* Automated English courtesy translation for information purposes only. For the authentic version, please refer to the German-language website. In case of inconsistencies or doubts, the German version shall prevail.

​

Preface​

​

OmbudsVerse, Johanna Reiter-Brüggemann (hereinafter: "the company", "we" or "us") takes the protection of your personal data seriously. We would like to inform you in the following about the handling of your data in our company. 

​

With this policy (hereinafter: "Privacy Policy") we inform you, in accordance with the European General Data Protection Regulation (hereinafter: GDPR), how, for what purposes and on what legal basis we process your personal data.

​

Under Section A we inform you in general about the processing of personal data at OmbudsVerse (also applies to the website). Additionally  we provide you under Section B. with specific information on the processing of personal data via our website ombudsverse.de.

​

In particular, the following groups of people, may be affected by data processing at OmbudsVerse:

​

• Customers and their employees

• Business partners and their employees (e.g. lawyers, consultants, blog authors, scholars)

• Applicants, potential employees

• Visitors to our website

• Users of our online offer

• Other interested parties
   

In the following, we refer to you and other affected persons as "customer", "user", "you", "you" or "data subject".

​

For the definitions of the terms used (in particular "personal data"; "processing", "controller", "third party", "processor", "consent"), we refer to Art. 4 GDPR.

​

References to statutory provisions refer to the GDPR, as well as the Federal Data Protection Act (BDSG) in the version applicable as of 25 Mai 2018.

​

If you have any questions about this privacy policy or the handling of your data, you may contact us at any time.

​

For websites of other providers we refer to (e.g. via links), this privacy policy does not apply. Please refer to the privacy policy of the respective website. 

​​

If you have read these privacy policy and do not agree you must leave this website and stop using our service.

​

A. General information about the processing of personal data at OmbudsVerse

​

(1) Name and address of the controller

​

OmbudsVerse, Johanna Reiter-Brüggemann

+49(089) 24413372

data@ombudsverse.de

​

(2) Contact details of the data protection officer

​

Johanna Reiter-Bruggemann

+49(089) 24413372

data@ombudsverse.de

 

For more information about our company, please refer to the imprint on our website.

​

(3) Types and origin of the data processed

​

We process various types of personal data that you either provide to us with or that are automatically collected when you use our services (e.g. visiting our website). We may also process data we collect from other sources (e.g. third-party correspondence, the press, third-party websites). This may include, for example, the following types of data:

​

• identity data (e.g. name, date of birth, organizational affiliation, data contained in identity cards and other ID documents);

• contact data (e.g. addresses, email addresses, telephone numbers)

• content data (e.g. text submitted, photographs, videos)

• contract related data (e.g. subject matter of the contract, bank details, term, customer category, data relating to the initiation of a mandate, the initiation of a consulting contract, or the initiation of software/SaaS sale with one of our partners (law firms, consultancies or software companies), information that is the subject of our correspondence with you or with our business partners 

• billing and payment data (e.g. bank details, payment history)

• usage data (e.g. websites visited, user behaviour, your interest in specific content, access times)

• meta/communication data (e.g. device information, IP addresses)

• other communication data such as data subject of our correspondence and communication (oral/written, electronically via e-mail, contact form or chat) with you.

​

Special categories of personal data within the meaning of Art. 9 GDPR, e.g. political opinions, religious or philosophical beliefs, or trade union membership, biometric data, health data, are only processed pursuant to Art. 9 GDPR. 

 

In principle we do not process data in the sense of Art. 10 GDPR, unless you provide us with such data by e-mail or via the contact form on our website. However, and even though the scope of Art. 10 GDPR remains to be determined, we recommend you to handle this sensitive data with particular care and to avoid sending us data about criminal offences, misdemeanors and other administrative offenses.

​

OmbudsVerse does not provide any legal advice and services. We are happy to refer you to one of our partner attorneys as soon as we have started our business activities.

 

If you have not provided us with your personal data yourself, we may have obtained it from our customers, business partners, service providers or from other sources, such as third-party websites or business directory.

​

(4) Legal basis, purpose of the processing of personal data and storage period

​

The legal bases for the processing of personal data are in particular Article 6 Paragraph 1 No. 1 lit. a - f, 9 GDPR and Section 25 TTDSG. The Processing of data may be based more than one legal basis. If the legal bases for the processing of personal data are not mentioned specifically in this privacy policy the following applies: The legal basis for the processing of data

​

• if you give your consent is Art. 6 no. 1 lit. a and Art. 7 GDPR,

• necessary for the performance of a contract to which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract is Art. 6 no. 1 lit. b GDPR,

• necessary for compliance with a legal obligation to which the controller is subject is Art. 6 no. 1 lit. c, 

• necessary for the purposes of our legitimate interests the legitimate interest of a third party is Art. 6 no. 1 lit. f GDPR.​

The following purpose for the processing of data correspond to our legitimate interests.

​

OmbudsVerse processes personal data

​

• to provide its online offer including its content and functions, such as the

  • OmbudsCommunity

  • OmbudsBlog

  • Job market

• to identify potential customers and cooperation partners, their representatives and other persons acting on their behalf

• to initiate business relationships

• to contact (potential) authors for the OmbudsBlog

• to provide our services

  • e.g. to advise our customers on the right partner to solve their problems (law firms, consultancies and software providers)

  • to provide other services (note: OmbudsVerse does not provide any legal services and/or legal advice itself)

• to answer contact requests and to communicate

• to send paper based and/or electronic correspondence

• to process payment for OmbudsVerse services

• for administration, bookkeeping and invoicing

• for the proper storage of documents to meet legal obligations, for evidence purposes and for the exercise and defense of legal claims (e.g. Section 147 AO, Section 257 HGB)

• to cooperate with authorities and courts to meet legal requirements

• to customize our offer

• for marketing, advertising, market research

• for security measures

• to identify user behavior to order improve our offer

​

We store the personal data until the purposes above have been achieved. However, we may store data beyond this time in the event of a (possible) legal dispute or other legal proceedings or if storage is provided for by statutory provisions to which we are subject (e.g. Section 257 HGB, Section 147 AO).

​

(5) Recipients of data and transfer to third countries

​

If we use external domestic and foreign third party processors, e.g. forIT and telecommunications, a transfer of personal data for one of the above-mentioned purposes may be based on a processing agreement pursuant to Art. 28 GDPR or on one of the above-mentioned legal bases (in particular on the basis of your consent, for the performance of a contract and for the implementation of pre-contractual measures or to protect our legitimate interests).

​

Personal data is transmitted

​

• for the hosting of our website - compare specifically for the website Section B. no. 5

• to connect corporate customers to our partners (e.g. law firms, consultancies, software providers, scientists)

• to refer new customers and clients to our partners

• as part of the OmbudsVerse Community to other community members

• to our telecommunications and IT service providers (we also use cloud-based services), e.g. for document management and analysis, collaboration and automation, external (cloud-based) mail servers, data rooms or AI services

• to governmental agencies/authorities, as far as this is necessary to meet legal requirements. This may also include foreign authorities.

• to third parties assisting with our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties, advisors and counsel involved in mergers and acquisitions).

• In addition, we transfer personal data with your express consent, cf. Art. 6 no. 1 lit. a GDPR

​

Your personal data may be transferred to third parties located outside of the European Economic Area (EEA), (hereinafter "third countries" or "non member states").

​

The European Commission may certify a third party country offering an appropriate level of data protection, comparable to the EEA standard, by issuing an adequacy decision (cf. also under B. 5); For a list of countries subject to an adequacy click here.

​

Data transfer to third parties located in third countries that are not subject to an adequacy decision by the European Commission may only occur if the data subject agrees or if appropriate data protection is otherwise guaranteed. E.g. by an approved code of conduct, by binding corporate rules or the European Commission's standard contractual clauses (you may find the them here), cf. Art. 46 Para. 1, 2 GDPR.

 

​

(6) Protection of your data

​

We have implemented technical and organizational measures to protect your data pursuant to Art. 32 GDPR. Our employees have to commit to protect personal data and treat it confidentially. Nevertheless, communication e.g. via e-mail or contact form involves a risk of unauthorised access by third parties. Despite precautionary measures, viruses and similar malware might be transmitted e.g. via emails. Communication e.g. via the Internet, such as video conferences, involve comparable risks. When using cloud-based applications, we cannot rule out that data may be lost or damaged or that third parties (especially US authorities) may openly or covertly access to your data.

​

(7) Your Rights

​

To exercise your rights, you can contact us using the contact details specified under Section A. (1) and A. (2) of this privacy policy.

 

The full scope of your rights can be found directly in Art. 15, 16, 17, 18, 20, 21, 7, 77 GDPR including the right:

 

• to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of the processing, the categories of data concerned, the categories of recipient to whom the personal data will be disclosed, the envisaged storage period, the origin of your data if it was not collected from us, and the existence of an automated process require decision-making;

• to obtain without undue delay the rectification of inaccurate personal data concerning you pursuant to Art. 16 GDPR,

• to request the erasure of your personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, to meet a legal requirement, for reasons of public interest or to raise, exercise or defend legal claims and complaints pursuant to Art. 17 GDPR;

• to demand the restriction of processing if you contest the accuracy of the data or if the processing is unlawful, Art. 18 GDPR.

• to receive your data, which you provided to us, in a structured, commonly used and and machine-readable format or to request transmission of the data to another controller pursuant to Art. 20 GDPR

• to object to future processing in accordance with Article 21 GDPR if the processing is based on Article 6 (1) sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct advertising, we ask that you explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing;

• in accordance with Art. 7 Para. 3 GDPR, to revoke your consent, once given, that you agree to the processing of the personal data concerned for the future.

• pursuant to Art. 77 GDPR to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, Germany; Email: poststelle@lda.bayern.de.

 

(9) Changes to Privacy Policy

​

As part of the further development of data protection law and technological or organizational changes, our data protection information will be adapted. You will be informed about changes in particular on our German website at www.ombudsverse.de. This data protection notice is dated November 2022.

​

B. Information about the processing of personal data on the OmbudsVerse website

​

(1) Explanation of the function

​

Information about our company and the services we offer can be found in particular at www.ombudsverse.de including the associated sub-pages (hereinafter collectively: "websites"). When you visit our website, your personal data may be processed.

​

(2) Processed personal data, purpose and legal basis of data processing

 

When using the website for informational purposes, we collect, store and process the following categories of personal data. We process the personal data specified below only to the extent necessary. Insofar as the processing of personal data is based on Article 6 Paragraph 1 Sentence 1 lit. f GDPR, the stated purposes also represent our legitimate interests.

 

• "Log data" or "user data": When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of​​:

  • the date and time of the call

  • the description of the type, language and version of the web browser used

  • full IP address of the requesting computer

  • the amount of data transferred

  • the operating system used

  • the message whether the call was successful (access status/Http status code)

  • the GMT time zone difference

• the name and URL of the requested page/file

• the page from which our website was requested (so-called referrer URL)

​

The processing of the log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 Para. 1 S. 1 lit. a or lit. f DS-GVO).

 

• "Contact form data": If contact forms are used, the data transmitted by them will also be processed (e.g. gender, surname and first name, address, company, e-mail address, all other data entered by the user and the time of transmission).

 

Contact form data is processed to process inquiries from customers and other interested parties (legal basis is Art. 6 Para. 1 S. 1 lit. b or lit. f GDPR).

 

 

• In addition to the purely informational use of our website, we offer subscriptions to our newsletter, with which we inform you about current developments in the area of ESG, supply chain law, compliance, litigation and events. If you register for our newsletter, the following "newsletter data" will be collected, stored and processed by us:​

  • the description of the type of web browser used

  • the IP address of the requesting computer

  • the E-Mail adress

  • the date and time of registration and confirmation

  • the page from which our website was requested (so-called referrer URL) the date and time of the call

 

The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you agree to the processing of your personal data (legal basis is Art. 6 Para. 1 lit. a DS-GVO).

 

We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to data@obudsverse.de or by sending a message to the contact details given in the imprint.

 

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned above and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected in pseudonymised form, ie. the IDs are therefore not linked to your other personal data, direct personal reference is excluded.

​

If the processing of the data requires the storage of information in your terminal device or access to information that is already stored in the terminal device, Section 25 (1) and (2) TTDSG is the legal basis for this. Compare this under (6a).

​

(5)  transmission of personal data to third parties; order processing, hosting; legal basis;

​

The following categories of recipients, which are usually processors, cf. A. (5)), may have access to your personal data via our website:

​

• Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security).

 

Ombudsverse.de is hosted externally. The personal data collected on this website is stored on the hoster's servers. We also use a third-party website builder to design the website. The transmitted data can primarily be IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

 

• We therefore have order processing contracts with

 

Mittwald CM Service GmbH & Co. KG
Koenigsberger Strasse 4-6
32339 Espelkamp
Germany

 

and

 

Wix.com Ltd.
40 Nemal St
6350671 Tel Aviv
Israel

(as part of the Wix Terms of Service).

 

closed.

There is also an adequacy decision by the European Commission for the country of Israel. We have received the following information from Wix on how to deal with sub-processors:

Personal data processed through the Wix Services will be used by Wix.com Ltd. (Israel) and may then be transferred to other Wix companies for storage and, if necessary, to perform the Services. The same applies to third-party sub-processors. For its part, Wix concludes contracts with the sub-processors to ensure compliance with data protection laws.

 

You can find out more about thishere. The legal basis for the transfer is Article 6 Paragraph 1 Sentence 1 Letter b or Letter f GDPR, unless it is a processor.

​

For the guarantees of an appropriate level of data protection when data is passed on to third countries, see A. (5). 

​

(6) Use of cookies, plugins and other services on our website

​

a) Cookies

​

We use temporary and permanent cookies on our websites. Cookies are small text files or other types of information storage that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the place that sets the cookie._cc781905-5cde- 3194-bb3b-136bad5cf58d_

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals. However, cookies cannot identify a user directly. 

​

Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them. Other cookies are used to evaluate user behavior or to display advertising.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

​

• Technical cookies: These are essential to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;

​

• Performance cookies: These collect information about how you use our website, which pages you visit and e.g. B. whether errors occur when using the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;

​

• Advertising cookies, targeting cookies: These serve to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;

​

• Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.

​

In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. WiX). If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in this data protection declaration and, if necessary, ask for your consent.

​

We set cookies that are necessary for the operation of our website and without which our website cannot be displayed in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR or based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and § 25 Para. 1 TTDSG. For example, cookies required to carry out the electronic communication process, to provide certain functions you want or to optimize the website. 

​

We use cookies that are not required on the basis of express consent within the meaning of Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit to provide the desired telemedia service.

The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services.

 

If consent to the storage of cookies and comparable recognition technologies was requested, processing takes place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG); the consent can be revoked at any time.

​

b) Social Media Plugins

​

We do not use any social media plugins on our websites. If our websites contain symbols from social media providers (e.g. LinkedIn), we only use them for passive linking to the pages of the respective providers.