Privacy Policy

The Privacy Policy complies with the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter “GDPR”) and provides you with an overview regarding the processing of your personal data (hereinafter referred to as “data”) on the Arvato Systems website.

Who is accountable for processing my personal data?

Arvato Systems Group*

An der Autobahn 200

33333 Gütersloh

info@arvato-systems.de,

Tel.: + 49-5241-80 0

is responsible for processing your data on this website (hereinafter referred to as “company”). The company processes personal data in accordance with the GDPR and laws locally applicable.

The company data protection officer can be reached at the above postal address by adding “For the attention of the data protection officer” or at the email address: datenschutz@arvato-systems.de.

What data is collected?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.

If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (for example, search words, login data, ratings, form or contract entries, click data) will be processed.

Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

What cookies are used?

Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, the web browser returns the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session (“transient cookies” or “session cookies”). Other cookies are saved for a specific period of time (“temporary cookies”) or indefinitely (“persistent cookies”). These cookies are automatically deleted when the defined period lapses. The privacy and security settings of your browser enable cookies to be deleted at any time and also enable you to configure the use of cookies in accordance with your preferences. However, you may not be able to use all the features of our website if you delete the cookies used by our website.

As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are required for other purposes, e.g. analysis of user behaviour or displaying advertising-related content.

The cookies that are required for the provision of website features include the following in particular:

  • Cookies that are used to identify or authenticate the user;
  • Cookies used to temporarily store user input (e.g. the content of a shopping cart or online form);
  • Cookies used to store user preferences (e.g. search or language settings);
  • Cookies that store data to enable the trouble-free rendering of video or audio content.

Cookies that are required for further purposes include in particular the following:

  • Analysis cookies to record our users’ usage behaviour (such as clicked advertising banners, visited subpages, requested search queries) and to evaluate them in statistical form;
  • Advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) to show the user advertisements or offers tailored to their inter-ests (“interest-based advertising”);
  • Third party advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) and which enable the controller and the third party to show the user advertisements or offers tailored to their interests (hereinafter “third party cookies”);
  • Tracking cookies related to social plugins.

What personal data is collected and for what purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.
We use the data described in section 2 for the following purposes:

  • To provide website features and content and ensure technical security in trouble-shooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
  • To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
  • To implement our own and external advertising (online advertising);
  • For communication, completion of precontractual procedures, and customer care purposes;
  • To send out newsletters via email;
  • For event registration and participation; and

For information on other data processing purposes, please refer to the sections below of this Privacy Policy.

4.1 Provision of the website

4.1.1 Description and scope of data processing

In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.

4.1.2 Purpose and legal basis of data processing

The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.

4.1.3 Duration of storage or criteria applied in defining this period

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.

4.1.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.

4.2 Contact form, email and telephone contact information

4.2.1 Description and scope of data processing

On our website you have the option of contacting us by way of a contact form, by email, by telephone or by chat using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).

4.2.2 Purpose and legal basis of data processing

The legal basis for processing your contact details follows from Art. 6(1)(f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6(1)(b) GDPR.

4.2.3 Duration of storage or criteria applied in defining this period

Your contact details are deleted once your request has been processed and further communication has been discontinued. This does apply if the purpose of your establishing contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g. request information). In this case your details are stored until all contractual and/or statutory obligations have been fulfilled and statutory retention periods (currently 6 to 10 years) do not prevent this information from being deleted.

4.2.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your contact information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract or exercising your rights as a data subject.

4.3 Newsletter

4.3.1 Description and scope of data processing

The website offers the possibility to subscribe to newsletters. Your data from the registration screen will be transmitted to the company and processed further (also with the help of service providers) for the dispatch of newsletters. When registering, your consent will be obtained and saved using the double-opt-in procedure. Your data is not transferred to third parties.

We point out that the company may evaluate your user behaviour when sending newsletters. To carry out this evaluation, the emails sent include web beacons or tracking pixels, which are one-pixel image files stored on the website. For the purpose of evaluations, the company could link your data and the web beacons with your email address and an individual ID. With the data obtained in this manner, the company would be able to create a user profile with which the newsletter can be tailored to your indi-vidual interests. To do this, the company records which links you click on when you read the newslet-ter and uses these to derive your personal interests. The company could associate this data with your behaviour on our website.

4.3.2 Purpose and legal basis of data processing

The processing of your data via the login form is required to inform you about and advertise the company's goods and/or services. The legal basis for processing the data when registering for the newsletter is the consent according to Art. 6 (1) lit. a GDPR with reference to Section 7 (2) No. 3 of the Act Against Unfair Competition (hereinafter referred to as “UWG”).

The legal basis for the processing of your data after purchasing the company’s goods and/or ser-vices is Art. (6) 1 lit. f GDPR with reference to Section 7 (3) of the Act Against Unfair Competition (hereinafter referred to as “UWG”). Advertising to existing customers is in the company’s legitimate interest.

4.3.3 Duration of storage or criteria applied in defining this period

The data will be stored for as long as the newsletter is subscribed to. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until the contractual and/or legal obligations have been fulfilled and deletion is not precluded by statutory retention peri-ods.

4.3.4 Options for lodging an objection and having your data removed

You can revoke your consent to receiving the newsletter at any time by clicking on the unsubscribe link provided in each newsletter or by writing to:

Newsletter of Arvato Systems, Arvato Systems GmbH via E-Mail: info@arvato-systems.de or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.


4.4 Events

4.4.1 Description and scope of data processing

On our website you have the option of registering to Arvato Systems’s events. Your details are transferred to us from the registration form and processed. When registering, your consent is obtained and you are advised of this Privacy Policy. Your details are not shared with third parties. Processing your access data is also necessary to show proof of your giving your consent. Other information may be voluntarily provided in order to address you personally.

4.4.2 Purpose and legal basis of data processing

Processing the information entered by you in the registration form is necessary for participating at the respective event. The legal basis for this is your consent pursuant to Art. 6(1)(a) GDPR.

4.4.3 Duration of storage or criteria applied in defining this period

Your information is stored until the end of the event. This does not apply, if during the event contract negotiations were initiated and your data needs to be stored for the creation of a customer record.

4.4.4 Options for lodging an objection and having your data removed:

You can revoke your consent to receiving press releases at any time by writing to Arvato Systems GmbH via E-Mail: info@arvato-systems.de or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.

4.5 Webtracking

The website has built-in services that optimise usability and measure the reach of the website. Your access data (see Section 2) will be recorded and the usage behaviour will be evaluated using analysis cookies (see Section 3). Personal identification is basically not required for web tracking, meaning that when you enter your access data, the stored IP address is either not used or only a shortened version is used and pseudonymous usage profiles are created. These are not merged with other data and you have the option of revocation at any time. Personal usage profiles are only created in excep-tional cases and if you have given your consent.

Web tracking services are usually provided by service providers who process the data only as di-rected by the controller and not for its own purposes as a processor. This is ensured on the basis of data processing contracts. If the service providers outside the European Union or the European Eco-nomic Area (hereinafter referred to as "EU or EEA") process your data, a third country transfer takes place. This is permissible provided that you have given your consent, the company has provided guarantees of a data protection level that meets the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respec-tive service is indicated below. Further information regarding the recipients of your data can be found in sections 4.5.1, 4.5.2 and 4.5.3.

The website’s web tracking services are described in more detail below.


4.5.1 Adobe Tag Manager

This website uses Adobe Tag Manager. Adobe Tag Manager is a service provided by Adobe Systems Software Irland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Tag Manager managers „tags“(placeholder for website code). Adobe Tag Manager does not collect data and data collected by the tags cannot be accessed by the Adobe Tool Manager.

4.5.2 Google Analytics

This website uses Google Analytics. Google Analytics is a service provided by Google Inc. Google Analytics causes a usage profile to be created in order to optimize the user-friendliness of our website. A pseudonym is assigned to this profile. In so doing, your access data is collected as described in section 2 and your usage behaviour analyzed using analytics cookies as described in section 3. Personal identification is not necessary for web tracking: when collecting your access data your IP address is shortened before being transmitted to Google Inc., meaning no information can be attributed to you. These usage profiles to which pseudonyms are assigned are analyzed for the purpose of optimizing user-friendliness. This data is not merged with other data by Google Inc. We ensure that Google Inc. only uses this data as instructed by us under a contract data processing contract we have concluded with Google Inc.

The use of Google Analytics entails a third county transfer (see Section 4.7). However, Google en-sures that the European level of data protection is ensured for third country transfer with certification under the EU-US Privacy Shield.

For more information on data processing related to Google Analytics, refer to the Google’s privacy policy: 
https://policies.google.com/privacy?hl=en
.

4.5.3 Adobe Analytics (Omniture)

This website uses Adobe Analytics. Adobe Analytics is a service provided by Adobe Systems Software Irland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Analytics causes a usage profile to be created in order to optimize the user-friendliness of our website. A pseudonym is assigned to this profile. In so doing, your access data is collected as described in section 2 and your usage behaviour analyzed using analytics cookies as described in section 3. Personal identification is not necessary for web tracking: when collecting your access data your IP address is shortened before being transmitted to Adobe meaning no information can be attributed to you. These usage profiles to which pseudonyms are assigned are analyzed for the purpose of optimizing user-friendliness. This data is not merged with other data by Adobe. We ensure that Adobe only uses this data as instructed by us under a con-tract data processing contract we have concluded with Adobe.

For more information on data processing related to Adobe Analytics, refer to the Adobe privacy policy:
https://www.adobe.com/de/privacy/policy.html.

4.5.4 Matomo (formerly Piwik)

Our website uses Matomo (formerly Piwik). The provider is InnoCraft LtD, 150 Willis St, 6011 Welling-ton, New Zealand. Matomo uses analysis cookies to create a pseudonymous usage profile on the company’s website to optimise the website’s user-friendliness. This usage profile is stored exclusive-ly on the company's web servers and is not transmitted to the InnoCraft LtD web server. Pseudonymi-ty is ensured by the fact that the IP address (which is recorded as part of the server log files when the website is made available by the website operator) is shortened before transmission to InnoCraft LtD so that any reference to you is not possible. This IP address will not be merged with other data. This and the evaluation of the pseudonymous usage profile is carried out exclusively on behalf of the company and is ensured on the basis of a data processing contract concluded with InnoCraft LtD.

Analysis cookies are always set at Matomo when you visit the website. The cookies remain for six months, unless you delete them beforehand using the browser setting.

Furthermore, the use of Matomo entails a third-country transfer. No data is transmitted to the In-noCraft LtD web server.

More information about Matomo’s data processing can be found in the Privacy Policy. http://matomo.org/privacy/

4.5.5 Google Ads

We use the "Google AdWords Conversion" function of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Adwords Conversion to promote the site in Google search results and on the sites of other providers that also participate in the Google advertising network. When you visit our website, Google sets a cookie that automatically uses a pseudonymous cookie ID to enable interest-based advertising within the Google advertising network based on your access data. If you access our website via a Google ad on another website, Google will also set a cookie. These Google cookies usually expire after 30 days and are not intended to personally identify you. These cookies only allow Google to recognize your Internet browser. If a user visits certain pages of the website within the Google advertising network and the cookie stored by Google has not yet expired, Google and the website provider can recognize that the user has clicked on the ad and has been redirected to this website. Google assigns a different cookie to each website provider that participates in the Google advertising network. Cookies therefore cannot be traced through the website of other website providers that also participate in the Google advertising network. We do not collect and process any personal data within the framework of Google AdWords Conversion. We only receive statistical evaluations from Google. These reports help us determine which of our ads are most effective on the Google advertising network. We do not receive any further data, in particular we cannot identify our users on the basis of this information. Further information on Google's advertising network and Google's privacy policy can be found at: http://www.google.com/privacy/ads/.

4.5.6 Purpose and legal basis of data processing

The legal basis for collecting and analyzing pseudonym usage profiles follows from Art. 6(1)(f) GDPR / Section 15(3) German Telemedia Act (TMG). We have a legitimate interest in optimizing the user-friendliness of our website and performing marketing reach measurements. If personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR.

4.5.7 Duration of storage or criteria applied in defining this period

As a general rule, the data that is collected and analyzed in association with Google and Adobe Analytics remains stored until you raise an objection to it being used in this manner.

4.5.8 Options for lodging an objection and having your data removed

You can raise an objection to the use of Google Analytics by changing your browser settings and/or clicking on the following links to download and install the browser plug-ins and/or opt-out:

4.6 Links to other websites

This website contains links to the website of other website operators. Clicking on the links takes you to the respective websites (e.g. Facebook, YouTube). With the exception of your access data to make the other website available, no data of yours is transmitted to these website operators.
Our Privacy Policy only covers our website; we are not responsible for the privacy policies of other websites. Nevertheless we recommend that you read the privacy policies of the websites you access by clicking on the links leading to them.

4.7 External services and content on our website

We integrate external services and content on our website. If you use one of these services or you are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.
That provider may use your data for their own purpose. To the best of our knowledge and belief, we have configured the services or content of third-party providers who are known to use data for their own purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them we are unable to make any binding statements pertaining to the purpose and scope of the processing of your data.

For further information on the purpose and scope of the collection and processing of your data, please refer to the privacy policy of the responsible provider (under data protection law) of the services or content integrated by us:

 

4.9. Use of the blog

4.9.1 Description and scope of the data processing

If you want to use the comment function of blogs, you must specify a name and your email address in addition to the actual comment. The username for this purpose is freely selectable, so there is no clear name obligation and the company provides you with the option to remain pseudonymous to the other users. Comments are only published after review and approval by the company. If you post comments, these will generally be made accessible to unregistered users (hereinafter referred to as “anyone”), stating your username, time and date of the comment.

4.9.2 Purposes and legal basis of the data processing

Data is processed on the blog for the purpose of collective discussion between users on various topics. The legal basis is Art. 6 (1) lit. f GDPR. The legitimate interest lies in promoting exchange with-in the interested community.

4.9.3 Duration of storage or criteria for determining this duration

Your user data is stored until the intended purpose is fulfilled. Your published comments will be stored until deleted and are accessible to anyone. If you wish for your contributions to be deleted, you can send your deletion request to the company under Section 1.

4.9.4 Possibility of objection and deletion

Processing your user data is required to use the blog’s comment function. You cannot object to this, but you can exercise your right to deletion of data.

Who comes into possession of my personal data?

Those entities within the company who need your data to fulfil the purposes described in Section 4 above. Also, service providers employed by the company may gain access to your data (“proces-sors”, such as data centres, newsletters, customer service or debtor management). Data processing contracts ensure that these service providers commit to instructions, data security and the confiden-tial handling of your data.

Your data is only transferred to other recipients at your request or if required by law. The following third parties are included in the data transfer:

Providers of social media services that for their own purposes merge your data from the website with the data already stored there.

Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.

Affiliate companies to which you refer in your request

Public bodies and institutions, such as law enforcement agencies, who receive access to your data for reasons of compliance with legal or regulatory obligations

Is my personal data processed outside of the EU or EEA (‘transfer to a third country’)?

If the service providers listed in Section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in Section 4, this may result in your data being transmitted to a coun-try where a level of data protection equivalent to that in the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. For example, standard contractual clauses provided by the EU Commission may qualify as a suitable guarantee. You can request a copy of these guarantees from the contact details listed in Section 1. By way of exception, any guarantee can be waived if you give your consent to this or if the third country transfer is required to fulfil your contract with the company. The EU Commission has also recognised certain third countries as safe third countries, meaning it is also not necessary for the company to provide any suitable guarantees at this point.

What data privacy rights do I have?

You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.

Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situa-tion to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal infor-mation for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.

You also have the possibility to contact a data protection authority and file a complaint. A list of data protection authorities and their contact data can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

To what extent is automated decision-making and profiling utilised?

We do not use any fully automated decision-making processes for any of the purposes set out in section 4. No profiling takes place for any of the purposes set out in section 4.

Final/version information

As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy statements may be required. Therefore, we recommend that you review these privacy statements from time to time.



Last update of the Privacy Policy: August 13, 2018