Privacy Policy

OSRAM LIGHTELLIGENCE® Privacy Statement

August 2018

OSRAM is committed to protecting your personal data. This Data Privacy Statement explains how OSRAM and its subsidiaries (referred to jointly as OSRAM) use your personal data in the context of our LIGHTELLIGENCE® Platform, what measures we take to protect your data and what rights you have in relation to our processing of personal data. This Data Privacy Statement is updated from time to time as legal requirements change or our services evolve. You can check the "effective date" posted at the top to see when it was last updated.

Information available for download:

OSRAM’s data protection standards (PDF) PDF: Binding Corporate Rules (PDF)

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other national data protection laws and other data protection regulations is

OSRAM GmbH
Marcel-Breuer-Straße 6
80807 Munich
Germany

Phone: +49 89 6213-0
Fax: +49 89 6213-2020
E-mail: contact@osram.com
Internet: www.osram.comwww.osram.dewww.lightelligence.io
Contact details of the Data Protection Officer: privacy@osram.com

In individual cases, subsidiaries of the OSRAM GmbH may also act as Controllers on their own or jointly with OSRAM GmbH. You can find the contact information for the OSRAM subsidiaries here: https://www.osram.de/cb/services/tochtergesellschaften/index.jsp

II. General information on data processing

OSRAM collects and uses personal data of users only if necessary to provide a well-functioning website or to enable use of our services such as the LIGHTELLIGENCE® Platform.

If we obtain consent from data subjects to process their personal data, the legal basis is Article 6 paragraph 1 point (a) of the EU General Data Protection Regulation (“GDPR”).

The legal basis for processing your personal data in order to perform a contract between you and OSRAM is Article 6 paragraph 1 point (b) GDPR. This also applies to processing activities required to take steps prior to entering into a contract.

If processing of personal data is necessary for compliance with a legal obligation on the part of OSRAM, the legal basis for that is Article 6 paragraph 1 point (c) GDPR.

If vital interests on the part of OSRAM, the legal basis is Article 6 paragraph 1 point (c) GDPR.

If processing is necessary to safeguard legitimate interests of OSRAM or a third party and your interests, fundamental rights and freedoms which require protection of personal data are not overridden by the interests of OSRAM or the third party, the legal basis is Article 6 paragraph 1 point (f) GDPR.

Personal data shall be erased or blocked as soon as the purpose for which it has been stored no longer applies. Personal data may be retained if this is envisaged by European or national legislators in EU regulations, laws or other provisions which OSRAM is subject to. Data shall be blocked or erased after the period of time determined for its retention under one of the above legal provisions expires, unless retention of data is necessary for the performance or conclusion of a contract.

III. Processing of personal data when visiting the Lightelligence.io website

1. What data do we collect from you when you visit this website?

  • We record the domain name or IP address of your computer, the file request of the client (file name and URL), the http response code, and the Internet site you visit us from.
  • If you register on our website to create your LIGHTELLIGENCE® Account, please refer to Section IV below for more details on the information that we collect.
  • We use Cookies on this website. Cookies are small text files, which are stored on your device. Their main purpose is to identify users, remember your settings as you navigate our websites or to save site login information for you. You can set your browser to refuse all Cookies or have them deleted automatically at the end of a session. For more information on Cookies, please refer to our Cookie Policy. It explains how you can object to the use of Cookies and any personal data collected through them.
  • Some of our websites contain so-called social media buttons. These buttons merely refer to the social media network in question. We do not share any data through these buttons with social networks.

This data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

2. How do we collect your data?

  • We collect the data generated when you visit our website in automated form. Otherwise, we collect data as a result of your actions on our website or through Cookies.

3. purposes do we use your data for and what is the legal basis?

  • For technical administration and provision of the website.
  • To create pseudonymous user profiles we use for promotional purposes and market research – unless you object to us doing so.
  • To the extent permitted by law: To identify misuse and remedy problems.

These purposes also constitute our legitimate interest in processing data in accordance with Article 6 paragraph 1 point (f) GDPR which is the legal basis for the processing of your persona

4. Sharing your data

If you have given your consent or we are otherwise authorized to do so under applicable law, we may pass on your personal data to OSRAM subsidiaries or to service providers (e.g. hosting, sales or marketing partners) for the above purposes. If the recipients are based in countries that do not have an adequate level of data protection, OSRAM has taken measures to ensure suitable and adequate safeguards with respect to the protection of personal data. If the data is shared with:

  • OSRAM subsidiaries in such countries: we ensure that said subsidiaries have signed the Binding Corporate Rules (“BCRs”) on the protection of personal data and abide by them. You can find information on OSRAM’s BCRs in the download section at the top of the page.
  • Recipients outside the OSRAM Group in such countries: personal data is only transferred if said companies (i) have concluded EU standard contractual clauses with OSRAM or (ii) – in the case of recipients based in the U.S. – have been certified under the EU–U.S. Privacy Shield.

5. Length of data storage

Personal data is erased as soon as it is no longer required for achieving the purpose for which it was collected. With regards to data recorded to deliver the website, such data will be deleted as soon as the session has ended, i.e. after you leave our website.

Data included in log files are deleted after seven days at the latest. We only store data for longer periods if IP-addresses are erased or anonymized to make sure that we can no longer identify you through the information.

6. Your rights

  • Information
  • Erasure
  • Rectification
  • Objection

Please see Section IX below for further information on these rights.

You can contact the Data Protection Officer of OSRAM GmbH at any time, for example, by sending an e-mail to privacy@osram.con. For full contact details, please see Section XI. below.

IV. LIGHTELLIGENCE® User Account

1. Scope of data collection
To access the LIGHTELLIGENCE® you need set up a user account. We collect your data through the registration form and store it in our systems. We do not share your personal data with external third parties, with the exception of service provider that we might involve in providing services to you but which are contractually bound to not using your data for their own purposes.

The following data is collected:

  • Surname and first name
  • E-Mail address
  • Phone number (optional)
  • Country
  • A confirmation from you that you are at least 18 years old
  • Whether you use LIGHTELLIGENCE® as a Developer or in a different function
  • Notification preferences
  • Date and time of registration

2. Legal basis for data processing

The legal basis for processing the personal data is Article 6 paragraph 1 point (a) GDPR in case the user has given consent.

If registration is carried out for the purpose of performing a contract or steps prior to entering into a contract, the additional legal basis for processing data is Article 6 paragraph 1 point (b) GDPR.

3. Purpose of data processing

We process your personal data to:

  • provide specific content and services on our website;
  • to set up your LIGHTELLIGENCE® account and
  • to perform a contract with you as our user or taking steps prior to entering into a contract.

4. Length of data storage

Your personal data is erased as soon as it is no longer required for achieving the purpose for which it was collected.

This is the case for data collected during registration as soon as a registration is canceled or you change your details. In the latter case, we make sure we store your new details.

If registration is carried out for the purpose of performing a contract or steps prior to entering into a contract, we will delete your data as soon as it is no longer needed to perform the contract.
Personal data of the contractual partner may also need to be stored after the contract has been concluded to comply with contractual or statutory retention requirements.

5. Possibility of opting out

You can ask us to cancel your registration at any time and delete your LIGHTELLIGENCE® account. You can have the data stored on you changed or erased at any time.

If registration is carried out for the purposes of performing a contract or steps prior to entering into a contract, premature erasure of the data is possible only if there are no contractual or statutory retention requirements that oblige us to further retain the data.

V. LIGHTELLIGENCE® Newsletter

1. Scope of data collection

When you set up your LIGHTELLIGENCE® account, we will ask you whether you are interested to receive further information such as newsletters from us. If you give your consent, we will use your personal data to do so according to your notification preferences. We will not share your personal data with third parties except for service providers we involve but who are strictly limited to providing the services to us and will not use your data for their own marketing purposes.

a) If you register for a newsletter on our website

Users can subscribe to free newsletters on our website. The information you enter into the form will be stored by us and used to provide you with the newsletter you requested.

The following data is collected:

  • Surname and first name
  • E-Mail address
  • Phone number (optional)
  • Language/Country
  • A confirmation from you that you are at least 18 years old
  • Whether you use LIGHTELLIGENCE® as a Developer or in a different function
  • Notification preferences
  • Date and time of registration

Your consent to processing of your personal data is obtained and your attention is drawn to this Privacy Statement during the registration process.

b) If a newsletter is sent to you by your OSRAM sales contact

In the context of pursuing business with you, our sales team might ask for your contact details so that you can be sent messages and newsletters. Such data may include your phone number, e-mail address, surname and first name (optional). The e-mail address you disclose in that connection may subsequently be used by us to send out a newsletter. In such a case, we will send you newsletters or information to similar goods and services that you receive from us.

2. Legal basis for data processing

The legal basis for processing data after registration for the newsletter is Article 6 paragraph 1 point (a) GDPR if the user has given consent.The legal basis for sending the newsletter where we have an established business relationship with you is Section 7 (3) of the German Act Against Unfair Competition (“UWG”).

3. Purpose of data processing

We process your contact details to send you newsletters. Further information that we collect as part of the registration may be used to prevent misuse of the services.

4. Length of data storage

Personal data is erased as soon as it is no longer required for achieving the purpose for which it has been collected. Accordingly, your e-mail address and contact details are stored for as long as the newsletter subscription is active.

5. Possibility of opting out

You can cancel your subscription to our newsletter at any time. Every newsletter contains a link allowing you to unsubscribe.

VI. Use of LIGHTELLIGENCE®

1. Scope of data collection 

In the context of providing access and use of LIGHTELLIGENCE® and related services, two categories of data subjects are affected by the processing:

You as a registered user (“Direct User”) of LIGHTELLIGENCE® and related services. Please refer to point a) Processing of developer personal data below for more details on what personal data we process.

Persons using an application or similar systems or services fully or partially relying on LIGHTELLIGENCE® (so-called “End User”). Please refer to point b) Processing of End User data below for more details on what personal data we process.

a) Processing of Direct User personal data

When you use LIGHTELLIGENCE® to develop applications or use our services for other purposes, we collect and process the following information from you:

  • Name, surname.
  • Contact details including billing adress.
  • Company information including type of company, VAT or other tax related identifiers
  • Your LIGHTELLIGENCE® ID (this is a specific number that is linked to your name and allows us to identify which services you use and to track your use of our services.
  • Usage information on your use of LIGHTELLIGENCE®, i.e. actions you took linked to your LIGHTELLIGENCE® ID or a specific tenant, such as API requests.
  • Payment information such as your credit card number or bank account details.
  • Credentials (please see also sec. IV above regarding the use of personal data when registering for our services).
  • Information on your interaction with our sales department such as your name, contact details, information on the company you work for as well as details of our contractual relationship.
  • Device and usage data (please see also Section III above).
  • Error reports and performance data such as descriptions of any problems you experience, including error reports.
  • We collect aggregate queries for internal reporting and also count, track, and may combine such aggregated information with other information to generate anonymous, aggregated statistical information. Such anonymous, statistical information may be shared on an aggregated basis with OSRAM’s subsidiaries, business partners, service providers and/or vendors. When aggregating such data we make sure this is done in a way that no individual can be identified from the data.

b) Processing of End User personal data

  • Further, we process personal data of End User’ who use or interact with an application built on LIGHTELLIGENCE® or incorporating services provided in relation to LIGHTELLIGENCE® Depending on the application, information we obtain through APIs may include data that, according to its nature and possibly in combination with further parameters allows identification of natural persons by you as our customer or any of your customers such as in the context of solutions for human centric lighting, space utilization or connected devices. Scope and extent of the processing of such data depends on your exact use of our services. You can find further information on what data can be shared through APIs in the LIGHTELLIGENCE® API documentation, available here: https://api.lightelligence.io/v1/api-collection/ .

As LIGHTELLIGENCE® is a flexible instrument allowing you to build what you need, please be aware of your responsibilities towards End Users or anyone else whose data might be passed on to us through LIGHTELLIGENCE® APIs. Depending on the exact setup you might be considered as a Controller yourself. Please note that you need to inform End Users on the processing of their personal data and make sure you have concluded the OSRAM LIGHTELLIGENCE® Data Processing Agreement with us. In case you have not, please contact us through privacy@osram.com to request conclusion of the Agreement.

2. Legal basis for data processing

The legal basis for the processing of your personal data in the context of using LIGHTELLIGENCE® is Art. 6 Para. 1 point (b) GDPR. Where we, in individual cases are required by applicable law and in compliance with the provisions of the GDPR hereon share personal data with public authorities, this is done on basis of Art. 6 Para. 1 point (c) GDPR.

When processing personal data of End Users, OSRAM acts as a Processor in the sense of Art. 28 GDPR and such processing will be subject to a Data Processing Agreement that we conclude with the respective responsible Controller (i.e. you as a developer or app service provider).

Further we process your personal data as well as personal data from End Users for our legitimate interest in ensuring security and availability of our services on basis of Art. 6 Para. 1 point (f) GDPR.

If registration is carried out for the purpose of performing a contract or steps prior to entering into a contract, the additional legal basis for processing data is Article 6 paragraph 1 point (b) GDPR.

3. Purposes of the processing

We process personal data to provide services to you and to enable you to fully access and use the LIGHTELLIGENCE® Platform according to your needs and to administer our business relationship with you. In more detail, these purposes relate to:

  • Enabling use of LIGHTELLIGENCE® (both production environment as well as preview environment) and allowing to link activities to your account and/or to a specific tenant by referring to your individual LIGHTELLIGENCE® ID.
  • Payment and billing, i.e. your personal data is processed as determined by the pricing mode agreed with you. Potential parameters may include number of users, amount of messages or devices connected, amount of data storage.
  • Troubleshooting and support to make sure LIGHTELLIGENCE® is available or to provide you with updates or patches.
  • To protect and ensure the security and safety of our products and users, and to detect malware and malicious activities. This may include using automated systems to detect security and safety issues.
  • To comply with legal and regulatory requirements, for example to help customers exercise their data protection rights such as the right to demand deletion of personal data.
  • For statistical evaluation and continuous improvement of LIGHTELLIGENCE® and related services.

We may use aggregated data collected either directly from our customers or through APIs to enhance our business activities, understand the needs of our customers better and improve existing or develop new products. We aim at making sure that we do not use personal data by pseudonymizing or anonymizing the affected data or only accessing and processing aggregated information which makes it practically impossible for us to trace back or identify individuals. As part of our commitment to data protection to maintain your and End User’s privacy, any such access will be subject to prior approval of our Global Privacy Office and/or the responsible Data Protection Officer. We will not access any data without their approval. If you have questions about this procedure, please contact us at privacy@osram.com.

In case an application or other system you build on LIGHTELLIGENCE® or that includes APIs to LIGHTELLIGENCE® processes End User data, we process any such End User data for the purposes defined in the respective Data Processing Agreement and any other agreement or contract with you.

4. Sharing of personal data

We share your personal data with your consent or as necessary to complete any transaction or provide you with our services. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services and will additionally process it for fraud prevention and credit risk reduction.

Further, we share personal data with our subsidiaries as necessary due to our business organization needs. Where we share personal data with subsidiaries, we make sure that this occurs on a need-to-know basis only.

We also share personal data with vendors or agents working on our behalf for the purposes described in this Privacy Statement. For example, companies we have hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.

Finally, we may disclose personal data if necessary to:

  • comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
  • protect our customers, for example to prevent spam or attempts to defraud users of our products;
  • operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
  • protect OSRAM’s rights including enforcing the terms governing the use of the services.

5. Length of data storage

We will keep your personal data or any End User data as long as required to provide the services to you, your customers or any End User of an application you build on LIGHTELLIGENCE®. When request deletion of your LIGHTELLIGENCE® account, we delete your personal data with the exception of such data that we need to retain for legal, regulatory, audit and tax requirements, for example personal data included in invoices.

Your personal data as well as personal data of End User is primarily stored in data centers located within the European Union.

6. Possibility of opting out

When registering as a LIGHTELLIGENCE® user, you can ask to have your account deleted at any time. Subsequently, we will no longer process personal data linked to your account.

Additionally, you can opt out of processing with respect to all personal data or specific personal data by contacting us at: privacy@osram.com. However, please note that we may not be able to further provide you with full access to the services provided in context of the LIGHTELLIGENCE® as we require specific personal data from you to do so.

You further have to option to prevent us from further processing personal data from your End User by removing APIs linking to LIGHTELLIGENCE®.

7. Children

OSRAM does not aim at processing personal data from persons below the age of 18.

VII. Contact form

1. Scope of data collection 
Our Internet site contains a form that can be used for contacting us electronically. If a user makes use of this option, the data entered in the input screen is sent to us and stored. The data is used solely for processing the conversation. This data is not passed on to third parties.

The following data is collected:

  • E-mail address
  • Surname and first name (optional)
  • Form of address
  • Language/country
  • Date and time of registration

Your consent to processing of the data is obtained and your attention is drawn to this data privacy statement.

Furthermore, communication is possible by using the e-mail address you specified. In this case, the personal data sent with your e-mail is stored.

2. Legal basis for data processing

The legal basis for processing data is Article 6 paragraph 1 point (a) GDPR if you have given us your consent.

The legal basis for processing data when we receive e-mails is Article 6 paragraph 1 point (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing of the data is Article 6 paragraph 1 point (b) GDPR

3. Purpose of data processing

We process personal data collected through the contact form solely for handling your requests. If we are contacted by e-mail, this constitutes our legitimate interest required for processing the data.

Further, personal data is processed to prevent misuse of the contact form and ensure the security and availability of our IT systems and this website.

4. Length of data storage

The data is erased as soon as it is no longer required for achieving the purpose for which it was collected. This is usually the case when a conversation with you is over. The conversation is over when it is clear from circumstances that the matter in question has been definitely resolved.

5. Possibility of opting out

You can revoke your consent to their personal data being processed at any time. If you contact us by e-mail, you can object to your personal data being stored at any time. This then means the conversation cannot be continued.

All personal data stored as part of the contact is erased in this case.

VIII. Transfer of data for processing on our behalf

In some cases, we use specialized service providers to process your data. We carefully choose and regularly control our service providers. They process personal data only on our behalf and in strict accordance with our instructions on the basis of agreements on commissioned data processing. 
In some cases, your data is also processed in countries outside the European Union (EU) or the European Economic Area (EEA) where, generally speaking, there might be a lower level of data protection than in Europe. In such cases, we ensure that an adequate level of protection for your data is guaranteed, such as by means of agreements with our contractual partners (of which a copy is available upon request), or we ask you for your explicit consent.

IX. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller:

1. Right to obtain information

You can demand confirmation from OSRAM as to whether personal data concerning you is processed by us.

If it is processed by us, you can demand the following information from the controller:

  • the purposes for which the personal data is processed;
  • the categories of personal data that is processed;
  • the recipients or categories of recipients to whom the personal data concerning you has been or is to be disclosed;
  • the planned length of time for which the personal data concerning you will be stored or, if concrete details of that are not possible, the criteria
  • used to determine that length of time;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing of the data by the
  • controller, or a right to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data if the personal data has not been collected from the data subject;
  • the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 GDPR and, at least in those cases,
  • meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  • whether the personal data concerning you is transferred to a third country or an international organization and which appropriate safeguards in accordance with Article 46 GDPR have been provided.

If data is processed for scientific or historical research purposes or statistical purposes, the right to obtain information can be restricted insofar as it is likely to render impossible or seriously impair achievement of the research or statistical purposes and the restriction is necessary to ensure the research or statistical purposes are achieved.

2. Right to rectification

You have a right to demand that OSRAM correct and/or supplement processed personal data concerning you if it is incorrect or incomplete. OSRAM will rectify the data immediately.

3. Right to restriction of processing

You can demand that processing of personal data concerning you be restricted under the following circumstances:

  • if you contest the accuracy of the personal data concerning you, processing of the data will be restricted for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defense of legal claims; or
  • you have objected to processing pursuant to Article 21 paragraph 1 GDPR and it has yet to be verified whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, the data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If processing of data has been restricted pursuant to the above circumstances, you will be informed by OSRAM before the restriction is lifted.

4. Right to erasure

You can demand that OSRAM erase the personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data concerning you is no longer necessary for fulfilling the purposes for which it was collected or otherwise processed;
  • you withdraw consent on which the processing was based in accordance with Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) GDPR, and where there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR;
  • the personal data concerning you has been unlawfully processed;
  • the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 paragraph 1 GDPR (children’s consent).

5. Right to be forgotten

If OSRAM has made personal data concerning you public and is obliged pursuant to the requirements specified in section 4 to erase the data, OSRAM, taking account of available technology and the cost of implementation, will take reasonable steps to inform controllers who process your data further that you have requested erasure of all links to your personal data.

6. Exceptions to the right to erasure

You do not have a right to demand erasure of your data if processing of it is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 points (h) and (i) and Article 9 paragraph 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 paragraph 1 GDPR insofar as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defense of legal claims.

7. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing toward OSRAM, we will communicate any rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. If requested, we will inform you of who the recipients are.

8. Right to data portability

You have the right to receive the personal data concerning you which you have provided to OSRAM, in a structured, commonly used and machine-readable format and to transmit the data to another controller, provided

  • processing of the data is based on consent in accordance with Article 6 paragraph 1 point (a) GDPR or Article 9 paragraph 2 point (a) GDPR or on a contract in accordance with Article 6 paragraph 1 point (b) GDPR and
  • the processing is carried out by automated means.

You also have the right to have the personal data concerning you transmitted directly from OSRAM to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

9. Right to object

You have the right to object at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 point (e) or (f) GDPR, including profiling based on those provisions.

OSRAM will subsequently no longer process the personal data concerning you unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing of it is for the purpose of the establishment, exercise or defense of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You also have the right to object to processing of personal data concerning you that is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1 GDPR.

Your right to object can be restricted insofar as it is likely to render impossible or seriously impair achievement of the research or statistical purposes and the restriction is necessary to ensure the research or statistical purposes are achieved.

10. Right to revoke the declaration of consent under data protection law 

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent until you withdrew it.

11. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the controller;

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

In the cases referred to in (1) and (3), OSRAM will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.If these decisions are based on special categories of personal data referred to in Article 9 paragraph 1 GDPR, the above exceptions shall apply only if Article 9 paragraph 2 point (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

12. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR).

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

You can find more information and explanations of the rights mentioned above on the website “Rights for citizens” of the European Commission.

X. Updates to this Privacy Statement

We may update this Privacy Statement from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. You can check the "effective date" posted at the top to see when the Privacy Statement was last updated. If we make any change related to use or disclosure of personal data, we will provide advance notice on the web page you use to access the Platform services. Minor changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.

XI. How to contact us

You can contact our Privacy Office or the responsible Data Protection Officer at any time at privacy@osram.com or by writing to: 

OSRAM GmbH 
Data Protection Officer 
Marcel-Breuer-Straße 6 
D-80807 Munich
Germany

This website uses cookies to offer you certain services and to enhance your user experience. By continuing to use our website, you consent to the usage of cookies as described in our Cookie Policy.