browser and the LinkedIn server. This gives the operator the information that you have visited our website with your IP address.

We would like to point out that we have no knowledge of the content of the personal data transmitted and its use by the operators.

Using Calendly

We use the Calendly scheduling service, which is offered by Calendly LLC (3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA). Calendly allows you to select available time slots online and make appointments with us directly via our website.

Data processing: When using Calendly, personal data such as name, email address, and optional other information are collected and processed. This data is used to confirm and manage the booked appointment.

Safety precautions:

• Encryption: Data is transmitted via encrypted connections (TLS)
• Server location: The data is stored in the USA. We have concluded EU standard contractual clauses with Calendly.

Links to and from Other Websites

Our websites may contain links to websites of other providers that are not covered by this privacy policy. Otark is not responsible for the privacy policies or content of linked websites.

Safety Notice

The confidential treatment of all data and information is a strict corporate philosophy. Our security measures are constantly being improved in line with technological developments. Please note that the Internet is an open system. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

Data Subject Rights and Contacts

As a data subject, you have the following rights under the EU General Data Protection Regulation (GDPR):

1. Right to information (Art. 15 GDPR): You have the right to request confirmation as to whether and which personal data we process.
2. Right to correction (Art. 16 GDPR): If your personal data is incorrect or incomplete, you have the right to request correction.
3. Right to deletion (Art. 17 GDPR): You can request the deletion of your personal data under certain conditions.
4. Right to restrict processing (Art. 18 GDPR): You have the right to request that the processing of your personal data be restricted.
5. Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, common and machine-readable format.
6. Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data.
7. Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw your consent at any time with effect for the future.
8. Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

You can assert these rights at any time by sending us an informal message to mail@otark.com or to our company address.