Data privacy statement
We are glad to see that you are interested in the very important matter of data privacy. The protection, security and confidential handling of your data are of great importance to OBI International Development and Service GmbH. The following information explains how we process personal data (which also includes collecting and storing it, for example) when you make use of our websites at www.jamestown-grill.com and www.jamestown-grill.ch. Personal data means all data that can be linked to you personally as an individual, such as your name, address, e-mail address and user behaviour. We adhere strictly to the legal requirements, including the Swiss data protection legislation and the EU General Data Protection Regulation.
A Basic information
The controller – within the meaning of Art. 4(7) EU General Data Protection Regulation (GDPR) – with responsibility for the entire online offering at www.jamestown-grill.ch and www.jamestown-grill.com is: OBI International Development and Service GmbH, Rheinweg 11, CH-8200 Schaffhausen, Switzerland, e-mail: firstname.lastname@example.org
2. Data security
Our website and other systems are secured by technical and organisational measures to protect your data against loss, destruction, access, alteration or dissemination by unauthorised persons. When our website is accessed, data that could potentially be used to identify you (e.g. your IP address) is temporarily stored on our servers for data and system security purposes, although never for longer than 30 days as a general rule. Data that can potentially be linked to a specific individual is processed for data and system security purposes on the basis of Art. 6(1) (f) GDPR and our legitimate interest in securing our systems and preventing misuse.
The personal data made available to OBI and collected by OBI is stored on the servers of OBI Smart Technologies GmbH, Industriestrasse 10, D-42929 Wermelskirchen, Germany.
3. Principles for the storage and erasure of personal data
Personal data is only processed for as long as necessary to achieve the respective purpose for which it is being stored or for the period stipulated by binding laws or regulations, such as retention obligations under commercial or tax law. If a data storage purpose ceases to apply or if a legally stipulated storage period expires, the affected personal data will be routinely erased in accordance with the legal regulations or the processing of the personal data will be restricted, e.g. restricted processing within the context of retention obligations under commercial or tax law.
Processing of personal data due to a legal obligation, particularly the fulfilment of legal retention obligations, is based on Art. 6(1) (c) GDPR. Where personal data is processed in accordance with Art. 6(1) (f) GDPR for the purposes of preserving evidence, these processing purposes will cease to apply on expiry of the legal limitation periods.
For further details of specific storage and erasure periods, please refer to individual service descriptions and/or points of this data privacy statement.
B Visits to our website
Even if you use our website purely for information, we may still collect data that can be linked to you personally when it is transmitted to our server by your browser. We also use tracking technologies for the purposes of web analytics and online marketing to the extent described below.
Technical provision of the website
When you visit our website, we collect the following data, which is necessary from a technical perspective for displaying it to you and ensuring the stability and security of our online offering:
- IP address
- Date and time of request
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page requested)
- Access status/HTTP status code
- Volume of data transmitted in each case
- Website from which the request was sent
- Operating system and related user interface
- Language and version of browser software
The legal basis for collecting and processing this data is Art. 6(1) (f) GDPR. Our legitimate interest consists of being able to provide a functioning website while ensuring the related system is secure. Apart from that, we use the aforementioned data in anonymous form for statistical purposes and to improve our online offering.
Your IP address is anonymised automatically by deleting the last 8 digits.
C Links to other websites
This website contains links to third-party websites. When you click these links, you will immediately leave OBI’s sphere of influence. OBI assumes no legal liability and no responsibility for the content of external websites that are accessible via a link on this website.
D Contact channels
If you contact us by e-mail or telephone, we will store and process the data you share (your e-mail address; where applicable: your name and telephone number) and your request for the purpose of answering your questions. The legal basis in this regard is Art. 6(1) (b) and (f) GDPR. Our legitimate interests consist of being able to record and handle customer requests in an efficient and structured manner, while providing quality assurance. We will erase the accumulated data when it no longer needs to be stored for the aforementioned purposes, e.g. once a customer request has been fully dealt with, or will restrict processing in cases where legal retention obligations apply.
E Rights of the data subject under the GDPR
We are happy to tell you what rights you have as a “data subject” under the GDPR. According to this regulation, you have the following rights in relation to the personal data that specifically concerns you:
- Right of access (Art. 15(1) and (2) GDPR)
- Right to rectification (Art. 16 GDPR) and erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Below, we have also summarised for you the key aspects of the rights granted to data subjects under the GDPR. However, this summary does not claim to be exhaustive and merely outlines the main rights:
Right of access (including the right to obtain confirmation and the information listed below)
The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. The data subject has the right to know what personal data concerning him or her is being held and to receive the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from the data subject, any available information as to its source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
- if personal data is transferred to a third country or to an international organisation, information on the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
Right to rectification
The data subject has the right to have inaccurate personal data concerning him or her rectified by the controller without undue delay. While taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to restriction of processing
The data subject has the right to have processing restricted by the controller where one of the following applies:
- the accuracy of the personal data is contested by the data subject, with the restriction applying for a period long enough to allow the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to processing pursuant to Art. 21(1) GDPR pending verification as to whether the legitimate grounds of the controller override those of the data subject.
Right to erasure
In principle and unless data processing is required by law (see the exception in Art. 17(3) GDPR), the data subject has the right to have personal data concerning him or her erased by the controller without undue delay, if one of the following grounds applies:
- The personal data is no longer required for the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Art. 6(1), or point (a) of Art. 9(2) GDPR, and where there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
- The personal data has been unlawfully processed.
- The personal data has to be erased for compliance with a legal obligation in European Union law, EU Member State law or Swiss data protection law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where processing is based on consent or on a contract pursuant to Art. 6(1) (b) GDPR and the processing is carried out by automated means. In exercising his or her right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to withdraw consent
The data subject has the right, at any time, to withdraw any consent that he or she has previously granted. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to consent being withdrawn.
Right to lodge a complaint with a supervisory authority
Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State or Swiss canton of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data concerning him or her infringes the GDPR.
The data protection supervisory authority with responsibility for OBI International Development and Service GmbH is the Swiss Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter), Feldeggweg 1, CH-3003 Bern, Switzerland, Tel. +41 (0)58 462 43 95. A list of the Swiss cantonal data protection commissioners can be found under “Organisation” on the website privatim.ch.
In addition, we have appointed a representative within the EU in the form of OBI GmbH & Co. Deutschland KG in accordance with Art. 27 GDPR: The data protection supervisory authority with responsibility for OBI GmbH & Co. Deutschland KG is: LDI – Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany.
Separate details of your right to object in accordance with Art. 21(1) and (2) GDPR. You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions. If you object, your personal data will no longer be processed, unless OBI can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or if the processing is being carried out for the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you do exercise your right to object to processing of personal data for direct marketing purposes, we will routinely ensure that your objection is heeded by adding you to our “Not to be contacted” list.
- Right of access, amendment under Swiss data protection law
The Swiss Federal Data Protection Act (DSG – Datenschutzgesetz) entitles you to know, free of charge, whether OBI is storing personal data concerning you and, if it is, what personal data it is storing about you. In addition, you have the right to have incorrect details rectified and erased. This is conditional upon the absence of any legal retention obligations. Access requests must be submitted in writing to OBI together with proof of identity.
- Contact / Representative within the EU
If you wish to exercise your rights as the data subject or if you have any general questions in relation to data privacy, you are free to contact us at any time:
OBI International Development and Service GmbH, Rheinweg 11, CH-8200 Schaffhausen, Switzerland,
The contact details for our representative within the EU (appointed in accordance with Art. 27 GDPR) are:
OBI GmbH & Co. Deutschland KG, Albert-Einstein-Str. 7-9, D-42929 Wermelskirchen, Germany, e-mail: email@example.com