Data protection policy
Last update — 29.01.2021
Thank you for taking interest in our company. We would like to assure you of responsible handling of your personal data that meets all legal requirements. It is also possible to visit our website without providing any personal information or data, if you wish to do so.
However, if you (hereinafter: the “data subject”) wish to use the services of our company through the website, the processing of personal data may become necessary. If it is necessary to process personal data and there is no legal basis for such processing, we usually try to obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address or telephone number of the data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR), as well as in accordance with the data protection laws applicable to us in the particular country. The server is located in the Russian Federation. In this regard, Russian legislation may also apply to the protection of your data. We would like to point out that data protection laws in the Russian Federation can be different from data protection in the European Union.
This Data Protection Information serves to inform the public about the purpose, type and extent of personal data that we collect, use and process. In addition, through this Information, data subjects are explained their rights.
As the company responsible for the processing of your data, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through our website. However, data transmission over the Internet always carries the risk of flaws in the security systems, so absolute protection cannot be guaranteed. In this regard, each data subject can independently decide to transfer personal data to us by alternative means, for example, by phone. Please use the contact details provided in the Imprint for this.
Definition of concepts
This Data Protection Information uses the terminology used by the European legislator for the General Data Protection Regulation (GDPR). This Data Protection Information must be easy to read and understand for all parties visiting out website which includes both our customers and business partners. In this regard, we would like to clarify the terms used in advance.
In this Data Protection Information, we use, inter alia, the following terms:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as first name, last name, identification number, location data, online identifier, or by one or more specific factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
b) Data subject
A data subject is understood to mean any identified or identifiable natural person whose personal data is processed by the person responsible for the data processing.
c) Processing
Processing is any operation performed with the use of automation tools or without the use of such tools or a set of operations with personal data. These include: collecting, recording, organizing, storing, adapting or modifying, reading, requesting, using, disclosing by transmission, distributing or otherwise providing, matching or combining, limiting, deleting or destroying data.
d) Restriction of processing
Restriction of processing is the marking of stored personal data in order to restrict their further processing in the future.
e) Profiling
Profiling is any form of automated processing of personal data, which consists in the use of personal data to assess certain personal aspects of an individual, in particular, to analyze or predict aspects related to labor productivity, economic situation, health status, personal preferences, interests, reliability, behavior, location or change of location of this individual.
f) Pseudonymization
Pseudonymisation is the processing of personal data that is carried out in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and technical and organizational measures are applied to it to ensure that the personal data was not associated with an identified or identifiable natural person.
g) Person responsible for processing
The person responsible for the processing of personal data is an individual or legal entity, government agency, organization or other structure that independently or jointly with other persons determines the purposes and methods of processing personal data. If the purposes and methods of such processing are determined by the legislative acts of the European Union or the member states of the European Union, then the person in charge or certain criteria for his appointment may be provided for by the legislative acts of the European Union or member states of the European Union.
h) Processor
A processor is a natural or legal person, government agency, organization or other structure that processes personal data on behalf of the controller.
i) Recipient
The recipient is a natural or legal person, government agency, organization or other structure to which personal data is disclosed, regardless of whether it is a third party or not. However, government agencies that may receive personal data in connection with a specific investigation in accordance with the legislation of the European Union or EU member states are not considered recipients.
j) Third party
A third party is any natural or legal person, government agency, organization or other structure, with the exception of the data subject, controller, processor and persons who, under direct subordination to the controller or processor, are authorized to process personal data.
k) Consent
Consent is any voluntary, informed and unambiguous expression of the will of the data subject in the form of a statement or other unambiguous confirmation action by which the data subject makes it clear that he agrees with the processing of his personal data in a particular case.
Name and address of the person responsible for processing
Responsible person in accordance with GDPR, other data protection laws in force in the member states of the European Union, as well as other legislation governing data protection:
ORIENT Global GmbH (LLC by German law)
Leyendecker Str. 27
50825 Köln
Managing Director: Bobir Pulatov
Tel.: 0221 — 7000267
Fax: 0221 — 7940053
Email: sales@orient-global-gmbh.com
Company registration number in the commercial register: HRB 90077
Register court based in Köln
Server location: Russian Federation
Сookies / SessionStorage / LocalStorage
Websites sometimes use cookies, as well as LocalStorage and SessionStorage technologies. This is done in order to make the interaction with the website more user-friendly, efficient and more secure. LocalStorage and SessionStorage are technologies by which your browser stores data on your computer or mobile device. Cookies are text files that are stored on your system through a web browser. You can refuse the use of cookies, as well as LocalStorage and SessionStorage technologies by selecting the appropriate settings in your browser.
Numerous websites and servers use cookies. Many cookies contain a Cookie-ID, which serves as a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be associated with the specific browser in which the cookie was previously stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other browsers containing other cookies. A specific browser can be recognized and identified using a unique cookie identification number.
The use of cookies helps to improve the user experience on the website, which would not be possible without their installation.
By means of a cookie, the information and offers on our website can be optimized for the user experience. Cookies allow us, as already mentioned, to recognize the users of our site. The purpose of this recognition is to make it easier for visitors to use our website. For example, a visitor who uses cookies does not need to re-register on the site every time he visits it, since this is done by the website and the cookie stored on the user’s computer system. Another example is an online store’s shopping cart cookie. The online store uses a cookie to remember the products that the customer has placed in the virtual shopping cart.
The data subject can at any time prevent the installation of the cookies stored by our website by adjusting the browser used by him accordingly, and thus refuse the installation of cookies for a long time. In addition, already set cookies can be deleted at any time via your browser or other software. This procedure is possible in most browsers. If the data subject deactivates the setting of cookies in the browser used by him, then it is likely that not all functions of our website may be fully available.
Collection of general data and information
This website collects a number of general data and other information when it is visited by a data subject or when requested by an automated system. This information is stored in the server log files (Logfiles). The following information can be collected:
(1) used types and versions of browsers,
(2) the operating system used by the system accessing the website,
(3) the site from which the system that accesses the website reaches our website (so-called Referrer),
(4) sub-sites of our website visited using the system that accesses the website,
(5) the date and time of the visit to the website,
(6) internet protocol address (IP address),
(7) the internet service provider of the system accessing the website,
(8) other similar data and information serving to prevent threats in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the data subject. Rather, such information is necessary in order to:
(1) correctly represent the content of our website,
(2) optimize the content of our website and advertisements for it,
(3) to ensure the long-term performance of our information technology systems and the technology of our website, and
And (4) in the event of a cyberattack, provide law enforcement agencies with the information necessary for prosecution. Thus, this anonymously collected data and information is, on the one hand, statistically analyzed by us, and on the other hand, evaluated in order to increase the level of data protection and security in our company, in order to ultimately ensure the optimal level of protection of the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
Contact via website
In accordance with the law, our site contains information that allows you to quickly establish contact, as well as direct communication with our company through electronic communication. Such contact is possible, in particular, using a general e-mail address. In the event that the data subject contacts the controller by e-mail or using a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted by the data subject to a voluntarily responsible person will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
Planned deletion and blocking of personal data
The person responsible for the processing processes and stores the personal data of the data subject only for the period of time necessary to achieve the purpose of storage, or in other cases provided for by the European or other legislator in laws and other legal acts that apply to the controller.
If the purpose of storage disappears or if the storage period provided for by European or other legislators in laws and other legal acts expires, personal data is routinely blocked or deleted in accordance with legal regulations.
Data subject rights
a) right to confirmation
Every data subject is empowered by the European legislator to require the controller to confirm whether his personal data is being processed or not. If the data subject wishes to exercise this right to confirmation, he or she may at any time contact any employee of the company for such confirmation.
b) right to be informed
Each data subject, whose personal data is processed, is endowed by the European legislator with the right to receive at any time free of charge from the controller information about the personal data of the data subject stored by him, as well as a copy of this information. In addition, the European legislator has recognized the right of data subjects to receive the following information:
- purposes of data processing
- categories of processed personal data
- recipients or categories of recipients to whom personal data has been disclosed or disclosed, especially if such recipients are recipients from third countries or international organizations
- if possible, the planned period during which personal data will be stored, or, if this is not possible, the criteria for determining such a period
- existence of the right to rectify or delete the personal information of data subjects, or the right to restrict the processing of data by the controller, or to object to such processing
- having the right to file a complaint with a supervisory authority
- if the personal data was not obtained directly from the data subject: all available information about the origin of the data
- availability of an automated decision-making process, including profiling, in accordance with Articles 22 (1) and 22 (4) GDPR and, at least in these cases, informative information about the decision-making logic, as well as the consequences and desired effect of such processing for the subject data
Also, the data subject has the right to receive information about whether the personal data has been transferred to a third country or an international organization. If such a transfer takes place, the data subject also has the right to be informed about the appropriate guarantees in relation to the transfer.
If the data subject wishes to exercise his right to receive information, he or she can at any time contact any employee of the company with a corresponding request.
c) right to rectification
Each data subject, whose personal data is processed, is vested with the European legislator the right to demand the immediate rectification of incorrect personal data relating to the data subject. In addition, the data subject also has the right to demand, taking into account the purposes of processing, the completion of incomplete personal data, including by submitting an appropriate application for the completion of the data.
If the data subject wishes to exercise such a right to rectification, he may at any time contact any employee of the company with a corresponding statement.
d) right to erasure (right to be forgotten)
Each data subject, whose personal data is processed, is endowed by the European legislator with the right to require the controller to immediately delete his personal data if there is no need to process such data, and also if there is one of the following reasons:
- Personal data has been collected or otherwise processed for purposes for which they are no longer required.
- The data subject revokes the consent on which the data processing was based in accordance with paragraph (a) of Article 6 (1) GDPR or paragraph (a) of Article 9 (2) GDPR, and there are no other legal grounds for data processing.
- The data subject objects to the processing of data pursuant to Article 21 (1) GDPR, and there is no compelling legal basis for the processing or the data subject objects to the processing of data pursuant to Article 21 (2) GDPR.
- Personal data was processed with violations.
- The deletion of personal data is necessary in order to fulfill a legal obligation in accordance with the legislation of the European Union or a Member State of the European Union, the legislation of which applies to the controller.
- The personal data was collected in connection with the information society services offered in accordance with Article 8 (1) GDPR.
If there is one of the above reasons, as well as if the data subject expresses a desire to delete the stored personal data, he or she can at any time contact any employee of the company with a corresponding statement. Such an employee will take action to immediately comply with the data deletion request.
If the personal data has been published and our company, as the responsible person, is obliged to delete the personal data in accordance with Article 17 (1) GDPR, then in this case, our company, taking into account the technologies available to it and the costs of taking measures, takes actions, including of a technical nature in order to inform other responsible persons who process the published personal data that the data subject has requested that these persons in charge remove all references to personal data or copies, as well as redundant copies of personal data, in the event that the processing is not necessary. In the event of such a specific case, a company employee will take the necessary steps to resolve the issue.
e) right to restrict processing
Each data subject, whose personal data is processed, is vested with the European legislator the right to demand from the controller a restriction on data processing if one of the following prerequisites is met:
- The data subject disputes the accuracy of the personal data for a period of time allowing the controller to verify the correctness of the personal data.
- There are no legal grounds for processing, the data subject refuses to delete personal data and instead requires the restriction of the use of personal data.
- The controller no longer needs the personal data for processing purposes, but the data subject needs them to assert, implement or defend legal claims.
- The data subject has objected to the processing of the data pursuant to Article 21 (1) GDPR, and it has not yet been determined whether the legal grounds of the controller override the legal grounds of the data subject.
If one of the above prerequisites exists, as well as if the data subject wishes to demand the restriction of the processing of stored personal data, he can at any time contact any employee of the responsible person with a corresponding statement. A company employee will take the necessary steps to restrict processing.
- f) right to data portability
Each data subject, whose personal data is processed, is empowered by the European legislator to require the controller to receive the personal data concerning him, provided by the data subject to the controller, in a structured, universal and machine-readable format. The data subject also has the right to transfer such data to another controller without hindrance by the controller to whom such personal data was originally provided, provided that the processing is based on consent in accordance with paragraph (a) of Article 6 (1) GDPR or paragraph (a) Article 9 (2) GDPR, or on a contract pursuant to clause (b) of Article 6 (1) GDPR, and processing is carried out using automated means, unless the processing is necessary for the performance of tasks performed in pursuit of the purpose of protection public interest or in the exercise of official powers vested in the person in charge.
In addition, when exercising his or her right to data portability in accordance with Article 20 (1) GDPR, the data subject has the right to transfer personal data directly from one controller to another, when technically feasible and provided that this does not violate the rights and freedoms of other persons.
To exercise the right to data portability, the data subject may contact us at any time.
- g) right to object
Each data subject, whose personal data is processed, is vested by the European legislator with the right, at any time, for reasons related to his particular situation, to object to the processing of his personal data carried out in accordance with paragraphs (e) or (f) of Article 6 (1) GDPR. This rule also applies to profiling based on these provisions.
We stop processing personal data in the event of an objection, unless we have compelling legitimate grounds for processing that take precedence over the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, enforcing or defending legal claims.
If we process personal data for the purpose of providing direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling if it is related to the provision of such direct advertising. If the data subject objects to the processing for the purpose of providing direct advertising, we will stop processing personal data for this purpose.
In addition, the data subject has the right, on grounds related to his particular situation, to object to the processing of personal data concerning him for scientific or historical purposes, as well as for statistical purposes in accordance with Article 89 (1) GDPR, unless such processing is necessary for the performance of a task performed in the public interest.
In order to exercise the right to object, the data subject may contact any employee directly. The data subject also has the right to decide, in the context of the use of the information society services, notwithstanding the provisions of Directive 2002/58 / EG, whether or not to file an objection by automated means using technical specifications.
- h) automated decision making process in specific cases, including profiling
Each data subject, whose personal data is processed, is endowed by the European legislator with the right to ensure that decisions regarding him or her, which have legal or other similar negative consequences for him/her, are taken not only solely based on the results of automatic processing, including profiling, in cases where such decision:
(1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or
(2) is admissible in accordance with the laws of the European Union or member states of the European Union, the laws of which apply to the responsible person, and these laws provide for reasonable measures to protect the rights, freedoms and legitimate interests of the data subject, or
(3) is based on the express consent of the data subject.
If making a decision:
(1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or
(2) is based on the express consent of the data subject, we take reasonable measures to protect the rights and freedoms, as well as the legitimate interests of the data subject, including, at a minimum, the right to participate in the decision-making process of the person representing the responsible person, to state his own points of view and challenging the decision.
If the data subject wishes to exercise the rights related to the automated decision-making process, he can at any time contact any employee of the controller with a corresponding statement.
- i) right to withdraw consent to data processing
Each data subject whose personal data is processed is endowed by the European legislator with the right to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his/her right to withdraw consent, he/she can at any time contact any employee of the responsible person with a corresponding statement.
Legal basis for data processing
Article 6 (a) of the GDPR serves as the legal basis for the processing of data for which we obtain consent for the specific purpose. If the processing of personal data is necessary for the performance of a contract, one of the parties to which is the data subject, as, for example, in the case of processing operations necessary for the supply of goods or the provision of other services or the counter performance of obligations, then the processing is carried out on the basis of clause (b) Article 6 GDPR. This rule also applies to data processing processes that are necessary for the implementation of pre-contractual measures, for example, in the case of inquiries about the products or services we provide. If our company is subject to any legal obligation that determines the need to process personal data, for example, to fulfill the obligation to pay taxes, the processing will take place in accordance with clause (c) of Article 6 of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. One such event could be when a visitor is injured in our facility, as a result of which his name, age, health insurance details or other vital information would have to be disclosed to a doctor, hospital or other third party. The data processing would then take place in accordance with an Article 6 (d) of the GDPR.
Finally, data processing operations may be based on article 6 (f) of the GDPR. In accordance with this clause, data processing operations are carried out that do not fall under the aforementioned clauses of the law, if the data processing is necessary to protect the legitimate interests of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not have priority over the legitimate interests of our company or this third party. The specified data processing operations are permitted to us, in particular, because they have been separately mentioned by the European legislator. In doing so, it was implied that it can be assumed that there is a legitimate interest in the event that the data subject is the client of the controller (declarative part 47, sentence 2 GDPR).
Legitimate interests of the controller or third party when processing data
If the processing of personal data is based on article 6 (f) of GDPR, then it is our legitimate interest to carry out our business activities for the benefit of all our employees and company owners.
Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory storage period. After the expiration of this period, the corresponding data is routinely deleted, if they are no longer required for the execution or preparation of the contract.
Legal or contractual provisions for the provision of personal data; the need for personal data to conclude a contract; the obligation of the data subject to provide personal data; possible consequences of failure to provide personal data
We would like to inform you that in some cases the provision of personal data is stipulated by legal norms (for example, tax legislation) or may also follow from the provisions of the contract (for example, information about the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for the data subject to provide us with personal data, which will subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him. Failure to provide personal data would mean that a contract with the data subject cannot be concluded.
Before providing personal data, the data subject must contact one of our employees. Our employee in each specific case will explain to the data subject whether the provision of personal data is required in accordance with the law or the provisions of the contract, or the provision is necessary to conclude a contract, as well as whether there is an obligation to provide personal data and what would be the consequences of not providing them.
Availability of an automated decision-making process
As a data protection responsible company, we are moving away from automated decision making and profiling.
Contact information
You can contact us using the email addresses indicated on the website. In this case, the user's personal data transmitted by e-mail will be saved.
The controller uses the cloud services of GSuite, a Google corporation, to process your data and to send and receive e-mail messages. Google G Suite is a cloud-based service for storing and processing internal company data such as documents, lists, email, and more.
G Suite's operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When e-mails are sent to the contact addresses of Orient Global GmbH, they are stored on the systems of Google Ireland Limited in third countries.
In this regard, an agreement was concluded between the parties providing for the processing of orders.
Google Ireland Limited does not have access to data stored on the G Suite cloud storage service under these contractual terms.
The data is not passed on to third parties. The data is used exclusively for processing correspondence.
Cookies
We use PHPSESSID cookies. This cookie saves your current session in relation to PHP applications and thus ensures that all functions of this site based on the PHP programming language can be fully displayed on the screen. Storage period: until the end of the browser session (deleted when the browser is closed)
Google Analytics
Our website uses various services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The individual services are described in more detail below:
By using these services, and thus collecting personal data (in particular, the IP address), we exercise the right to ensure our legitimate interests, expressed in displaying the offer on our website in an attractive form for you, analyzing and improving it as well as adapt possible advertising to your needs (point (f) of Art.6 (1) GDPR).
Google Analytics also uses cookies (see above). They are also stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there.
IP anonymization
We have activated the IP anonymization function on this website. This means that if you are located in member states of the European Union or other signatory states to the Agreement on the European Economic Area, Google will truncate your IP address prior to transmission to the United States. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide the website operator with other services related to website activity and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Objection to data collection
You can refuse the use of cookies by selecting the appropriate settings in your browser, however please note that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can find more information on how Google Analytics processes user data in Google's Privacy Policy:
https://support.google.com/analytics/answer/6004245?hl=en
Order processing
In order to use the Google Analytics services, we have entered into an order processing agreement and fully comply with the strict requirements of the German data protection law enforcement authorities when using these services.
Demographics in Google Analytics
This website uses the “demographic characteristics” feature of Google Analytics. This allows you to create reports containing information about the age, gender and interests of site visitors. This data is based on user-specific Google advertising and visitor data from third-party providers. This data cannot be attributed to a specific person. You can deactivate this feature at any time via the settings in your Google Account, or even prevent the collection of your data by Google Analytics, as explained in the previous paragraph.
Google Analytics cookies
Name |
Description |
Expiration Time |
_ga |
Differentiation of site visitors. |
2 years |
_gid |
Differentiation of site visitors. |
24 hours |
_gat_gtag_UA_ |
Used to limit the request rate. When providing Google Analytics services via Google Tag Manager, this file will be named _dc_gtm. |
1 minute |
_dc_gtm_ |
Used to track the number of Google Analytics server requests. |
1 minute |
AMP_TOKEN |
Contains the Token-Code that is used to read the Client-ID from the AMP-Client-ID-Service. By mapping this ID to the ID used in Google Analytics, users can be matched when switching between AMP content and non-AMP content |
30 seconds to 1 year |
_gat |
Used to track the number of Google Analytics server requests when using Google Tag Manager. |
1 minute |
_gac_ |
Contains information about the user's marketing campaigns. They are used in conjunction with Google AdWords / Google when Google Ads- and Google Analytics accounts are linked to each other. |
90 days |
__utma |
ID used to identify users and sessions. |
2 years |
__utmt |
Used to track the number of Google Analytics server requests. |
10 minutes |
__utmb |
Used to differentiate between new sessions and visits. This cookie is set when the GA.js Javascript library is loaded and if the __utmb cookie is missing. This cookie is updated whenever data is sent to the Google Analytics server. |
30 minutes |
__utmc |
Only used with older versions of Urchin Google Analytics, not GA.js. Used to distinguish between new sessions and visits at the end of a session. |
session |
__utmz |
Contains information about the traffic source or campaign that sent the user to the site. This cookie is set on download GA.js javascript and is updated when data is sent to the Google Anaytics server. |
6 months |
__utmv |
Contains custom information set by a web developer using the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server. |
2 years |
__utmx |
Used to determine if a user is included in an A / B or multivariate test. |
18 months |
__utmxx |
Used to determine when an A / B or multivariate test in which the user is participating ends. |
18 months |