Privacy policy
Last updated: January 6, 2025
Privacy Policy visionary-contest.osmium.com
1) Introduction and Contact Information of the Data Controller & Data Privacy Officer
1.1 We are pleased that you are visiting our website. Below, we inform you about the handling of your personal data when using our website. Personal data includes any data that can be used to personally identify you.
1.2 The controller for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Osmium-Institut zur Inverkehrbringung und Zertifizierung von Osmium GmbH, Kemmelallee 6, 82418 Murnau am Staffelsee, Germany, E-mail: privacy@osmium-institute.com. The controller for the processing of personal data is the legal person who alone or jointly with others determines the purposes and means of processing personal data.
1.3.
The Osmium Institute has appointed Mervyn Lange as its designated Privacy Officer (DPO), responsible for overseeing and ensuring compliance with data protection laws in connection with the Osmium Visionary Contest. For any inquiries or concerns regarding the processing of personal data, participants can contact Mervyn Lange directly via E-Mail at privacy@osmium-institute.com or via postal mail at Mervyn Lange DPO, Lotosweg 78, 13467, Berlin, Germany.
2) Data Collection When Visiting Our Website
2.1 Logfiles
When you visit our website purely for informational purposes, i.e., when you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data that is technically required to display the website:
The website you visited
Date and time of access
Amount of data transmitted in bytes
Source/referral from which you accessed the page
Browser used
Operating system used
IP address used
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or further use of the data takes place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 Encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the “https://” and the lock symbol in your browser’s address bar.
2.3 Statistics
We use the Burst Statistics plugin on our WordPress website to collect anonymized statistical data about website usage. Burst Statistics operates in compliance with the General Data Protection Regulation (GDPR), ensuring no personally identifiable information is collected. The data gathered includes metrics such as page views, user interactions, and general traffic patterns, which are used to improve the website’s functionality and user experience. All data is stored locally on our servers, meaning no information is shared with third parties.
3) Hosting
For hosting our website and displaying the page content, we use the system of the following provider: Host Europe GmbH c/o WeWork, Friesenplatz 4, 50672 Cologne, Germany, Tel.: +49 2233 99341040, E-Mail: info@hosteurope.de
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
4) Cookies
To make visiting our website attractive and to enable the use of certain features, we use cookies, which are small text files stored on your device. Some cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain stored on your device for a longer period and allow the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings in your web browser.
If individual cookies we use also process personal data, processing is carried out in accordance with Art. 6 (1) lit. b GDPR for the performance of the contract, pursuant to Art. 6 (1) lit. a GDPR if consent is given, or pursuant to Art. 6 (1) lit. f GDPR to protect our legitimate interest in the best possible functionality of the website and an efficient and customer-friendly design of the site visit.
You can set your browser to inform you when cookies are set and to individually decide whether to accept them, or to exclude the acceptance of cookies for certain cases or generally.
We manage your consent with a cookie consent tool (see below).
Please note that if cookies are not accepted, the functionality of our website may be limited.
Our website also recognizes the Global Privacy Control (GPC) signal, which enables you to opt-out of certain uses or disclosures of your information. If you notify us of your preference through GPC, we will treat such signal as a valid request to opt out of sharing / targeted advertising for the associated browser or device, and, if we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other “Do Not Track” signals that may be sent from your web browser or device.
5) Contacting Us
When you contact us (e.g., via contact form or e-mail), we process personal data solely for the purpose of handling and responding to your inquiry and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted once the issue in question is resolved and provided there are no legal retention obligations to the contrary.
6) Processing of Personal Data for the Osmium Visionary Contest
In connection with the Osmium Visionary Contest, the Osmium Institute collects and processes personal data to organize, manage, and execute the competition. This includes participants’ contact details (e.g., name, email address, phone number), submitted materials (e.g., design files, statements of inspiration, and biographies), and any additional information provided during correspondence. If participants include personal data within their uploaded files (e.g., signatures or identifiable details in biographies), such data will also be processed.
The legal basis for processing personal data is as follows:
- Performance of a Contract (Art. 6(1)(b) GDPR): Participation in the competition involves agreeing to its Terms and Conditions, which require the processing of personal data to fulfill the competition’s organizational and operational requirements.
- Legitimate Interests (Art. 6(1)(f) GDPR): The legitimate interests of the organizers include promoting the competition and its outcomes, as well as showcasing finalists’ and winners’ names, biographies, and designs on social media channels, websites, and publications of the Osmium Institute and Katerina Perez.
- Legal Obligations (Art. 6(1)(c) GDPR): Where applicable, data may be processed to comply with legal obligations, such as tax or record-keeping requirements.
The processing also includes using personal data to communicate with participants about their submissions, respond to questions, and provide updates (e.g., if a participant reaches the finals). Marketing activities may involve posting participants’ names, designs, and associated content on platforms such as Instagram, Facebook, LinkedIn, and other media channels managed by the Osmium Institute and Katerina Perez, as detailed in the competition’s Terms and Conditions.
All personal data will be processed in compliance with applicable data protection laws and retained only for as long as necessary to fulfill the purposes of the competition and any associated legal or promotional obligations.
7) Direct Marketing
The Osmium Institute and Katerina Perez may also use participants’ contact details (e.g., email addresses) for direct marketing purposes, such as informing them about future competitions, events, and other opportunities related to the jewelry and osmium industries. This processing is based on the legitimate interest of maintaining engagement with participants and promoting related activities (Art. 6(1)(f) GDPR). Participants can opt out of receiving direct marketing communications at any time by following the instructions provided in the communications or contacting us directly.
8) Data Processing for Shipment Processing
Cooperation with External Shipping Partners
To fulfil our contractual obligations to the winners and select participants, we collaborate with external shipping partners. Your name, delivery address, and, if required for delivery, your phone number will be shared exclusively for shipping purposes in accordance with Art. 6 (1) lit. b GDPR. The following shipping providers are involved:
- DHL: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
- DPD: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
- INTEX: INTEX Paketdienst GmbH, In der Held 2, 66620 Nonnweiler-Otzenhausen
9) Tools and Other Services
Cookie-Consent Tool
This website uses a “cookie-consent tool” to obtain valid user consent for cookies and cookie-based applications requiring consent.
The tool displays an interactive user interface upon visiting the site, where users can grant consent for specific cookies and/or cookie-based applications by ticking appropriate boxes. Consent-based cookies are only activated once the user has provided explicit consent via the tool. This ensures that such cookies are placed on a user’s device only with their permission.
The tool sets technically necessary cookies to save your preferences. Personal user data is generally not processed during this operation.
In cases where personal data (such as IP addresses) is processed for purposes like storing, assigning, or recording cookie settings, this processing is based on Art. 6(1)(f) GDPR, reflecting our legitimate interest in legally compliant, user-specific cookie management. Additional legal grounds for processing may include Art. 6(1)(c) GDPR, as we are legally obligated to seek consent for non-essential cookies.
Where applicable, we have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and prevent unauthorized disclosure to third parties.
Further details about the operator and configuration options of the cookie-consent tool can be found directly in the tool’s user interface on our website.
10) Rights of the Data Subject
10.1 Your rights under the GDPR include the following:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to notification
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint
10.2 Right to Object
When we process your personal data based on our overriding legitimate interest, you have the right at any time to object to this processing for reasons arising from your particular situation.
If you object, we will cease processing the relevant data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes.
If you exercise your right to object, we will stop processing the relevant data for direct marketing purposes.
11) Duration of Storage of Personal Data
Personal data is stored only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.
Data processed under Art. 6(1)(a) GDPR is stored until you withdraw your consent. Data processed under Art. 6(1)(b) GDPR is stored until the contractual relationship ends and statutory retention periods expire.
If processing occurs based on Art. 6(1)(f) GDPR, data is stored until you object under Art. 21 GDPR, unless compelling legitimate grounds for continued processing exist.
When no longer necessary, personal data is deleted in accordance with GDPR requirements.