Go to homepage
€0.00*

Privacy Policy

1. Data protection at a glance

Information on the collection of personal data
The following statement provides an overview of the type of personal data that is collected and stored when you visit our website or use our online services, and for what purpose. This includes not only obvious personal information, such as a person's name or address, but also their IP address.

Who is responsible for data processing and who is the data protection officer?
The data controller is:
ORTEMA GmbH
Olaf Sporys
Rüdiger Loy
Axel Hechenberger

Kurt-Lindemann-Weg 10
71706 Markgröningen, Germany
Phone: +49 (0)7145 9153 800
Email: info@ortema.de

A data protection officer has been appointed. Data protection inquiries can be addressed to:
Curacon GmbH Wirtschaftsprüfungsgesellschaft
datenschutz@ortema.de

What data protection rights can you assert as a data subject?
You can obtain information about the data stored about you at the above address. In addition, under certain circumstances, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to have the data you have provided released. If you have any further questions on this or other topics relating to personal data, you can contact us at any time at the address given in the legal notice.

Right to object
You have the right to object to the processing of your personal data based on consent without giving reasons for the future. If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Where can you lodge a complaint?
You have the option of lodging a complaint with the above-mentioned data protection officer or with a data protection supervisory authority. The data protection supervisory authority responsible for us is:
The State Commissioner for Data Protection Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Königstr. 10a, 70173 Stuttgart
Tel.: 0711/61 55 41-0
Fax: 0711/61 55 41-15
Email: poststelle@lfd.bwl.de
https://www.baden-wuerttemberg.datenschutz.de

General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on our website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the legal notice on this website.

How do we collect your data?
Your data is collected when you provide it to us. This may include, for example, data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

Analysis tools and third-party tools
When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; your surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools in the consent banner. Detailed information on this can be found in the following privacy policy. You can object to this analysis. We will inform you about the options for objection in this privacy policy.

2. General notes and mandatory information

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how we do this and for what purpose.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Note on the responsible body

The person responsible for data processing on this website is:

ORTEMA GmbH
Kurt-Lindemann-Weg 10
71706 Markgröningen

Phone: +49 (0) 71 45 - 91 53 800
E-Mail: info@ortema.de

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke a previously given consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing that took place until the revocation remains unaffected by the revocation.

Right to data transferability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a chargeable contract, this data is required for payment processing.

The payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

Objection to advertising mails

The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertisement and information material is hereby contradicted. The operators of the site expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam e-mails.

3. Data collection on our website

Cookies

The Internet pages partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser during your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, they are treated separately in this privacy policy.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

Temporary storage of the data by the system is technically necessary to enable the website to be delivered correctly to the user's computer (functionality of the website) and to ensure the security of our information technology systems. This data is not merged with other data sources. 

 The processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) TDDDG.

There is no right to object to the processing due to the exception under Art. 21 GDPR.

The data provided is stored in the log files for a period of (maximum 7 days) days and then deleted.

Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.


The following data must be stored in order to send the contact inquiry:
Email address
IP address
Date and time of the sending process

In addition, the following data can be provided voluntarily:
Last name, first name
Mobile phone number
Individual details on personal and factual circumstances

The above-mentioned personal data is processed for the purpose of handling inquiries. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the data processing described is your consent in accordance with Art. 6 (1) (a) GDPR. You have the option to revoke your consent to the processing of your personal data at any time using the contact form. In this case, all personal data stored in connection with the use of the contact form will be deleted. It will then no longer be possible to continue processing your enquiry. We would like to point out that revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to revocation.

If the contact request is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. The processing of technically necessary data in the context of the contact request, such as the time of data transmission and IP address, is based on the legitimate interest of the website operator in ensuring the security of the information technology systems in accordance with Art. 6 (1) lit. f GDPR). There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields.

The data you enter in the contact form will remain with us until you request us to delete it, object to its processing, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

Registration on this website
You can register on our website to use additional features on the site. We only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, such as changes to the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you.

The data entered during registration will be processed on the basis of your consent (Art. 6 (1) (a) GDPR). There is no legal obligation to provide the data. Without the provision of this information, it is not possible to register a user account and thus conclude a contract. You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing that has already taken place remains unaffected by the revocation.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)
We collect, process, and use personal data only to the extent necessary for the establishment, content, or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process, and use personal data relating to the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill for it.

The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer upon conclusion of contract for online shops, retailers, and goods shipment
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to companies entrusted with the delivery of goods or the credit institution responsible for payment processing. No further transfer of data takes place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Data transfer upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution responsible for payment processing.

No further transfer of data takes place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

4. Analysis tools and advertising

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Please note that American intelligence agencies may evaluate your data.

We process data with the help of Google Analytics on the basis of your consent in accordance with Art. 6 (1) lit. a. GDPR in conjunction with § 25 (1) TDDDG.

IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin
You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection
You can revoke your consent at any time. To do so, open the cookie settings. We have no influence on Google's data processing.

Contract data processing
We have concluded a contract with Google for contract data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Google's privacy policy can be found here: https://www.google.com/policies/privacy/.

Data transfer to third countries
As part of the above-mentioned processing activities, a service provider with its registered office or server location in the United States of America (USA) is involved on the basis of a concluded data processing agreement in accordance with Art. 28 GDPR.

The US company is certified in accordance with the adequacy decision pursuant to Art. 45 GDPR (known as the EU-US Data Privacy Framework (DPF)). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

If the service provider is not certified under the DPF, an adequate level of data protection for data transfers is based on the standard data protection clauses approved by the EU Commission in accordance with Art. 46 (2) GDPR. The application of the standard data protection clauses ensures compliance with European data protection standards in the context of data transfers to the service provider.

Demographic characteristics in Google Analytics
This website uses the “demographic characteristics” feature of Google Analytics. This allows reports to be generated that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to any specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection.”

Google Analytics Remarketing
Our websites use the remarketing functions of Google Analytics in conjunction with cross-device features from Google Ads and the Google Marketing Platform. The responsible provider for EU users is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland (“Google”).

This feature allows the advertising audiences created with Google Analytics Remarketing to be linked to the cross-device features of Google AdWords and Google DoubleClick. This allows interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g., mobile phone) to also be displayed on another of your devices (e.g., tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. This allows the same personalized advertising messages to be displayed on every device you log into with your Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; to do so, follow this link: https://www.google.com/settings/ads/onweb/.

The summary of the data collected in your Google Account is based solely on your consent, which you can give or withdraw from Google (Art. 6 (1) (a) GDPR). For data collection processes that are not merged into your Google Account (e.g., because you do not have a Google Account or have objected to the merger), the collection of data is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.

Further information and the privacy policy can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland (“Google”).

We use conversion tracking as part of Google AdWords. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. Cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of “conversion cookies” is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

For more information about Google AdWords and Google conversion tracking, please refer to Google's privacy policy: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.

5. Newsletter

Sendinblue
If you would like to subscribe to the newsletter offered on the website, we require your email address, the IP address of the computer you are using, the date and time of registration, and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or is collected on a voluntary basis only. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG). You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.

This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on Sendinblue's servers in Germany.

If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

Data analysis by Sendinblue
With the help of Sendinblue, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. This allows us to determine which links have been clicked on particularly often.

We can also see whether certain predefined actions were performed after opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

Sendinblue also allows us to divide newsletter recipients into different categories (“clusters”). Newsletter recipients can be divided according to age, gender, or place of residence, for example. This allows us to better tailor the newsletter to the respective target groups.

For detailed information on the functions of Sendinblue, please refer to the following link: https://www.newsletter2go.de/features/newsletter-software/.

Legal basis Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. The legality of data processing operations that have already taken place remains unaffected by the revocation.

Storage period
The data you provide for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of Sendinblue after you unsubscribe. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.

For more details, please refer to Sendinblue's privacy policy at: https://www.newsletter2go.de/features/datenschutz-2/.

Conclusion of a contract for commissioned data processing
We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: to the contract.

6. Plugins and Tools

YouTube
Our website uses plugins from the Google-operated site YouTube. The operator of the site is YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube is only established when you play the video. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of the service is based on your consent in accordance with Art. 6 (1) lit. a. GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time. To do so, open the cookie settings. We have no influence on YouTube's data processing.

Data transfer to third countries
As part of the above-mentioned processing activities, a service provider with its registered office or server location in the United States of America (USA) is involved on the basis of a data processing agreement concluded in accordance with Art. 28 GDPR.

The US company is certified in accordance with the adequacy decision pursuant to Art. 45 GDPR (known as the EU-US Data Privacy Framework (DPF)). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

If the service provider is not certified according to the DPF, an adequate level of data protection for data transfers is based on the standard data protection clauses approved by the EU Commission in accordance with Art. 46 (2) GDPR. The application of the standard data protection clauses ensures compliance with European data protection standards in the context of data transfers to the service provider. Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Use of the "ShopwareModule" plugin (Bonus Points Program) 
In our online shop we use the ShopwareModule plugin, which allows customers to store their card number in their customer account. For a purchase, the card number and the respective transaction amount are transmitted via an encrypted interface (REST API) to our externally operated bonus system. The purpose of the processing is solely the recording of bonus points credited to the respective customer account. The processing of these data is performed in accordance with Art. 6(1)(b) GDPR for the execution of the contract concerning participation in the bonus points program. The technical implementation and processing are based on a data processing agreement pursuant to Art. 28 GDPR with the operator of the bonus system. No further use or disclosure of the data occurs.

7. Payment providers

PayPal
On our website, we offer payment via PayPal, among other methods. This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

If you choose to pay via PayPal, the payment details you enter will be transmitted to PayPal.

If you choose to pay via PayPal, the personal data required for the execution and processing of the purchase contract (e.g., name, address, payment details) will be transmitted to PayPal. Processing is based on Art. 6 (1) lit. b GDPR (contract fulfillment).

PayPal uses necessary cookies for the technical processing of the payment process. These cookies are exempt from the consent requirement under Section 25 (2) TDDDG; they serve exclusively to securely execute the payment service you have expressly requested.

Your data will be stored until the payment has been completed and any warranty or refund claims have been settled. Relevant retention periods may result from tax and commercial law requirements.

8. Privacy policy for the e-recruiting system from ORTEMA GmbH

ORTEMA GmbH appreciates your interest in working for our company and visiting our website. The e-recruiting website and e-recruiting system are operated by
ORTEMA GmbH
Kurt-Lindemann-Weg 10
71706 Markgröningen

as the responsible body.

By accepting our privacy policy for the e-recruiting system, you agree that ORTEMA GmbH and all its affiliated companies may store and process your data for the purposes of application, recruitment, and hiring.

In accordance with Art. 13 GDPR, we would like to provide you with some information about the use of your data in the application process. You can find the privacy policy here.

For internal employees, the company's data protection regulations also apply.

Use and disclosure of personal data and purpose limitation: The personal data you enter on the website will be collected, processed, and used by ORTEMA GmbH exclusively for the purposes of application processing and the recruitment process. ORTEMA GmbH stores and processes your data confidentially in accordance with the applicable data protection regulations.

At ORTEMA GmbH, positions are filled in cooperation with the division managers, the human resources department, and the supervisors of the specialist departments. The supervisors of the specialist departments as well as the employees of our human resources departments may belong to ORTEMA GmbH or its affiliated companies.

Your profile data will be treated confidentially and protected and will only be passed on to third parties (e.g. service providers) if they are involved in the local recruitment process. Service providers are carefully selected. The confidential and secure handling of your data is ensured by appropriate contracts. Your data will only be transferred to government agencies within the framework of mandatory legal provisions.

ORTEMA GmbH takes security measures to protect your data managed by us against manipulation, loss, destruction, or access by unauthorized persons, as well as unauthorized disclosure. Our security measures are constantly improved in line with technological developments.

Type and scope of processing
On our website, we offer you the opportunity to submit an application to us using a form provided or by email. The information collected via mandatory fields is required in order to process your application documents. In addition, you can voluntarily provide additional information that you consider necessary for processing your application.

Your personal data is generally collected directly from you as part of the application process and encrypted during electronic transmission. The data comes from the application form to be completed online and from the uploaded files or documents sent by email.

The categories of personal data processed include, in particular, your contact details (such as first name, last name, name affixes, private address, (mobile) phone number, email address) as well as other data relating to your career (e.g., resume, qualifications and degrees, professional experience) and your person (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g., information on severe disability).

Purpose of processing
Your collected personal data will be used exclusively for the purpose of deciding whether to establish an employment relationship.

Legal basis for processing


Data processing serves the purpose of initiating an employment relationship. The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with § 26 BDSG. In addition, consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 26 BDSG may be used as a data protection permission provision (e.g., unsolicited application, talent pool). If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

In individual cases, we process your data to protect the legitimate interests of the controller or third parties (e.g., subsidiaries of the controller). Such a legitimate interest exists in particular if the processing of your data is necessary for the investigation of criminal offenses (legal basis: Art. 6 (1) (b) GDPR in conjunction with § 26 BDSG).

Insofar as special categories of personal data are processed in accordance with Art. 9 (2) (b) GDPR, this serves to exercise rights or fulfill legal obligations under labor law, social security law, and social protection law (e.g., notification of the representative body for disabled persons SGB IX § 81) within the framework of the application process. This is done on the basis of Art. 9 (2) (b) GDPR in conjunction with § 26 BDSG.

In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 (2) (a) GDPR in conjunction with § 26 BDSG.

If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance.

1. Application for a specific position or unsolicited application
By applying to ORTEMA GmbH, you are providing the company with your personal data. You are responsible for ensuring that this data is correct and accurate. You can withdraw your application at any time if you are no longer interested in the position. You will then no longer be considered in the further recruitment process. At the end of the application process or if you withdraw your application, your data will be deleted in accordance with the applicable legal regulations. Your data relating to an application for a specific job vacancy will be stored and processed by us during the ongoing application process. After the application process has been completed (e.g., in the form of an acceptance or rejection), the application documents will be deleted from the system after six months. You can initiate the end of the application process yourself at any time without formal notice. In the event of an acceptance, we reserve the right to retain your application for a longer period if the start date is more than three months in the future.

If we find your profile interesting but do not currently have a suitable vacancy, we would like to add you to our talent pool. This allows us to stay in touch with you and consider you for future vacancies. We will obtain your separate consent during the application process to add your data to the talent pool and store it there.

In the case of an unsolicited application, we will retain your documents for a period of six months without prior consultation. After that, we would obtain separate consent from you for longer storage.

2. Hiring
If you are hired, your data will be transferred from the e-recruiting system to the HR administration systems. Your data will be stored and processed there as employee data in our HR administration systems.

Data transfer
Within our company, only those persons and departments (e.g., human resources, specialist departments, works council/employee representatives, representatives for disabled employees) who need your personal data to carry out the application process or to fulfill our legal obligations will receive it. Your application will be forwarded to the relevant human resources and specialist departments for review.

If you apply to one of our subsidiaries, we will make your data available to the relevant persons and departments there for the further processing of the application procedure.

Data will not be transferred to a third country.

Profiling in the application process
We do not use purely automated processing to make a decision (including profiling) in connection with the application process.

Right to object
You may object at any time to the processing of your personal data for the purposes of the application. We will then stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.