Contact
+
Last updated: October 2020
  1. Name and address of the controller
  2. Name and address of the controller’s data protection officer
  3. General information on data processing
  4. Rights of the data subject
  5. Provision of the website and creation of log files
  6. Use of cookies
  7. Newsletter
  8. Contact via email
  9. Company online presence
  10. Use of company online presence in job-oriented networks
  11. Vimeo
  12. Hosting
  13. Geotargeting
  14. Registration
  15. Application
  16. Events

I. Name and address of the controller

 

The controller for purposes of the General Data Protection Regulation and other national data protection laws of the Member States and other provisions of data protection law is:

ARQIS
von Einem Panzer-Heemeier Schulze Witty Yamaguchi
Rechtsanwälte Partnerschaftsgesellschaft mbB
Breite Straße 28
40213 Düsseldorf, Germany
T +49 211 13069-000
F +49 211 13069-099
ARQIS@ARQIS.com
www.ARQIS.com

II. Name and address of the controllers data protection officer

 

Herr Thomas Regier
DataCo GmbH
Dachauer Straße 65
80335 Munich, Germany
datenschutz@dataguard.de
+49 89 7400 45840

III. General information on data processing

 

1. Scope of the processing of personal data

Personal data will only be processed by us to the extent necessary for the purpose of providing a functional website and our contents and services.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 para. 1(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing.

In case the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6 para. 1(b) GDPR serves as the legal basis for the processing. This also applies to processing operations necessary in order to take steps prior to entering into a contract.

Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 para. 1(c) GDPR serves as the legal basis for the processing.

If processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 para. 1(d) GDPR serves as the legal basis for the processing.

If processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party and if the interests, fundamental rights and freedoms of the data subject do not override such interests, Article 6 para. 1(f) GDPR serves as the legal basis for the processing.

 

3. Data erasure and storage period

The personal data of the data subject will be erased or blocked once it is longer necessary for the purpose for which it was collected. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the above-mentioned provisions expires unless there is a need for further storage of the data in order to conclude or implement a contract.

IV. Rights of the data subject

 

If your personal data are processed, you are a data subject according to the GDPR and you are entitled to the following rights towards the controller:

 

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not your personal data is being processed by the controller.

Where that is the case, you have the right of access to the following information:

 

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom your personal data have been or will be disclosed
  4. the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of your personal data, the right to request from the controller restriction of processing or the right to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right of access to information as to whether your personal data is transferred to third countries or international organisations. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

This right of access can be restricted in so far as it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

 

2. Right to rectification

You have the right to obtain from the controller the rectification and/or the completion of inaccurate or incomplete personal data concerning you. The controller must provide the rectification without undue delay.

Your right of rectification can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

 

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing your personal data where one of the following applies:

  • you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification on whether the legitimate grounds of the controller override your interests, rights and freedoms.

Where processing of your personal data has been restricted, such personal data can, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Your right to restriction of processing can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

 

4. Right to erasure

 

a) Duty to erase

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

 

  1. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent on which the processing is based according to Article 6 para. 1(a), or Article 9 para. 2(a) GDPR, and where there is no other legal ground for the processing;
  3. You object to the processing pursuant to Article 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para. 2 GDPR.
  4. Your personal data have been unlawfully processed;
  5. Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. Your personal data have been collected in relation to the offer of information society services referred to in Article 8 para. 1 GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17 para. 1 GDPR to erase this personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing this personal data, that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply insofar as the processing is necessary

 

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 para. 2 as well as Article 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

 

5. Right to information

If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about those recipients.

 

6. Right to data portability

You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where

 

  1. the processing is based on consent pursuant to Article 6 para. 1(a) GDPR or Article 9 para. 2(a) GDPR or on a contract pursuant to Article 6 para. 1(b) GDPR; or

  2. the processing is carried out by automated means.

In asserting this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) or (f) of Article 6 para. 1 GDPR, including profiling based on those provisions.

The controller does no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data can no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated means using technical specifications.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1 GDPR, you have, on grounds relating to your particular situation, the right to object to processing of your personal data.

Your right of objection can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

 

8. Right to withdraw of consent to processing personal data

You have the right to withdraw your consent to processing personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

 

  1. is necessary for entering into, or performance of, a contract between you and the data controller
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9 para. 1 GDPR, unless point (a) or (g) of Article 9 para. 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in section 1 and 3, the data controller has to implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

 

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement in case you consider that the processing of your personal data infringes the provisions of the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

 

V. Provision of the website and creation of log files 

 

1. Description and scope of data processing

Any time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • IP address of the User
  • Date and time of access
  • Websites from which the User’s system accesses our website
  • Websites the User’s system accesses from our website

This data is stored in the log files of our system. This data is stored separately from all personal data provided by a ser.

 

2. Purpose of data processing

The system has to temporarily store the IP address to transfer the website to the User’s computer. To that end, the User’s IP address must be retained for the duration of the session.

The storage in log files is done to ensure the website functions properly. In addition, the data is used to optimise the website and to generally ensure the security of our information technology systems. In this connection, data is not analysed for marketing purposes.

Our legitimate interest in data processing in accordance with Article 6 para. 1(f) GDPR stems from these purposes.

 

3. Legal basis for data processing

Article 6 para. 1(f) GDPR provides the legal basis for the temporary storage of data and log files.

 

4. Storage period

The data will be erased once it is no longer necessary for the purpose for which it was collected. When data is collected to allow us to provide our website, this occurs when the relevant session ends.

When data is stored in log files, this takes place after seven days at the latest. Data may be stored for longer periods. If this occurs, the IP addresses of Users shall be erased or anonymised, so it is no longer possible to attribute them to the client accessing the site.

 

5. Option to object and have data deleted

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore the User is not entitled to raise an objection in this context.

VI. Use of cookies

 

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the User’s computer system. By accessing a website, a cookie may be stored on the User’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information

We also use cookies on our website that allow the browsing patterns of the User to be analysed.

In this way the following data can be transferred:

  • Entered search terms
  • Frequency of page views
  • Use of website functions

The User’s data collected in this way is pseudonymised as a technical precaution. As a result, it is no longer possible to assign the data to the accessing User. This data is stored separately from all personal data provided by a User.

 

2. Purpose of data processin

The purpose of using technically necessary cookies is to simplify the use of websites for Users. Some functions of our website cannot be offered without the use of cookies. In relation to those, it is necessary that the browser is recognised even after a page change.

We require cookies for the following applications:

  • Transfer of language settings
  • Memorising search terms

The User’s data collected by means of technically necessary cookies is not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its contents. By using analysis cookies we learn how the website is used and can thus constantly optimise our offer.

 

3. Legal basis for data processing

Article 6 para. 1(f) GDPR provides the legal basis for the processing of personal data using cookies.

Article 6 para. 1(f) GDPR provides the legal basis for the processing of personal data using technically necessary cookies.

 

4. Storage period, option to object and have data deleted

Cookies are stored on the User’s computer and transferred by the User to our site. Therefore, you, as the User, have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to take full advantage of all its features.

The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of the Flash Player.

If you use a Safari browser version 12.1 or more recent version, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Newsletter

 

1. Description and scope of data processing

Our website gives the opportunity to subscribe to a free newsletter. While registering for the newsletter, the following data entered into the input mask is transferred to us:

  • Email address
  • Name
  • First name
  • Pseudonym
  • Telephone/Mobile phone number
  • Address
  • IP address of the accessing computer
  • Date and time of registration

The data collected will not be passed on to third parties. The data collected is used exclusively for sending the newsletter.

 

2. Purpose of data processing

The purpose of collecting the User’s email address is to send the newsletter.

The collection of other personal data while registering for the newsletter is necessary in order to prevent misuse of the services or the email address used.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data after registration for the newsletter by the User.

 

4. Storage period

The data will be erased once it is longer necessary for the purpose for which it was collected. Therefore, the User’s email address is stored as long as the subscription to the newsletter is active.

The other personal data collected while registering for the newsletter is usually erased after a period of seven days.

 

5. Option to object and have data deleted

The User can unsubscribe from the newsletter at any time. A corresponding link for this purpose can be find in every newsletter.

As a result, also the given consent to store personal data collected during the registration can be withdrawn.

VIII. Contact via email

 

1. Description and scope of data processing

We can be contacted via the email address provided on our website. In this case, the personal data transferred with the User’s email will be stored.

The data will be used exclusively for processing the conversation.

 

2. Purpose of data processing

The legitimate interest necessary for processing this data stems from contacting us via email.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

Article 6 para 1(f) GDPR serves as the legal basis for the processing of data transferred in the course of sending an email. If the contact via email aims at the conclusion of a contract, Article 6 para. 1(b) GDPR serves as an additional legal basis for the processing.

 

4. Storage Period

The data will be erased once it is longer necessary for the purpose for which it was collected. Regarding personal data transferred via email, this is the case when the respective conversation with the User has ended. The conversation ends when it gets clear from the circumstances that the matter in question has been finally clarified.

The personal data collected additionally during the transfer will be erased after a period of seven days at the latest.

 

5. Option to object and have data deleted

The User has the right to withdraw his or her consent to the processing of personal data at any time. By way of contacting us via email, the User can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

No separate consent will be obtained for the purpose of getting into contact via email.

In this case, all personal data stored in the course of the contact will be erased.

IX. Company online presence 

 

Company presence in social networks

1. Instagram:

Instagram, Part of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland

We offer information and provide the Users of Instagram with the opportunity to communicate on our company presence on Instagram. If you carry out an action in connection with our company presence on Instagram (e.g. comments, contributions, likes etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by Instagram, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our company presence in social networks is used for the exchange of communication and information with (potential) customers. In particular, we use our company presence for:

The use of social networks serves for the purpose of pure information about the services offered by ARQIS and to provide information about other events and news.

Publications on the company social media pages may contain the following content:

  • Information about services;
  • Information about other events and news.

Every User is free to publish personal data through his or her activities on these platforms.

Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

The data collected through our company presence on Instagram is not stored in our own systems.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by Instagram is carried out on the basis of appropriate safeguards in accordance with Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses in accordance with Article 46 para. 2(c) GDPR.

You may at any time object to the processing of your personal data that we collect in the course of your use of our company presence on Instagram and assert your rights as a data subject as set out in section IV of this Data Protection Declaration. All you have to do is to send us an informal email to datenschutz@ARQIS.com. You can find more information on how your personal data is processed by Instagram and the corresponding options to object here:

Instagram: https://help.instagram.com/519522125107875

 

2. Twitter:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

We offer information and provide the Users of Twitter with the opportunity of communication on our company website. If you carry out an action in connection with our company presence on Twitter (e.g. comments, contributions, likes etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by Twitter, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our company presence in social networks is used for the exchange of communication and information with (potential) customers. In particular, we use our company presence for:

The use of social networks serves for the purpose of pure information about the services offered by ARQIS and to provide information about other events and news.

Publications on the company social media pages may contain the following content:

  • Information about services;
  • Information about other events and news.

Every User is free to publish personal data through his or her activities on these platforms.

Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

The data collected through our company presence on Twitter is not stored in our own systems.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by Twitter is carried out on the basis of appropriate safeguards pursuant to Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Article 46 para. 2(c) GDPR.

You can at any time object to the processing of your personal data that we collect in the course of your use of our company presence on the Twitter website and assert your rights as a data subject as set out under section IV of this Data Protection Declaration. All you have to do is to send us an informal email to datenschutz@ARQIS.com. You can find more information about the processing of your personal data by Twitter and the corresponding options to object here:

Twitter: https://twitter.com/de/privacy

 

3. YouTube:

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

We offer information and provide the Users of YouTube with the opportunity to communicate on our company website. If you carry out an action in connection with our company presence on YouTube (e.g. comments, contributions, likes etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by YouTube, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our company presence in social networks is used for the exchange of communication and information with (potential) customers. In particular, we use our company presence for:

The use of social networks serves for the purpose of pure information about the services offered by ARQIS and to provide information about other events and news.

Publications on the company social media pages may contain the following content:

  • Information about services;
  • Information about other events and news.

Every User is free to publish personal data through his or her activities on these platforms.

Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

The data collected through our company presence on YouTube is not stored in our own systems.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by YouTube is carried out on the basis of appropriate safeguards pursuant to Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Article 46 para. 2(c) GDPR.

You may at any time object to the processing of your personal data that we collect in the course of your use of our corporate presence on YouTube and assert your rights as a data subject as set out in section IV of this Data Protection Declaration. All you have to do is to send us an informal email to datenschutz@ARQIS.com. You can find more information on the processing of your personal data by YouTube and the corresponding options to object here:

YouTube: https://policies.google.com/privacy?gl=DE&hl=de

X. Use of company online presence in job-oriented networks 

 

1. Scope of data processing

We use our company online presence in job-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Irland

XING: XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

We offer information and provide the Users with the opportunity to communicate on our website.

The company presence is used for applications, information/PR and active sourcing.

However, as we generally or to a large extent have no influence on the processing of your personal data by companies operating these job-oriented networks, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find further information on this in the privacy policy of:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv 

XING: https://privacy.xing.com/de/datenschutzerklaerung 

If you carry out an action on the social media pages of our company (e.g. comments, contributions, likes, etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public.

 

2. Legal basis for data processing

Article 6 para. 1(f) GDPR serves as the legal basis for the processing of your data in connection with the use of our company presence.

 

3. Purpose of data processing

Our company presence on job-oriented networks has the purpose to inform Users about our services. Every User is free to publish personal data through his or her activities on these platforms.

 

4. Storage Period

We store your activities and personal data published via our company presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.

 

5. Option to object and have data deleted

You may at any time object to the processing of your personal data that we collect in the course of your use of our pages on these platforms and assert your rights as a data subject as set out in section IV of this Data Protection Declaration. All you have to do is to send us an informal email to the email address provided in this Data Protection Declaration.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by LinkedIn is carried out on the basis of appropriate safeguards pursuant to Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Article 46 para. 2(c) GDPR.

You can find further information on the options to object and have data deleted here:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv 

XING: https://privacy.xing.com/de/datenschutzerklaerung 

 

XI. VIMEO

Videos from the provider Vimeo, which is operated by Vimeo LLC, 555 West 18th Street, New York 10011 (“Vimeo”), are integrated on our company website.

When you visit one of our pages equipped with a Vimeo plugin, a connection to the servers of Vimeo will be established. Thereby it will be transmitted which of our pages you have visited. In addition, Vimeo will obtain your IP address. This also applies if you are not the own-er of a Vimeo account or are not logged in to Vimeo at the time of transmission.

If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account and deleting the cookies set on your device.

For more information about how Vimeo processes your personal data, please visit: https://vimeo.com/privacy.

In addition, Vimeo will call the tracker Google Analytics via an iFrame in which the video is called. This is Vimeo`s own tracking and that lies beyond our control or access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some internet browsers. You can also prevent the collection and processing of data generated by Google Analytics and related to your use of the website (including your IP address) by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.

Vimeo is a company based in the USA. With the Schrems II decision of the European Court of Justice (C-311/18), the previously existing adequacy decision for data transfers to the USA, the socalled Privacy Shield agreement, was declared invalid. The European Court of Justice has ruled that the USA do not ensure an adequate level of data protection. In particular, there is a risk that personal data may be subject to access by US authorities for control and monitoring purposes and that no effective remedies are available. The transfer to as well as the processing and/or storage of personal data by Vimeo is therefore based on the standard contractual clauses of the European Commission pursuant to Article 46 para. 2(c) GDPR. You can find these provisions in the order agreement we have concluded with Vimeo: https://www.vhx.tv/data-processing. Additional technical and organisational measures (if necessary) will be taken if an adequate level of data protection cannot other-wise be guaranteed.

The legal basis for the processing of your personal data is our legitimate interest pursuant to Article 6 para. 1(f) GDPR for the purpose of presenting our company in an appealing manner.

XII. Hosting

 

The website is hosted on servers by a service provider that we have engaged.

Our service provider is: WordPress

The servers automatically collect and store information in so-called server log files, which your browser automatically transfers while you visit the website. The stored information contain:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. This data is collected in accordance with Article 6 para. 1(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of the website – for this purpose, the server log files must be collected.

The server of the website is located in Germany.

 

XIII. Geotargeting

 

We use the IP address and other information provided by the User (in particular the postal code while registering or ordering) to address regional target groups (so-called “geotargeting”).

Regional targeting, for example, is used to automatically display to you regional offers or advertising, which is often more relevant to Users. Article 6 para. 1(f) GDPR serves as the legal basis for the use of the IP address and, if applicable, other information provided by the User (in particular the postal code), based on our interest to ensure a more precise target group approach and thus providing offers and advertising of greater relevance to Users.

A part of the IP address as well as the additional information provided by the User (in particular the postal code) is only read out and not saved separately.

You can block geotargeting by using a VPN or proxy server, for example, which blocks precise localisation. In addition, depending on the browser you are using, you can also deactivate location localisation in the corresponding browser settings (as long as the respective browser supports this).

We use geotargeting on our website for the following purposes:

  • Customer approach
  • Advertising purposes

 

XIV. Registration 

 

1. Description and scope of data processing

We allow Users to register on our website by providing personal data. The data is entered into an input mask, transferred to us and stored. This data will not be transferred to third parties. The following data is collected during the registration process:

  • Email address
  • Name
  • First name
  • Pseudonym
  • Address
  • Telephone/Mobile phone number
  • IP address of the accessing computer
  • Date and time of registration

During the registration process, the User’s consent will be obtained for this processing of data.

 

2. Purpose of data processing

The registration of the User is necessary for the purpose of providing specific contents and services on our website.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for this processing.

 

4. Storage Period

The data will be erased once it is longer necessary for the purpose for which it was collected.

This is also the case for data collected during the registration process if the registration on our website is cancelled or modified.

 

5. Option to object and have data deleted

As a User, you can cancel the registration at any time. You can ask the modification of the stored data concerning you at any time

 

XV. Application

 

1. Description and scope of data processing

We allow Users to apply for a job on our website by providing personal data. The data will be entered into an input mask and transmitted to us and stored.
The following data is collected as part of the application process:

  • Name (first and last name)
  • E-mail address
  • Phone number
  • Channel through which you became aware of us

You will also have the option of uploading meaningful documents such as a cover letter, your CV and references. This may contain further personal data such as date of birth, address, etc.

Only authorized employees from the personnel department or employees involved in the application process will have access to your data.

 

2. Purpose of data processing

If you apply to us via our web form, we will collect and process your personal data for the purpose of handling the application procedure and implementing pre-contractual measures.
By submitting an application on our recruiting page, you are expressing your interest in pursuing employment with us. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application.

 

3. Transfer of data to Personio

Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany
The data transmitted as part of your application will be transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, that offers personnel administration and applicant management software. In this context Personio is a processor according to Article 28 GDPR. We have concluded a processing contract with Personio for this purpose. For more information on data processing by Personio, please visit https://www.personio.de/datenschutzerklaerung/.

 

4. Transfer of data to Cronofy

Cronofy Limited, 9a Beck Street, Nottingham, NG1 1EQ, UK
In order to organise internal appointments or meetings with applicants directly via the recruiting platform and to invite the relevant persons directly, we integrate the service of Cronofy Limited. In this context, Cronofy is a processor according to Article 28 GDPR. We have concluded a processing contract with Cronofy for this purpose. For more information on data processing by Cronofy, please visit https://docs.cronofy.com/policies/privacy-notice/.

 

5. Storage period

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
In the event of an unsuccessful application, your data will be stored for a maximum period of two months after the decision to reject your application. This is done in order to comply with legal obligations or to defend against possible claims arising from legal regulations. We are then obliged to erase or anonymise your personal data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).

For the processing of your personal data beyond the end of the specific application procedure, your consent within the meaning of the § 26 para. 3 sentence 2 and para. 2 German Data Protection Act (Bundesdatenschutzgesetz) is required during the submission process. Only if you give this consent, your data will be stored for a period of [twelve] months in order to contact you later and continue the application process if you are considered for another position.

If you receive an offer of employment with us during the application process and accept this offer, we will store the personal data collected during the application process for the duration of the employment relationship, if applicable.

 

6. Option to object and have data deleted

You can object to the processing of your personal data that we collect as part of the application process and assert your rights as a data subject as set out in IV of this Privacy Notice at any time. All you have to do is send us an informal e-mail to ARQIS@ARQIS.com or contact the data protection officer named under II.

XVI. Events

 

1. Description and scope of data processing

We hold events in our offices or virtually (video conference) to which we provide exclusive invitations. The respective invitation holds a link that leads to a registration form on our website. The data entered into the form will be transferred to us and stored. This data will not be transferred to third parties. The following data is collected during the registration process:

  • Email address
  • Name
  • First name
  • Address
  • Telephone/Mobile phone number

 

2. Purpose of data processing

This personal data will be processed for the purpose of the organisation, implementation and handling of the advertised event. If we process your personal data at events for purposes beyond this, you will be informed separately.

 

3. Legal basis for data processing

Article 6 para. 1(f) GDPR serves as the legal basis for the processing of your data in connection with the staging of events.

 

4. Storage Period

The data will be erased as soon as it is no longer necessary for the purpose for which it was collected unless its storage or processing is justified for another purpose. This is the case of data collected during registration for an event, when the event is finished and fully processed.

 

5. Right to object and have data deletd

You can at any time object to the processing of your personal data that we collect in the course of events and assert your rights as a data subject as stated under section IV of this Data Protection Declaration. All you have to do is send us an informal email to ARQIS@ARQIS.com or contact the data protection officer named under section II.

This Data Protection Declaration was drafted with the assistance of DataGuard.

 

PRIVACY POLICY – VIDEO SURVEILLANCE

This Privacy Policy explains how we process your personal data when video surveillance technology is used.
Read now