DATA PROTECTION AND PRIVACY POLICY

1. General information on the collection of personal data and information

a) The protection of your privacy when using our websites is very important to us. Accordingly, we use your personal data in accordance with the statutory provisions on data protection and privacy. Personal data is all data that can be related to you personally, e.g. name, address, e-mail address, user behavior. Below we inform you about how we handle your personal data.

b) The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and other national data protection and privacy laws of the member states as well as other data protection and privacy provisions is:

 

ARVOS Holding GmbH

 

Managing Director:

Ludger Heuberg

Am Taubenfeld 21/1

D – 69123 Heidelberg

 

Tel.: +49 (0)6221 532 0

Fax: + 49 (0)6221 532 189

 

Data Protection Officer according to Art. 37 of the EU General Data Protection Regulation (GDPR) and § 5 BDSG (German Federal Data Protection and Privacy Act) is:

 

SPIE GmbH Unternehmensgruppe

Lyoner Strasse 9

60528 Frankfurt

Internet: www.spie.de

 

You can reach our data protection officer by e-mail at Datenschutz.Holding@arvos-group.com or by mail at ARVOS Holding GmbH using the subject line "data protection officer".

 

c) If you are under the age of 16, please obtain permission from a parent or guardian before providing any personal information to us.

 

2. Collection of personal data when visiting our website

 

a) In principle, you can visit our website without telling us who you are. Usually with almost all websites, the server on which our website is located (hereinafter referred to as "web server") automatically collects information from you when you visit us on the Internet. This data is technically necessary for us and guarantees the stability and security of the website.

The web server automatically recognizes certain personal data such as your IP address, the date and time you are on our site, the pages you visit on our site, the site you were on before visiting our site, the browser you use (e.g. Internet Explorer, Firefox, Safari), the operating system you use (e.g. Windows, Linux, MAC OS) and the domain name and address of your Internet service provider (e.g. 1&1, Telekom, Unitymedia). If our website uses cookies (as explained below), the web server also stores this information (permissible pursuant to Art. 6 (1)(f) DGPR).

 

Your personal data will only be stored on our server for the duration of your visit.

 

b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. On the whole, they serve to make the Internet offer more user-friendly and effective.

aa) This website uses the following types of cookies, the scope and function of which are explained below:

- Transient cookies (see bb)

- Persistent cookies (see cc)

bb) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.

cc) Persistent cookies are automatically deleted after a specified period of time, but at the latest after 2 years, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

dd) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.

 

c) Cookies from third parties on our websites

 

We allow third parties to place cookies on your computer via these websites.

 

(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google in advance within the Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and Internet usage to the website operator.

 

(2) The IP address transmitted by your browser as part of Google Analytics will not be commingled with other Google data.

(3) You can prevent the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are truncated for further processing and that it is not possible to identify you as a person. Insofar as the data collected about you is personal, this is immediately excluded and the personal data deleted immediately.

(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is set forth in Art. 6 (1)(f) DGPR.

 

(6) Third-party supplier information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/de.html, Overview of Data Protection and Privacy: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Privacy Policy: http://www.google.de/intl/de/policies/privacy.

 

(d) Contact by e-mail

(1) When you contact us by e-mail, the data you provide us with (your e-mail address and your name) will be stored by us in order to contact you and answer your questions.

 

This may be the case for the following purposes:

 

  • Initiation, execution and administration of your contractual relationship (or the contractual relationship of your organization) with us, e.g. through the execution of transactions and orders of products or services, in the context of all procurement processes, the associated processing of payment transactions, accounting, auditing, billing and debt collection activities, the initiation of shipments and deliveries, repairs and the provision of support services or other services which you or your organization may have commissioned or requested or which we have commissioned or requested with you.

  • Information and advice within an existing business relationship on similar or related products or services, to the extent permitted by applicable law.

  • Maintain and protect the security of our products, services and websites or other systems, prevent and detect security risks, fraud or other criminal or illegal activity.

  • To comply with our legal or regulatory obligations. These obligations may include, for example, the retention of sales records for tax purposes or the dispatch of legally required notices and other notifications, compliance screenings or recording obligations (e.g. under competition law, export regulations, trade sanctions and embargo regulations or to prevent white-collar crime or money laundering). In this context, we may be required to cross-check your contact information or identity with relevant sanctions lists and confirm your identity in the event of a possible match, record information about our cooperation with you where relevant under antitrust law, and report to or assist with investigations by relevant regulatory, law enforcement, or other competent government authorities.

  • Settle disputes, enforce our contractual agreements and establish, enforce, or defend legal claims.

  • Invitations to corporate events such as trade shows or other marketing activities.

 

We delete the data arising herewith in our Outlook or CMS system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or are no longer employed by the company for which they have registered), or we restrict processing if there are statutory limitations for retention periods.

 

(2) Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.

 

e) Registration via the Creditors Relation Form

When you register using the Creditors Relation Form, the information you provide (your email address and name) will be stored by us to contact you and answer your questions. We delete the attendant data in our Outlook system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or no longer work for the company for which they have registered), or restrict processing if there are statutory limitations for retention periods.

 

3. Legal basis for data processing

In order to safeguard our legitimate interest (cf. Art. 6 (1)(f). DGPR), we process your personal data when you contact us by e-mail or register using the Creditors Relation Form.

 

The provision of your personal data is not a legal obligation. This means that you are not obliged to provide us with your personal data. If you decide not to provide us with your personal data, it will not be possible to contact us or be included in our vendor list.

 

There is no automatic decision-making based exclusively on automated processing, including profiling, resulting in any legal or similar obligation affecting you.

 

4. Your rights

According to the provisions of DGPR you can assert the following rights against us:

 

  •  Right to information

  •  Right to rectification

  •  Right to limit processing

  •  Right to erasure / right to be forgotten

  •  Right to data portability

  •  Right to object

 

If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time effective into the future. This shall not affect the legal validity of any processing taking place up until you have revoked such consent.

 

If you are of the opinion that we process your personal data in an impermissible manner, please contact us by e-mail at DatenschutzHolding@arvos-group.com or via a letter addressed to ARVOS Holding GmbH using the subject line "Data Protection Officer". You also have the right to contact the data protection supervisory authority. The responsible supervisory authority is "Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstrasse 10 a, 70173 Stuttgart".

 

5. Place of data processing

Your data will mainly be processed in Germany. Under certain circumstances, however, it may also be possible for the data to be accessed by foreign Group companies, for example by contacting them via e-mail.

 

6. Disclosure of your personal data

We only collect data from you (except within the framework of the web server protocols) if you yourself communicate this to us in order to use one of our offered services (e.g. sending enquiries via the contact e-mail addresses, registering with Creditors Relations). This data is then processed and/or used exclusively for the performance of the respective service. For this purpose, it may be necessary for service providers to support us. Furthermore, it may also be necessary for your data to be passed on to other units of our group of companies. In doing so, we observe data protection and privacy regulations. Furthermore courts, law enforcement agencies, or other statutory commissioned authorities may upon observance of legal provisions retrieve data or request information. In particular, your personal data may be passed on to the following recipients:

 

  • Our parent company Arvos Bidco S.à.r.l. Luxembourg or other Group companies,

  • IT service providers, waste disposal service providers,

  • Government authorities, offices, and banks.

 

If individual service providers or affiliates are located outside of the EU, there may not be an adequate level of data protection there compared to the level of data protection and privacy within the European Union. This means that the data protection and privacy laws in the country to which your data may be transferred do not provide the same level of protection as in Germany. We have therefore taken appropriate protective measures to ensure data protection: standard contracts for order processing or standard contract clauses within the Group and with external service providers. Agreements for data processing by independent contractors have been executed in accordance with Art. 28 DGPR, the standard contract clauses in accordance with EU regulations (https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=DE).

 

You can obtain a copy of these protective measures at Datenschutz.Holding@arvos-group.com.

 

7. Security measures

Insofar as we forward data and information to our service providers within the scope of the services described herein, these service providers are obligated under contract with us with respect to provisions on the subject of data protection and privacy in addition to mandatory statutory provisions.

 

We use security measures, which we continuously optimize in accordance with technical and legal developments in order to protect your data and privacy as best as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized third parties.

 

8. Links to other websites

Our online offers contain links to other websites. This data protection and privacy policy does not extend to other providers.

We have no influence on whether these operators comply with data protection and privacy regulations and therefore accept no responsibility for the accuracy, timeliness, and sufficiency of the information provided there.

 

Our website may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own data protection and privacy policies, and most likely also use cookies. We recommend that you review them. The policies of these websites govern the use of personal information that you provide when you visit the website and that may also be collected through cookies. We assume no liability for such third-party websites, and your use of such websites is at your own risk.

 

9. Contacting us

If you have any questions or comments about our policies on data protection and privacy and cookies, please contact our authorized representative using the contact details provided in this policy statement (cf. Section 1).

 

The rapid development of the Internet makes it necessary for us to amend our data protection and privacy policies from time to time. Information about changes will be posted here.