Consulting & Innovation
Solutions & Technologies
Infrastructure & Operations
Industries
More
shutterstock_484938517

Privacy Policy

for the Arvato Systems Group

The Privacy Policy complies with the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter “GDPR”) and provides you with an overview regarding the processing of your personal data (hereinafter referred to as “data”) on the Arvato Systems website.

1. Who Is Accountable for Processing My Personal Data?
2. What Data Is Collected?
3. Which Cookies Are Used?
4. What Personal Data Is Collected and for What Purpose?
5. Who Comes into Possession of My Personal Data?
6. Is My Personal Data Processed outside of the EU or EEA (‘Transfer to a Third Country’)?
7. What Data Privacy Rights Do I Have?
8. To What Extent Is Automated Decision-Making and Profiling Utilised?
9. Final / Version Information

1. Who Is Accountable for Processing My Personal Data?

The companies of the


Arvato Systems Group *

An der Autobahn 200

33333 Gütersloh

info@arvato-systems.de

Tel.: +49-5241-80 0


(hereinafter referred to as "company") are responsible for processing your data on this website. The company processes personal data in accordance with the GDPR and laws locally applicable.


The company data protection officer can be reached at the above postal address by adding “For the attention of the data protection officer” or at the email address: datenschutz@arvato-systems.de.

2. What Data Is Collected?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.


If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (for example, search words, login data, ratings, form or contract entries, click data) will be processed.


Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

3. Which Cookies Are Used?

This website uses cookies. Cookies are small text files that are stored on your computer when you visit a website. The stored cookies are assigned to the browser you use. If the corresponding website is re-visited, the web browser sends the contents of the cookies back and thus enables the user to be recognized.


Certain cookies are deleted when you log out or end the browser session (so-called "transient cookies"). Other cookies are stored for a specified time or permanently (so-called "temporary cookies" or "persistent cookies"). These cookies are automatically deleted after the defined time has elapsed.


You have the option of agreeing to the use of cookies, changing them or rejecting them via the cookie query that appears when you first visit our website. Cookies, which are essential for providing the web service (see explanation under 3.1), cannot be rejected. You can delete the stored cookies in the security settings of your browser at any time and configure the use of cookies according to your wishes. We would like to point out, however, that you may then not be able to use all functions of this website.


Basically, cookies are only an online identification without personal reference. Cookies become personal when the information generated by cookies is combined with other data. A distinction can be made between cookies that are required for the provision of the website and cookies that are required for further purposes such as analysis of user behaviour or advertising.

3.1 Functional Cookies

These cookies are essential for the proper functioning of the website. They enable navigation through the pages as well as essential functions. They also serve the anonymous evaluation of user behaviour, which we use to constantly improve our website. The legal basis for these cookies is Art. 6 Abs. 1 lit. f DSGVO.


2020_Privacy Policy_Functional Cookies

3.2 Analytical Cookies

These cookies are used to better understand the user behaviour. Analytical cookies enable the collection of usage and recognition possibilities in so-called pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual website visitors or to analyze user behavior on the basis of anonymous and pseudonymous information. A direct conclusion on a person is not possible. The legal basis for these cookies is Art. 6 1 a) DSGVO.


2020_Privacy Policy_Analytical Cookies

3.3 Marketing Cookies

These cookies and similar technologies are used to display personalized and thus advertising-relevant content. This serves to create a pseudonymous interest profile and to place relevant advertisements on other websites (retargeting). A direct conclusion on a person is not possible. Marketing and retargeting cookies help us to display possible relevant advertising content for you. By suppressing marketing cookies, you will continue to see the same number of advertisements, but they may be less relevant for you). The legal basis for these cookies is Art. 6 Abs. 1 lit. a DSGVO.


2020_Privacy Policy_Marketing Cookies

3.3.1 Webtracking Services

These services are built into the website to optimize usability and measure the reach of the website. Your access data (see section 2) is recorded and with the help of analysy-se-cookies (see section 3) the user behaviour is evaluated. Personal identification is generally not required for web tracking, so that when your access data is recorded, the stored IP address is either not used or only used in abbreviated form (shortened by the last octet) and pseudonymous user profiles are created. These are generally not combined with other data and you have the possibility of revocation at any time.


The web tracking services are usually provided by service providers who process the data only according to the instructions of the person responsible and not for their own purposes as so-called order processors. This is ensured by means of contracts for order processing. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as "EU or EEA") process your data, a so-called transfer to third countries takes place. This is permitted if you have consented to it, if the company has created guarantees for a level of data protection in line with European standards or if the EU Commission has classified the third country in question as a secure third country. The third country transfer of the respective service is marked in the following. Further information on the recipients of your data can be found in section 5.


The legal basis for recording and evaluating pseudonymous user profiles is Art. 6 para. 1 lit. a DSGVO.


The individual web tracking services of the website are described in more detail below:


3.4.1 Google Analytics

The website uses the Google Analytics service. The provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin. Google Analytics creates a pseudonymous user profile in order to optimise the user-friendliness of the website. The pseudonymity is ensured by shortening the IP address before transmitting your data to Google and making it impossible to draw conclusions about your person. The pseudonymous usage profile is evaluated after transmission for the purpose of optimising user-friendliness. Through the use of Google Analytics, third country transfer takes place (for further details, see section 6). By means of a contract for order processing as well as conclusion of further guarantees the company ensures an appropriate level of data protection.


You can find more information on data processing at Google Analytics in the Google privacy policy: https://policies.google.com/privacy?hl=de.


3.4.2 Google Ads

We use the Google AdWords Conversion feature of Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (Google). Through Google Adwords Conversion, we advertise the website in Google search results and on the websites of other providers who also participate in the Google advertising network. When you visit our website, a Google Coo-kie is set which automatically enables interest-based advertising within the Google advertising network using a pseudonymous cookie ID and on the basis of your access data. If you reach our website via a Google ad on another website, Google will also set a cookie. These Google cookies generally expire after 30 days and are not intended to identify you personally. These cookies only enable Google to recognize your internet browser. If a user visits certain pages of the website within the Google advertising network and the cookie stored by Google has not expired, Google and the website provider can recognize that the user clicked on the ad and was redirected to this website. Each website provider that participates in the Google advertising network is assigned a different cookie by Google. Cookies can therefore not be tracked through the website of other website providers who also participate in the Google advertising network. We ourselves do not collect and process any personal data in the context of Google AdWords Conversion. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of our advertisements are particularly effective in the Google advertising network. We do not receive any further data, in particular we cannot identify our users on the basis of this information. Further information on the Google advertising network and the Google privacy policy can be found at: http://www.google.com/privacy/ads/.


3.4.3 LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows the following information to be collected: IP address, device and browser characteristics, and page events (e.g., page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. LinkedIn does not share any personal information with Arvato Systems, but provides anonymized reports about the website target audience and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Arvato Systems may use this data to display targeted advertising outside its Web site without identifying you as a Web site visitor. For more information about LinkedIn's privacy policy, please refer to the LinkedIn privacy statement.


LinkedIn members can control the use of their personal information for promotional purposes in their account settings. To disable ("opt-out") the Insight tag on our website, click here.

4. What Personal Data Is Collected and for What Purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.
We use the data described in section 2 for the following purposes:

  • To provide website features and content and ensure technical security in trouble-shooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
  • To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
  • To implement our own and external advertising (online advertising);
  • For communication, completion of precontractual procedures, and customer care purposes;
  • To send out newsletters via email;
  • For event registration and participation

For information on other data processing purposes, please refer to the sections below of this Privacy Policy.

4.1 Provision of the Website

4.1.1 Description and scope of data processing

In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.


4.1.2 Purpose and legal basis of data processing

The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.


4.1.3  Duration of storage or criteria applied in defining this period

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.


4.1.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.

4.2  Contact Form, Email and Telephone Contact Information

4.2.1 Description and scope of data processing

On our website you have the option of contacting us by way of a contact form, by email, by telephone or by chat using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).


In order to ensure sufficient data security during the transmission of forms, we use in certain cases the service reCAPTCHA of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This serves above all to differentiate whether the input is made by a natural person or misused by mechanical and automated processing. The service includes the transmission of the IP address and any other data required by Google for the reCAPTCHA service to Google. The differing data protection provisions of Google Ltd. apply here. Further information on the data protection guidelines of Google Ltd. can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/


4.2.2 Purpose and legal basis of data processing

The legal basis for processing your contact details follows from Art. 6(1)(f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6(1)(b) GDPR.


4.2.3 Duration of storage or criteria applied in defining this period

Your contact details are deleted once your request has been processed and further communication has been discontinued. This does apply if the purpose of your establishing contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g. request information). In this case the data will be further processed on a new legal basis and deleted as soon as the processing purpose and the legal retention periods are fulfilled.


4.2.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your contact information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract or exercising your rights as a data subject.

4.3 Asserting Your Rights as a Data Subject

4.3.1 Description and scope of data processing

On the website you have the possibility of asserting your rights as a data subject, e.g. request information on your personal information that is currently stored by us. In order to assert your rights as a data subject, it may be necessary that you provide information to Bertelsmann and/or its subsidiaries pertaining to your person and the specific information that has been processed. Without providing this information, Bertelsmann and/or its subsidiaries are not able to cater to your rights as a data subject.


4.3.2 Purpose and legal basis of data processing

The legal basis for processing your personal data in asserting your rights as a data subject follows from Art. 6 (1) point c GDPR, “Complying with a legal obligation”.


4.3.3 Duration of storage or criteria applied in defining this period

Bertelsmann and/or its subsidiaries store(s) the correspondence exchanged with you in relation to your asserting your rights as a data subject for a period of three years. This does not apply to information obtained to clarify your identity, e.g. by way of a labeled photocopy of your personal identity card, where Bertelsmann and/or its subsidiaries have been provided one. It will be deleted within one week at the latest of establishing your identity.


4.3.4 Options for lodging an objection and having your information removed

The processing of your information is required for complying with your rights as a data subject, and to that extent you have no right to revoke your consent to its processing.

4.4 Newsletter and Download of Content

4.4.1 Description and scope of data processing

The website offers the possibility to subscribe to newsletters and also to download whitepapers/e-books/studies (hereinafter referred to as content) on current topics from our business areas free of charge. All that is required is the provision of your professional e-mail address. If, on the other hand, you would like to be contacted in a company-related and/or personal manner, you can also provide information about yourself and/or your company. The personal data entered by you and your consent for advertising purposes in the double opt-in procedure will be stored in our CRM system and processed further (also with the help of service providers) for the purpose of sending newsletters. Your data will not be passed on to third parties.


We point out that the company may evaluate your user behaviour when sending newsletters. To carry out this evaluation, the emails sent include web beacons or tracking pixels, which are one-pixel image files stored on the website. For the purpose of evaluations, the company could link your data and the web beacons with your email address and an individual ID. With the data obtained in this manner, the company would be able to create a user profile with which the newsletter can be tailored to your indi-vidual interests. To do this, the company records which links you click on when you read the newslet-ter and uses these to derive your personal interests. The company could associate this data with your behaviour on our website.


4.4.2 Purpose and legal basis of data processing

The processing of your data via the login form is required to inform you about and advertise the company's goods and/or services. The legal basis for processing the data when registering for the newsletter is the consent according to Art. 6 (1) lit. a GDPR with reference to Section 7 (2) No. 3 of the Act Against Unfair Competition (hereinafter referred to as “UWG”).


The legal basis for the processing of your personal data after purchasing the company’s goods and/or services is Art. (6) 1 lit. f GDPR with reference to Section 7 (3) of the Act Against Unfair Competition (hereinafter referred to as “UWG”). Advertising to existing customers is in the company’s legitimate interest.


4.4.3 Duration of storage or criteria applied in defining this period

The data will be stored for as long as the newsletter is subscribed to. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until the contractual and/or legal obligations have been fulfilled and deletion is not precluded by statutory retention periods.


4.4.4 Options for lodging an objection and having your data removed

You can revoke your consent to receiving the newsletter at any time by clicking on the unsubscribe link provided in each newsletter or by writing to:


Newsletter of Arvato Systems,

Arvato Systems GmbH via E-Mail: info@arvato-systems.de

or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.


4.5 Events

4.5.1 Description and scope of data processing

On our website you have the option of registering to Arvato Systems’s events. The events include lectures on current topics and developments in the IT sector, as well as presentations of the service portfolio and new products and services of Arvato Systems. The addressees of these events are usually business customers. You can register for the individual events via a registration form. The data required for registration is collected and processed for attending the event. The registration form also gives you the opportunity to arrange personal interest and sales meetings with Arvato Systems. Registration is voluntary.


In addition, our events are regularly recorded with images and sound, some of which are published on our homepage, in our social media channels or as part of external and internal reporting. In addition to the photo and video recordings, metadata such as the location and time of the recording and location are automatically stored in the digital cameras.


Your data will only be passed on to third parties (e.g. organizers) if this is necessary for your participation in the event.


4.5.2 Purpose and legal basis of data processing

We use your personal data to contact you, to register you, to organise events and for advertising purposes. The legal basis for the registration for an event is Art. 6 para. 1 lit. f GDPR. The legitimate interests lie in customer care and customer acquisition. If you have given your consent to be contacted by telephone and/or e-mail for advertising purposes, Art. 6 I lit. a GDPR serves as the legal basis.


The legal basis for taking and storing photographs and video recordings at an event is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in reporting on the event. The legal basis for publishing the photo and video recordings is §§ 22, 23 Kunsturhebergesetz (KUG).


4.5.3 Duration of storage or criteria applied in defining this period

Your data will be stored until the end of the event as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations.


4.5.4 Options for lodging an objection and having your data removed

You can revoke your consent to receiving press releases at any time by writing to Arvato Systems GmbH via E-Mail: info@arvato-systems.de or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.

4.6 Links to Other Websites

This website contains links to the website of other website operators. Clicking on the links takes you to the respective websites (e.g. Facebook, YouTube). With the exception of your access data to make the other website available, no data of yours is transmitted to these website operators.


Our Privacy Policy only covers our website; we are not responsible for the privacy policies of other websites. Nevertheless we recommend that you read the privacy policies of the websites you access by clicking on the links leading to them.

4.7 External Services and Content on Our Website

We integrate external services and content on our website. If you use one of these services or you are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.


That provider may use your data for their own purpose. To the best of our knowledge and belief, we have configured the services or content of third-party providers who are known to use data for their own purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them we are unable to make any binding statements pertaining to the purpose and scope of the processing of your data.


For further information on the purpose and scope of the collection and processing of your data, please refer to the privacy policy of the responsible provider (under data protection law) of the services or content integrated by us:


4.8 Use of the Blog

4.8.1 Description and scope of the data processing

If you want to use the comment function of blogs, you must specify a name and your email address in addition to the actual comment. The username for this purpose is freely selectable, so there is no clear name obligation and the company provides you with the option to remain pseudonymous to the other users. Comments are only published after review and approval by the company. If you post comments, these will generally be made accessible to unregistered users (hereinafter referred to as “anyone”), stating your username, time and date of the comment.


4.8.2 Purposes and legal basis of the data processing

Data is processed on the blog for the purpose of collective discussion between users on various topics. The legal basis is Art. 6 (1) lit. f GDPR. The legitimate interest lies in promoting exchange with-in the interested community.


4.8.3 Duration of storage or criteria for determining this duration

Your user data is stored until the commented post is no longer relevant for the blog in terms of content and the intended purpose is therefore fulfilled. Your published comments will be stored until deleted and are accessible to anyone. If you wish for your contributions to be deleted, you can send your deletion request to the company under Section 1.


4.8.4 Possibility of objection and deletion

Processing your user data is required to use the blog’s comment function. You cannot object to this, but you can exercise your right to deletion of data.

5. Who Comes into Possession of My Personal Data?

Those entities within the company who need your data to fulfil the purposes described in Section 4 above. Also, service providers employed by the company may gain access to your data (“proces-sors”, such as data centres, newsletters, customer service or debtor management). Data processing contracts ensure that these service providers commit to instructions, data security and the confiden-tial handling of your data.

Your data is only transferred to other recipients at your request or if required by law. The following third parties are included in the data transfer:

  • Providers of social media services that for their own purposes merge your data from the website with the data already stored there.
  • Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
  • Affiliate companies to which you refer in your request

Public bodies and institutions, such as law enforcement agencies, who receive access to your data for reasons of compliance with legal or regulatory obligations

6. Is My Personal Data Processed outside of the EU or EEA (‘Transfer to a Third Country’)?

If the service providers listed in Section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in Section 4, this may result in your data being transmitted to a coun-try where a level of data protection equivalent to that in the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. When selecting service providers, Arvato Systems takes the necessary steps to contractually ensure an equivalent level of data protection.

7. What Data Privacy Rights Do I Have?

You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.


Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situa-tion to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal infor-mation for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.


You also have the possibility to contact a data protection authority and file a complaint. A list of data protection authorities and their contact data can be found here.

8. To What Extent Is Automated Decision-Making and Profiling Utilised?

We do not use any fully automated decision-making processes for any of the purposes set out in section 4. No profiling takes place for any of the purposes set out in section 4.

9. Final / Version Information

As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy statements may be required. Therefore, we recommend that you review these privacy statements from time to time.


Last update of the Privacy Policy: May 2020