{"id":4907,"date":"2024-04-25T19:42:38","date_gmt":"2024-04-25T19:42:38","guid":{"rendered":"https:\/\/osapiens.com\/?page_id=4907"},"modified":"2024-08-20T08:45:44","modified_gmt":"2024-08-20T08:45:44","slug":"one-identity-plus-privacy-policy","status":"publish","type":"page","link":"https:\/\/osapiens.com\/de\/ftrace\/one-identity-plus-privacy-policy\/","title":{"rendered":"One Identity Plus Privacy Policy"},"content":{"rendered":"

Privacy Policy | osapiens<\/h2>\n<\/div><\/div><\/div>

We are very delighted that you have shown interest in our enterprise. Data protection is of aparticularly high priority for the management of the oneIDentity+. The use of the Internet pages ofthe oneIDentity+ is possible without any indication of personal data; however, if a data subjectwants to use special enterprise services via our website, processing of personal data could becomenecessary. If the processing of personal data is necessary and there is no statutory basis for suchprocessing, we generally obtain consent from the data subject.<\/p>\n

The processing of personal data, such as the name, address, e-mail address, or telephone number ofa data subject shall always be in line with the General Data Protection Regulation (GDPR), and inaccordance with the country-specific data protection regulations applicable to the oneIDentity+. Bymeans of this data protection declaration, our enterprise would like to inform the general public ofthe nature, scope, and purpose of the personal data we collect, use and process. Furthermore, datasubjects are informed, by means of this data protection declaration, of the rights to which they areentitled.<\/p>\n

As the controller, the oneIDentity+ has implemented numerous technical and organizationalmeasures to ensure the most complete protection of personal data processed through this website.However, Internet-based data transmissions may in principle have security gaps, so absoluteprotection may not be guaranteed. For this reason, every data subject is free to transfer personal datato us via alternative means, e.g. by telephone.<\/p>\n

1. Definitions<\/strong><\/p>\n

The data protection declaration of the oneIDentity+ is based on the terms used by the Europeanlegislator for the adoption of the General Data Protection Regulation (GDPR). Our data protectiondeclaration should be legible and understandable for the general public, as well as our customersand business partners. To ensure this, we would like to first explain the terminology used.<\/p>\n

In this data protection declaration, we use, inter alia, the following terms:<\/p>\n

a) Personal data<\/strong><\/p>\n

Personal data means any information relating to an identified or identifiable natural person (\u201cdatasubject\u201d). An identifiable natural person is one who can be identified, directly or indirectly, inparticular by reference to an identifier such as a name, an identification number, location data, anonline identifier or to one or more factors specific to the physical, physiological, genetic, mental,economic, cultural or social identity of that natural person.<\/p>\n

b) Data subject<\/strong><\/p>\n

Data subject is any identified or identifiable natural person, whose personal data is processed by thecontroller responsible for the processing.<\/p>\n

c) Processing<\/strong><\/p>\n

Processing is any operation or set of operations which is performed on personal data or on sets ofpersonal data, whether or not by automated means, such as collection, recording, organisation,structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure ordestruction.<\/p>\n

d) Restriction of processing<\/strong><\/p>\n

Restriction of processing is the marking of stored personal data with the aim of limiting theirprocessing in the future.<\/p>\n

e) Profiling<\/strong><\/p>\n

Profiling means any form of automated processing of personal data consisting of the use of personaldata to evaluate certain personal aspects relating to a natural person, in particular to analyse orpredict aspects concerning that natural person\u2019s performance at work, economic situation, health,personal preferences, interests, reliability, behaviour, location or movements.<\/p>\n

f) Pseudonymisation<\/strong><\/p>\n

Pseudonymisation is the processing of personal data in such a manner that the personal data can nolonger be attributed to a specific data subject without the use of additional information, providedthat such additional information is kept separately and is subject to technical and organisationalmeasures to ensure that the personal data are not attributed to an identified or identifiable naturalperson.<\/p>\n

g) Controller or controller responsible for the processing<\/strong><\/p>\n

Controller or controller responsible for the processing is the natural or legal person, publicauthority, agency or other body which, alone or jointly with others, determines the purposes andmeans of the processing of personal data; where the purposes and means of such processing aredetermined by Union or Member State law, the controller or the specific criteria for its nominationmay be provided for by Union or Member State law.<\/p>\n

h) Processor<\/strong><\/p>\n

Processor is a natural or legal person, public authority, agency or other body which processespersonal data on behalf of the controller.<\/p>\n

i) Recipient<\/strong><\/p>\n

Recipient is a natural or legal person, public authority, agency or another body, to which thepersonal data are disclosed, whether a third party or not. However, public authorities which mayreceive personal data in the framework of a particular inquiry in accordance with Union or MemberState law shall not be regarded as recipients; the processing of those data by those public authoritiesshall be in compliance with the applicable data protection rules according to the purposes of theprocessing.<\/p>\n

j) Third party<\/strong><\/p>\n

Third party is a natural or legal person, public authority, agency or body other than the data subject,controller, processor and persons who, under the direct authority of the controller or processor, areauthorised to process personal data.<\/p>\n

k) Consent<\/strong><\/p>\n

Consent of the data subject is any freely given, specific, informed and unambiguous indication ofthe data subject\u2019s wishes by which he or she, by a statement or by a clear affirmative action,signifies agreement to the processing of personal data relating to him or her.<\/p>\n

2. Name and Address of the controller<\/strong><\/p>\n

Controller for the purposes of the General Data Protection Regulation (GDPR), other dataprotection laws applicable in Member states of the European Union and other provisions related todata protection is:<\/p>\n

oneIDentity+Steinheilstra\u00dfe 1085737 IsmaningGermany<\/p>\n

Phone: 0176 23232261
Email: mirja.bittrich@one-identity-plus.comWebsite: www.one-identity-plus.com<\/p>\n

3. Name and Address of the Data Protection Officer<\/strong><\/p>\n

The Data Protection Officer of the controller is:<\/p>\n

Dr. Daniel Du\u0308nnebackeoneIDentity+Steinheilstra\u00dfe 1085737 IsmaningGermany<\/p>\n

Phone: +49 89 321216-8111
Email: Daniel.Duennebacke@one-identity-plus.comWebsite: www.one-identity-plus.com<\/p>\n

Any data subject may, at any time, contact our Data Protection Officer directly with all questionsand suggestions concerning data protection.<\/p>\n

4. Cookies<\/strong><\/p>\n

The Internet pages of the oneIDentity+ use cookies. Cookies are text files that are stored in acomputer system via an Internet browser.<\/p>\n

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookieID is a unique identifier of the cookie. It consists of a character string through which Internet pagesand servers can be assigned to the specific Internet browser in which the cookie was stored. Thisallows visited Internet sites and servers to differentiate the individual browser of the dats subjectfrom other Internet browsers that contain other cookies. A specific Internet browser can berecognized and identified using the unique cookie ID.<\/p>\n

Through the use of cookies, the oneIDentity+ can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.<\/p>\n

By means of a cookie, the information and offers on our website can be optimized with the user inmind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that usescookies, e.g. does not have to enter access data each time the website is accessed, because this istaken over by the website, and the cookie is thus stored on the user\u2019s computer system. Anotherexample is the cookie of a shopping cart in an online shop. The online store remembers the articlesthat a customer has placed in the virtual shopping cart via a cookie.<\/p>\n

The data subject may, at any time, prevent the setting of cookies through our website by means of acorresponding setting of the Internet browser used, and may thus permanently deny the setting ofcookies. Furthermore, already set cookies may be deleted at any time via an Internet browser orother software programs. This is possible in all popular Internet browsers. If the data subjectdeactivates the setting of cookies in the Internet browser used, not all functions of our website maybe entirely usable.<\/p>\n

5. Collection of general data and information<\/strong><\/p>\n

The website of the oneIDentity+ collects a series of general data and information when a datasubject or automated system calls up the website. This general data and information are stored inthe server log files. Collected may be (1) the browser types and versions used, (2) the operatingsystem used by the accessing system, (3) the website from which an accessing system reaches ourwebsite (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internetsite, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessingsystem, and (8) any other similar data and information that may be used in the event of attacks onour information technology systems.<\/p>\n

When using these general data and information, the oneIDentity+ does not draw any conclusionsabout the data subject. Rather, this information is needed to (1) deliver the content of our websitecorrectly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide lawenforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the oneIDentity+ analyzes anonymously collected data and informationstatistically, with the aim of increasing the data protection and data security of our enterprise, and toensure an optimal level of protection for the personal data we process. The anonymous data of theserver log files are stored separately from all personal data provided by a data subject.<\/p>\n

6. Registration on our website<\/strong><\/p>\n

The data subject has the possibility to register on the website of the controller with the indication ofpersonal data. Which personal data are transmitted to the controller is determined by the respectiveinput mask used for the registration. The personal data entered by the data subject are collected andstored exclusively for internal use by the controller, and for his own purposes. The controller mayrequest transfer to one or more processors (e.g. a parcel service) that also uses personal data for aninternal purpose which is attributable to the controller.<\/p>\n

By registering on the website of the controller, the IP address\u2014assigned by the Internet serviceprovider (ISP) and used by the data subject\u2014date, and time of the registration are also stored. Thestorage of this data takes place against the background that this is the only way to prevent themisuse of our services, and, if necessary, to make it possible to investigate committed offenses.Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aimof criminal prosecution.<\/p>\n

The registration of the data subject, with the voluntary indication of personal data, is intended toenable the controller to offer the data subject contents or services that may only be offered toregistered users due to the nature of the matter in question. Registered persons are free to change thepersonal data specified during the registration at any time, or to have them completely deleted fromthe data stock of the controller.<\/p>\n

The data controller shall, at any time, provide information upon request to each data subject as towhat personal data are stored about the data subject. In addition, the data controller shall correct orerase personal data at the request or indication of the data subject, insofar as there are no statutorystorage obligations. The entirety of the controller\u2019s employees are available to the data subject inthis respect as contact persons.<\/p>\n

7. Contact possibility via the website<\/strong><\/p>\n

The website of the oneIDentity+ contains information that enables a quick electronic contact to ourenterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via acontact form, the personal data transmitted by the data subject are automatically stored. Suchpersonal data transmitted on a voluntary basis by a data subject to the data controller are stored forthe purpose of processing or contacting the data subject. There is no transfer of this personal data tothird parties.<\/p>\n

8. Routine erasure and blocking of personal data<\/strong><\/p>\n

The data controller shall process and store the personal data of the data subject only for the periodnecessary to achieve the purpose of storage, or as far as this is granted by the European legislator orother legislators in laws or regulations to which the controller is subject to.<\/p>\n

If the storage purpose is not applicable, or if a storage period prescribed by the European legislatoror another competent legislator expires, the personal data are routinely blocked or erased inaccordance with legal requirements.<\/p>\n

9. Rights of the data subjecta) Right of confirmation<\/strong><\/p>\n

Each data subject shall have the right granted by the European legislator to obtain from thecontroller the confirmation as to whether or not personal data concerning him or her are beingprocessed. If a data subject wishes to avail himself of this right of confirmation, he or she may, atany time, contact any employee of the controller.<\/p>\n

b) Right of access<\/strong><\/p>\n

Each data subject shall have the right granted by the European legislator to obtain from thecontroller free information about his or her personal data stored at any time and a copy of thisinformation. Furthermore, the European directives and regulations grant the data subject access tothe following information:<\/p>\n