Privacy policy

1. Data protection information

General notes

The following information provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find his contact details in the section „Notice about the responsible party“ in this privacy policy.

How do we collect your data?

Your data is collected on the one hand by the fact that you provide it to us. This may be, for example, data that you enter in a contact form.

Other data is collected automatically or after your consent when visiting the website by our IT systems. This is mainly technical data (eg Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the Data Protection Authority.

You can contact us at any time about this and other questions on the subject of data protection.

Analytical tools and tools from third party providers

When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs.

For detailed information about these analytics programs, please see the following privacy statement.

2. Hosting

IONOS

We host our website at IONOS SE. Provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereafter IONOS). When you visit our website, IONOS collects various log files including your IP addresses. For details, please refer to the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Job processing

We have concluded a contract on order processing (AVV) with the named provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the DSGVO.

3. General instructions and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

While using this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Note to the responsible party

The responsible party for data processing on this website is:

Ralf Überschär
Optical Services
Georg-Weerth-Strasse 40
50829 Köln
Germany

Mail:
Phone: +49 (0)170.464 08 57

Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of § 25 para. 1 TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your expressed consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

WHEN DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN EXPLORE THE LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS DATA PROTECTION STATEMENT. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 ABS. 1 DSGVO).

If YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU DISAGREE, YOUR PERSONAL DATA SHALL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING HEREAFTER (objection under Art. 21 ABS. 2 DSGVO).

Right of complaint to the Data Protection Authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person in charge, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Disclosure, deletion and rectification

You have, within the framework of the applicable legal provisions at any time the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correct or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to proceed with, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may be processed – apart from their storage – only with your consent or for the establishment, proceedings, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

4. Data collection on this website

Cookies

Our Internet pages use so-called „cookies“. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or an automatic deletion by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions desired by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. Insofar as consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this privacy policy and, if necessary, request your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

A combination of this data with other data sources is not made.

The collection of this data is based on Art. 6 para 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

Contact form

If you send us inquiries via contact form, your data from the inquiry form, including the contact information you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e. e.g. after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry by mail, phone or fax

If you contact us by e-mail, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

5. Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the „unsubscribe“-link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the framework of our legitimatefacen interest according to Art. 6 para. 1 lit. f DSGVO.

Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

6. Analysis tools and advertising

Google Analytics with anonymization function

The controller has integrated the component Google Analytics with anonymization function on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is predominantly used for the optimization of an Internet page and for the cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected via the technical process with third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of such data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on at the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information related to website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject’s information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject’s sphere of control, it is possible to reinstall or reactivate the browser add-on.

Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Further information and the applicable privacy policy of Google can be found at https://www.google.de/intl/de/policies/privacy/ und unter http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

IONOS WebAnalytics

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. Within the scope of the analyses with IONOS, among other things. Visitor numbers and –behavior (e. g., number of page views, duration of a website visit, bounce rates), visitor sources (i.e., from which page the visitor comes), visitor locations, and technical data (browser and operating system versions) may be analyzed. For this purpose, IONOS stores the following data in particular:

  • Referrer (previously visited website)
  • requested web page or file
  • Browser type and version
  • Operating system used
  • type of device used
  • Time of access
  • IP address in anonymized form (used only to determine the location of access).

According to IONOS, the data collection is completely anonymized, so it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on data collection and processing by IONOS WebAnalytics, please refer to the IONOS privacy statement at the following link: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

Contract processing

We have concluded a contract on order processing (AVV) with the named provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the DSGVO.

7. Plugins and Tools

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on how we handle user data, please see YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo video, a connection to the servers of Vimeo is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the U.S.

If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For the recognition of website visitors, Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting).

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on „legitimate business interests“. Details can be found here: https://vimeo.com/privacy.

For more information on the handling of user data, please see Vimeo’s privacy policy at: https://vimeo.com/privacy.

Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

For more information about Google Web Fonts, please see https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Wordfence

We have integrated Wordfence on this website. Provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter „Wordfence“).

Wordfence is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made to our website and block them if necessary.

The use of Wordfence is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting his website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

8. Webinars & online meetings via “Zoom”

We use the tool “Zoom” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA.

As far as you call up the Internet page of “Zoom”, the provider of “Zoom” is responsible for the data processing. However, a call to the Internet page is only necessary for the use of “Zoom” to download the software for the use of “Zoom”.

You can also use “Zoom” if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the “Zoom” app.

If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

What data is processed?

When using “Zoom”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User information:

First name, last name, phone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)

Meeting metadata:

Topic, description (optional), subscriber IP addresses, device/hardware information

For records (optional):

MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

When dialing in with phone:

Information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data:

You may have the option of using the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the “Zoom” applications.

In order to participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing

If we want to record “online meetings”, we will transparently inform you in advance and – if necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars.

If you are registered as a user with “Zoom”, then reports of “online meetings” (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at “Zoom” for up to one month.

Automated decision-making in the sense of Art. 22 DSGVO is not used.

Legal basis of data processing

The legal basis for data processing when conducting “online meetings” Art. 6 para 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Again, our interest is in the effective conduct of “online meetings”.

Recipients / Data Sharing

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that, as with face-to-face meetings, content from “online meetings” is often used precisely to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

Other recipients: the provider of “Zoom” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Zoom”.

Data processing outside the European Union

“Zoom” is a service provided by a provider from the USA. A processing of personal data thus also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom”, which complies with the requirements of Art. 28 DSGVO.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. Furthermore, as supplementary protective measures, we have made our Zoom configuration in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.

Zoom Video Communications, Inc. is certified under the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TNkCAAW&status=Active.

9. Use of teamviewer

For remote support we use the software and service of TeamViewer GmbH. Using this software, we can connect to your PC or server to provide the support you have requested. The connection runs via servers of TeamViewer GmbH. By using remote support via TeamViewer, you consent to the processing of personal data that may be associated with this. TeamViewer is used to fulfill the existing contract between you and us and in the mutual interest of efficient, short-term and cost-effective provision of support services by us. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. a, b and f DSGVO.

The use of TeamViewer is in accordance with the TeamViewer privacy policy. For further information, please contact TeamViewer GmbH, Jahnstraße 30, 73037 Göppingen

Privacy notice: https://www.teamviewer.com/de/privacy-policy/

Safety instructions: https://www.teamviewer.com/de/security/

10. Use of Skype

Skype: Skype’s end-to-end encryption requires its activation (if it should not be activated by default).

Types of data processed: contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text input, photographs, videos).

People concerned: Communication partners

Purposes of processing: contact requests and communication, direct marketing (e.g. by e-mail or postal mail).

Legal basis: Consent (Art. 6 para. 1 lit. a) DSGVO), Legitimate Interests (Art. 6 para. 1 lit. f) DSGVO).

Skype: Skype Messenger with end-to-end encryption; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA;

Website: https://www.skype.com/de/

Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

Safety instructions: https://www.microsoft.com/de-de/trustcenter

Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active

For this GDPR Privacy Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Optikam Tech, Inc. (“Optikam”) will be the controller of your Personal Data processed in connection with the Services.

Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of Services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

What Patient Personal Data Is Collected by the OptikamPad App end-user (“Eye Care Professional”)?

The Patient Personal Data collected on the iPad using the OptikamPad App by the Eye Care Professional is not shared with Optikam. The Eye Care Professional has full control over how the Personal Data is processed. The Eye Care Professional has the ability to delete data upon request.

Personal Data:

Customer Name, Customer or Order Number, Eyewear Measurements (Pupilary Distance, Fitting Heights, Pantoscopic Tilt, Rear-Vertex Distance, Frame Wrap, Near-Pupilary Distance, and Frame Measurements), Customer Pictures (Measurement and Frame Selection), Eyewear Prescription (Rx),Measured Frame and Lens Type, Lifestyle Information

Purpose for Customers:

This type of Personal Data is processed by the Eye Care Professional in order to create a customer profile, order the eyewear and provide effective after-sale support.

What Personal Data Do We Collect?

We collect Personal Data about you when the Eye Care Professional has an active Optikam Cloud Service Subscription (“Cloud”). You provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.

Personal Data:

Customer Name, Customer or Order Number, Eyewear Measurements (Pupilary Distance, Fitting Heights, Pantoscopic Tilt, Rear-Vertex Distance, Frame Wrap, Near-Pupilary Distance, and Frame Measurements), Customer Picture (Measurement), Measured Frame and Lens Type.

Purpose for Eye Care Professionals:

We process this type of Personal Data in order to facilitate data sharing between the Eye Care Professional and its agents.

Purpose for Optikam:

To limit Personal Data exposure to Optikam, Optikam does not have access to the Customer Name, Customer or Order Number and the Customer Picture is pixelated to exclude all areas that are not relevant to eyewear measurements. We process the remaining Personal Data in order to provide the Eye Care Professional with troubleshooting and support.

Purpose for Prospects:

Optikam does not sell, rent or license Personal data it collects.

What Eye Care Professional Data Do We Collect?

We collect Data from the Eye Care Professional that relates to the use of the OptikamPad App.

Eye Care Professional Data:

Device type, Device ID, Operating System Version, IP Address, OptikamPad App Version and Usage Analytics such as App Usage, Enclosure Status, Measurement Errors.

Purpose for the Eye Care Professional:

We process this type of Data to offer the Eye Care Professional usage information for training and troubleshooting purposes.

Purpose for Optikam:

We process this type of Data for our legitimate interests in providing the Services and performing analytics to improve the Products and Services and understand how Eye Care Professionals interact with the Products and Services.

Purpose for Prospects:

Optikam does not sell, rent or license data it collects.

How and With Whom Do We Share Your Data?

We share Personal Data with agents who work on our behalf.

We also share Personal Data when we believe it is necessary to:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
  • Protect us, our business or our users, for example to enforce our Terms of Service, prevent spam or other unwanted communications and investigate or protect against fraud
  • Maintain the security of our products and services

If we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.

How Long Do We Retain Your Personal Data?

We retain Personal Data about you for as long as the Eye Care Professional has an active Cloud Service Subscription and for 3 years after its expiry. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.

What Security Measures Do We Use?

We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. For example, Optikam is continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction or alteration. Some of the safeguards we use to protect Personal Data are firewalls, data encryption, and information access controls.

What Rights Do You Have Regarding Your Personal Data?

You have certain rights with respect to your Personal Data, including those set forth below. We provide tools and support to allow Eye Care Professionals to process your requests regarding your rights to your personal data. For more information about these rights, your Eye Care Professional can email us at . Please note that in some circumstances, we may not be able to fully comply with a request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify of such a decision. In some cases, we may also need you or the Eye Care Professional to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of the request. Given the limited visibility that our agents have to your Personal Data, in order for us to access your Personal Data, the Eye Care Professional’s Cloud Service Subscription account name and time stamp of the measurement profile will be required.

Access:

You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.

Rectification:

If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.

Erasure:

You can request that we erase some or all of your Personal Data from our systems.

Portability:

You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

Objection:

You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.

Transfers of Personal Data

The Services are hosted and operated in the United States (“U.S.”) through Optikam and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Optikam in the U.S. and will be hosted on U.S. servers, and you authorize Optikam to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S.

What If You Have Questions Regarding Your Personal Data?

If you have any questions about this GDPR Privacy Notice or our data practices generally, please contact us using the following information:

Optikam Tech Inc.
787 Liege Street W Montreal, QC H3N 1B1

Designated representative and contact information:

Eric Fischer
+49 89 613 69 715

Email address for contact:

Data Protection Officerand contact information:

Peter Szymborski

+49 (0)170.464 08 57