Privacy Policy

Terms of Use

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both as part of the provision of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to hereinafter as the "online offer").

The terms used are not gender-specific.

Status: May 1, 2026

Table of Contents

• Terms of Use
• Responsible
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Deletion of Data
• Cookies
• Provider of Online Content and Webhosting
• Contacts
• Rights of affected person

Responsible

OBE4U
Mondweg 61
33378 Rheda-Wiedenbrück

Authorized representatives:

Katrin Schürer

E-Mail-adress:

Info[at]obe4u.de

Legal Notice:

https://obe4u.de/en/legal-notice/

Overview of Processing Activities

The following overview summarises the types of data processed, the purposes for which they are processed, and indicates the categories of data subjects concerned.

Types of Data Processed

• Contact data.
• Content data.
• Usage data.
• Meta, communication and procedure data.

Categories of Data Subjects

• Communication partners.
• Users.

Purposes of Processing

• Provision of contractual services and customer support.
• Contact inquiries and communication.
• Security measures.
• Management and response to inquiries.
• Feedback.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Below you will find an overview of the legal bases of the DSGVO on which we process personal data. Please note that, in addition to the provisions of the DSGVO, national data protection regulations may apply in your or our country of residence or business. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

• Performance of contractual obligations and pre-contractual requests (Art. 6(1)(1)(b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party, or for carrying out pre-contractual measures taken at the request of the data subject.
• Legitimate interests (Art. 6(1)(1)(f) DSGVO) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data.

In addition to the data protection regulations of the DSGVO, national regulations on data protection in Germany also apply. This includes, in particular, the Act on Protection Against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains special provisions, especially with regard to the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transfer, and automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly regarding the initiation, implementation, or termination of employment relationships as well as the consent of employees. In addition, data protection laws of the individual German federal states may also apply.

Security Measures

In accordance with statutory requirements, and taking into account the state of the art, implementation costs, as well as the nature, scope, context and purposes of processing, and the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures specifically include safeguarding the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as access, input, transfer, safeguarding availability, and segregation relating to the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to any threats to the data. We also take into account the protection of personal data right from the development or selection of hardware, software, and processes, in accordance with the principle of data protection by design and by default.

TLS encryption (https): To protect data you transmit via our online offering, we use TLS encryption. You can recognise such encrypted connections by the prefix https:// in your browser's address bar.

Deletion of Data

The data we process will be deleted in accordance with legal requirements as soon as the consents allowing their processing are revoked or other permissions cease to apply (for example, if the purpose of processing this data no longer exists or if the data is no longer necessary for that purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to those purposes. That means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also include additional information regarding the retention and deletion of data that take precedence for the respective processing activities.

Use of Cookies

Cookies are small text files or other types of storage notes that save information on end devices and retrieve information from them. For example, they may store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed, or the functions used in an online offering. Cookies can also be used for different purposes, such as ensuring the functionality, security, and convenience of online services, as well as for analyzing visitor traffic.

Notice on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not required by law. Consent is particularly not necessary when storing and accessing the information, including cookies, is strictly necessary to provide users with a telemedia service they have expressly requested (i.e., our online offering). Cookies that are usually strictly necessary include those which enable the display and operability of the online offering, load balancing, security, storage of preferences and user choices, or similar purposes related to providing the main and auxiliary functions of the online service requested by users. Revocable consent is clearly communicated to users and includes information regarding the specific use of cookies.

Notes on the Legal Basis for Data Protection: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for their consent. If users consent, the declared consent is the legal basis for processing their data. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the economic operation of our online offering and the improvement of its usability) or, when it is required to fulfill our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which we process cookies in this privacy policy or within our consent and processing procedures.

Retention Period: With regard to the retention period, the following types of cookies are distinguished:

• Temporary Cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Similarly, the data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and retention period of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent and the retention period can be up to two years.

General Information on Withdrawal and Objection (Opt-Out): Users may revoke their consents at any time and may also object to the processing of their data in accordance with the statutory provisions of Article 21 DSGVO. Users can also declare their objection via their browser settings, for example, by disabling the use of cookies (however, this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

• Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

Further Notes on Processing Procedures, Methods and Services:

• Complianz: Cookie consent management; Service provider: Hosted locally on our server, no data is shared with third parties; Website: https://complianz.io/ ; Privacy Policy: https://complianz.io/legal/ ; Further information: An individual user ID, language, types of consents and the time at which they were given are stored server-side and in the cookie on the user's device.

Provision of Online Services and Web Hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the contents and functions of our online services to the user’s browser or device.

• Types of data processed: Usage data (e.g., pages visited, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); content data (e.g., entries in online forms).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures; fulfillment of contractual services and customer support.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

Further Notes on Processing Procedures, Methods, and Services:

• Provision of Online Services on Rented Storage Space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from an appropriate server provider (also called "web host"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
• Email Sending and Hosting: The web hosting services we use also include the sending, receipt, and storage of emails. For these purposes, the addresses of recipients and senders as well as other information related to email transmission (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for the detection of SPAM. Please note that emails are generally not encrypted when sent over the internet. As a rule, emails are encrypted during transit, but (unless so-called end-to-end encryption is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of emails between the sender and our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
• 1&1 IONOS: Services in the area of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ionos.de ; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy ; Data Processing Agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/ .

Contact and Inquiry Management

When you contact us (e.g., by mail, contact form, email, phone, or via social media) as well as in the context of existing user and business relationships, we process the information provided by the inquiring persons, insofar as this is necessary to respond to the contact inquiries and any requested measures.

• Types of data processed: Contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Communication partners.
• Purposes of processing: Contact requests and communication; management and response to inquiries; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); performance of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further notes on processing procedures, methods, and services:

• Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the stated request; Legal bases: Performance of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

Rights of Data Subjects

As a data subject, you have various rights under the DSGVO, in particular as set out in Articles 15 to 21 DSGVO:

• Right to object: You have the right, at any time and for reasons arising from your particular situation, to object to the processing of your personal data pursuant to Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.
• Right of withdrawal for consent: You have the right to withdraw consent you have given at any time.
• Right of access: You have the right to request confirmation as to whether your data is being processed, as well as information about this data and further details, including a copy of the data, in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request the completion of your data or the rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate erasure of data concerning you, or alternatively, to request the restriction of processing of your data.
• Right to data portability: You have the right, in accordance with legal requirements, to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request the transmission of this data to another controller.
• Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the DSGVO.

Our competent supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Bettina Gayk
Kavalleriestraße 2-4
40213 Düsseldorf
Telefon: 02 11/384 24-0
E-Mail: poststelle@ldi.nrw.de
Homepage: https://www.ldi.nrw.de