I. Name and address of the controller

The controller for purposes of the General Data Protection Regulation and other national
data protection laws of the Member States and other provisions of data protection law is:

ARQIS Panzer-Heemeier Schulze Witty Yamaguchi
Rechtsanwälte Partnerschaftsgesellschaft mbB
Breite Straße 28
40213 Düsseldorf, Germany
T +49 211 13069-000
Fax: +49 211 13069-099
ARQIS@ARQIS.com
www.ARQIS.com

II. Name and address of the controller’s data protection officer

Herr Thomas Regier
DataCo GmbH
Dachauer Straße 65
80335 Munich, Germany
datenschutz@dataguard.de
+49 89 7400 45840

III. General information on data processing

 

1. Scope of the processing of personal data

Personal data will only be processed by us to the extent necessary for the purpose of providing a functional website and our contents and services.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 para. 1(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing. In case the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6 para. 1(b) GDPR serves as the legal basis for the processing. This also applies to processing operations necessary in order to take steps prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 para. 1(c) GDPR serves as the legal basis for the processing. If processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 para. 1(d) GDPR serves as the legal basis for the processing. If processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party and if the interests, fundamental rights and freedoms of the data subject do not override such interests, Article 6 para. 1(f) GDPR serves as the legal basis for the processing.

 

3. Data erasure and storage period

The personal data of the data subject will be erased or blocked once it is no longer necessary for the purpose for which it was collected. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the above-mentioned provisions expires unless there is a need for further storage of the data in order to conclude or implement a contract.

IV. Rights of the data subject

If your personal data are processed, you are a data subject according to the GDPR and you are entitled to the following rights towards the controller:

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not your personal data is being processed by the controller.

Where that is the case, you have the right of access to the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom your personal data have been or will be disclosed
  4. the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of your personal data, the right to request from the controller restriction of processing or the right to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right of access to information as to whether your personal data is transferred to third countries or international organisations. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

This right of access can be restricted in so far as it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

2. Right to rectification

You have the right to obtain from the controller the rectification and/or the completion of inaccurate or incomplete personal data concerning you. The controller must provide the rectification without undue delay.

Your right of rectification can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing your personal data where one of the following applies:

  • you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification on whether the legitimate grounds of the controller override your interests, rights and freedoms.

Where processing of your personal data has been restricted, such personal data can, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Your right to restriction of processing can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

4. Right to erasure

a) Duty to erase

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

  1. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent on which the processing is based according to Article 6 para. 1(a), or Article 9 para. 2(a) GDPR, and where there is no other legal ground for the processing;
  3. You object to the processing pursuant to Article 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para. 2 GDPR.
  4. Your personal data have been unlawfully processed;
  5. Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. Your personal data have been collected in relation to the offer of information society services referred to in Article 8 para. 1 GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17 para. 1 GDPR to erase this personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing this personal data, that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply insofar as the processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 para. 2 as well as Article 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to information

If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where

  1. the processing is based on consent pursuant to Article 6 para. 1(a) GDPR or Article 9 para. 2(a) GDPR or on a contract pursuant to Article 6 para. 1(b) GDPR; or
  2. the processing is carried out by automated means.

In asserting this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) or (f) of Article 6 para. 1 GDPR, including profiling based on those provisions.

The controller does no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data can no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated means using technical specifications.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1 GDPR, you have, on grounds relating to your particular situation, the right to object to processing of your personal data.

Your right of objection can be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research purposes or statistical purposes and the restriction is necessary for the achievement of research purposes or statistical purposes.

You can exercise your right to object to tracking by Matomo by clicking on this link . From this point on, your visit to this website will no longer be recorded by Matomo.

8. Right to withdraw of consent to processing personal data

You have the right to withdraw your consent to processing personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and the data controller
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9 para. 1 GDPR, unless point (a) or (g) of Article 9 para. 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in section 1 and 3, the data controller has to implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement in case you consider that the processing of your personal data infringes the provisions of the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

V. Provision of the website and creation of log files

 

1. Description and scope of data processing

Any time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • IP address of the User
  • Date and time of access
  • Websites from which the User’s system accesses our website
  • Websites the User’s system accesses from our website

This data is stored in the log files of our system. This data is stored separately from all personal data provided by a user.

 

2. Purpose of data processing

The system has to temporarily store the IP address to transfer the website to the User’s computer. To that end, the User’s IP address must be retained for the duration of the session.

The storage in log files is done to ensure the website functions properly. In addition, the data is used to optimise the website and to generally ensure the security of our information technology systems. In this connection, data is not analysed for marketing purposes.

Our legitimate interest in data processing in accordance with Article 6 para. 1(f) GDPR stems from these purposes.

 

3. Legal basis for data processing

Article 6 para. 1(f) GDPR provides the legal basis for the temporary storage of data and log files.

 

4. Storage period

The data will be erased once it is no longer necessary for the purpose for which it was collected. When data is collected to allow us to provide our website, this occurs when the relevant session ends.

When data is stored in log files, this takes place after seven days at the latest. Data may be stored for longer periods. If this occurs, the IP addresses of Users shall be erased or anonymised, so it is no longer possible to attribute them to the client accessing the site.

 

5. Option to object and have data deleted

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore the User is not entitled to raise an objection in this context.

VI. Use of cookies

 

1. Description and scope of data processing

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the body that sets the cookie.

We use technically necessary cookies, which are required for the technical structure of the website and the use of website functions.

Cookie for saving the language settings

Name wp-wpml_current_language
Service WPML
Purpose Stores which language is active within a session.
Type of cookie and storage period First-party session cookie – valid for 1 year.
Legal basis Sec. 25 para. 2 no. 2 German Telecommunications-Telemedia Date Protection Act (TTDSG)

 

Matomo deactivation cookie

Name matomo_ignore
Service Matomo
Purpose If you have made use of the option to switch the Matomo web analysis service described in section XII off or on, a Matomo deactivation cookie will be saved or deleted. Insofar as the cookie is stored, it signals to our system that the Matomo web analytics service is deactivated. This cookie must be set again in each browser.
Type of cookie and storage period Third-party cookie: valid for 30 years. If you delete cookies from your browser, this Matomo deactivation cookie is also deleted and may have to be set again.
Legal basis Sec. 25 para. 2 no. 2 TTDSG in conjunction with Art. 6 para. 1 lit. f) GDPR

 

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

 

2. Purpose of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website.

We require cookies for the following applications:

  • Adoption of the language settings
  • Adoption of the setting for the Matomo web analysis service

The user data collected through technically necessary cookies are not used to create user profiles.

 

3. Legal basis for data processing

The legal basis for the processing of personal data by way of using technically necessary cookies is Article 6 paragraph 1 sentence 1 lit. f GDPR.

 

4. Objection and removal options

If you have activated the “Do Not Track” setting in your browser, your browsing activities on our website will not be analysed by Matomo. If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking.

Irrespective of this, you can object to tracking by Matomo at any time by clicking on this link . From this point on, your visit to this website will no longer be recorded by Matomo.

VII. Newsletter

 

1. Description and scope of data processing

Our website gives the opportunity to subscribe to a free newsletter. While registering for the newsletter, the following data entered into the input mask is transferred to us:

  • Email address
  • Name
  • First name
  • Pseudonym
  • Telephone/Mobile phone number
  • Address
  • IP address of the accessing computer
  • Date and time of registration

The data collected will not be passed on to third parties. The data collected is used exclusively for sending the newsletter.

 

2. Purpose of data processing

The purpose of collecting the User’s email address is to send the newsletter.

The collection of other personal data while registering for the newsletter is necessary in order to prevent misuse of the services or the email address used.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data after registration for the newsletter by the User.

 

4. Storage period

The data will be erased once it is longer necessary for the purpose for which it was collected. Therefore, the User’s email address is stored as long as the subscription to the newsletter is active.

The other personal data collected while registering for the newsletter is usually erased after a period of seven days.

 

5. Option to object and have data deleted

The User can unsubscribe from the newsletter at any time. A corresponding link for this purpose can be find in every newsletter.

As a result, also the given consent to store personal data collected during the registration can be withdrawn.

VIII. Contact via email

 

1. Description and scope of data processing

We can be contacted via the email address provided on our website. In this case, the personal data transferred with the User’s email will be stored.

The data will be used exclusively for processing the conversation.

 

2. Purpose of data processing

The legitimate interest necessary for processing this data stems from contacting us via email.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

Article 6 para 1(f) GDPR serves as the legal basis for the processing of data transferred in the course of sending an email. If the contact via email aims at the conclusion of a contract, Article 6 para. 1(b) GDPR serves as an additional legal basis for the processing.

 

4. Storage period

The data will be erased once it is longer necessary for the purpose for which it was collected. Regarding personal data transferred via email, this is the case when the respective conversation with the User has ended. The conversation ends when it gets clear from the circumstances that the matter in question has been finally clarified.

The personal data collected additionally during the transfer will be erased after a period of seven days at the latest.

 

5. Option to object and have data deleted

The User has the right to withdraw his or her consent to the processing of personal data at any time. By way of contacting us via email, the User can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

No separate consent will be obtained for the purpose of getting into contact via email.

In this case, all personal data stored in the course of the contact will be erased.

IX. Company online presence

 

Company presence in social networks

1. Instagram:

Instagram, Part of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland

We offer information and provide the Users of Instagram with the opportunity to communicate on our company presence on Instagram. If you carry out an action in connection with our company presence on Instagram (e.g. comments, contributions, likes etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by Instagram, we cannot provide any binding information on the purpose and scope of the processing of your data.Our company presence in social networks is used for the exchange of communication and information with (potential) customers. In particular, we use our company presence for:

The use of social networks serves for the purpose of pure information about the services offered by ARQIS and to provide information about other events and news.

Publications on the company social media pages may contain the following content:

  • Information about services;
  • Information about other events and news.

Every User is free to publish personal data through his or her activities on these platforms.

Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

The data collected through our company presence on Instagram is not stored in our own systems.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by Instagram is carried out on the basis of appropriate safeguards in accordance with Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses in accordance with Article 46 para. 2(c) GDPR.

You may at any time object to the processing of your personal data that we collect in the course of your use of our company presence on Instagram and assert your rights as a data subject as set out in section IV of this Data Protection Declaration. All you have to do is to send us an informal email to datenschutz@ARQIS.com. You can find more information on how your personal data is processed by Instagram and the corresponding options to object here:

Instagram: https://help.instagram.com/519522125107875 

 

2. Twitter:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

We offer information and provide the Users of Twitter with the opportunity of communication on our company website. If you carry out an action in connection with our company presence on Twitter (e.g. comments, contributions, likes etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by Twitter, we cannot provide any binding information on the purpose and scope of the processing of your data.Our company presence in social networks is used for the exchange of communication and information with (potential) customers. In particular, we use our company presence for:

The use of social networks serves for the purpose of pure information about the services offered by ARQIS and to provide information about other events and news.

Publications on the company social media pages may contain the following content:

  • Information about services;
  • Information about other events and news.

Every User is free to publish personal data through his or her activities on these platforms.

Article 6 para. 1(a) GDPR serves as the legal basis for the processing of data.

The data collected through our company presence on Twitter is not stored in our own systems.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by Twitter is carried out on the basis of appropriate safeguards pursuant to Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Article 46 para. 2(c) GDPR.

You can at any time object to the processing of your personal data that we collect in the course of your use of our company presence on the Twitter website and assert your rights as a data subject as set out under section IV of this Data Protection Declaration. All you have to do is to send us an informal email to datenschutz@ARQIS.com. You can find more information about the processing of your personal data by Twitter and the corresponding options to object here:

Twitter: https://twitter.com/en/privacy 

X. Use of company online presence in job-oriented networks

 

1. Scope of data processing

We use our company online presence in job-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

XING: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

We offer information and provide the Users with the opportunity to communicate on our website.

The company presence is used for applications, information/PR and active sourcing.

However, as we generally or to a large extent have no influence on the processing of your personal data by companies operating these job-oriented networks, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find further information on this in the privacy policy of:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv 

XING: https://privacy.xing.com/de/datenschutzerklaerung 

If you carry out an action on the social media pages of our company (e.g. comments, contributions, likes, etc.) it may occur that you are making personal data (e.g. your real name or photo of your user profile) public.

 

2. Legal basis for data processing

Article 6 para. 1(f) GDPR serves as the legal basis for the processing of your data in connection with the use of our company presence.

 

3. Purpose of data processing

Our company presence on job-oriented networks has the purpose to inform Users about our services. Every User is free to publish personal data through his or her activities on these platforms.

 

4. Storage period

We store your activities and personal data published via our company presence until you withdraw your consent. In addition, we adhere to the statutory retention periods.

 

5. Option to object and have data deleted

You may at any time object to the processing of your personal data that we collect in the course of your use of our pages on these platforms and assert your rights as a data subject as set out in section IV of this Data Protection Declaration. All you have to do is to send us an informal email to the email address provided in this Data Protection Declaration.

In order to ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, data transfer to and processing by LinkedIn is carried out on the basis of appropriate safeguards pursuant to Article 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Article 46 para. 2(c) GDPR.

You can find further information on the options to object and have data deleted here:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv 

XING: https://privacy.xing.com/de/datenschutzerklaerung 

 

XI. Videolyser

Videos are embedded on our company website via the provider Videolyser, which is operated by bullz-eye-networks, Kirchtal 5, 37431 Bad Lauterberg, Germany (“Videolyser”).

When you visit one of our pages equipped with a Videolyser plugin, a connection to Videolyser’s servers is established, thereby transmitting which of our pages you have visited. In addition, Videolyser obtains your anonymised IP address. This also applies if you are not the owner of a Videolyser account or are not logged in to Videolyser at the time of transmission.

By being logged into your Videolyser account, you enable Videolyser to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Videolyser account and deleting the cookies set on your device.

For more information on how Videolyser processes your personal data, please visit: https://www.videolyser.de/datenschutz.php. We use Videolyser without embedding a Google Analytics code, therefore no data processing by Google Analytics takes place.

The legal basis for processing your personal data is our legitimate interest pursuant to Article 6(1)(f) GDPR, for the purpose of presenting our company in an appealing manner.

XII. Use of Matomo

We use the web analysis service Matomo to analyse and improve the use of our website. Matomo is an open source project that prioritises data protection and compliance with the GDPR (https://matomo.org/gdpr/). Matomo’s privacy policy can be found here. Matomo is operated on a dedicated server of the responsible party, to which Matomo has no access. There is also no data transfer to Matomo.

The statistics obtained through the use of Matomo enable us to improve our offer and make it more interesting for you as a user. Our website uses Matomo in such a way that IP addresses are only processed in abbreviated form (masking of 2 octets), so that direct personal reference can be excluded. If individual pages of our website are called up, the following data is stored:

  • Two bytes of the IP address of the user’s calling system (anonymised IP address)
  • The website called up
  • The website from which the user accessed the accessed page (referrer)
  • The sub-page called up from the website called up
  • The length of stay on the website
  • The frequency with which the website is accessed

No personal data is collected during the transmission of statistical data. Nevertheless, you have the option to object to the collection of your – already anonymised – usage behaviour. Alternatively, you can embed the iFrame.
Your visit to this website is currently recorded by the Matomo web analysis service. Click here, to stop your visit from being recorded. Details of this can be found in our Cookie Policy under section.

Our website uses Matomo in such a way that no cookies are set beyond this deactivation cookie.

The processing of the aforementioned user data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account. The legal basis for the use of Matomo is Art. 6 para. 1 lit. f) GDPR.

 

 

XIII. Hosting

 

The website is hosted on servers by a service provider that we have engaged.

Our service provider is: WordPress

The servers automatically collect and store information in so-called server log files, which your browser automatically transfers while you visit the website. The stored information contain:

  •  Browser type and browser version
  •  Operating system used
  •  Referrer URL
  •  Host name of the accessing computer
  •  Date and time of the server request
  •  IP address

This data is not merged with other data sources. This data is collected in accordance with Article 6 para. 1(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of the website – for this purpose, the server log files must be collected.

The server of the website is located in Germany.

 

XIV. Geotargeting

 

We use the IP address and other information provided by the User (in particular the postal code while registering or ordering) to address regional target groups (so-called “geotargeting”).

Regional targeting, for example, is used to automatically display to you regional offers or advertising, which is often more relevant to Users. Article 6 para. 1(f) GDPR serves as the legal basis for the use of the IP address and, if applicable, other information provided by the User (in particular the postal code), based on our interest to ensure a more precise target group approach and thus providing offers and advertising of greater relevance to Users.

A part of the IP address as well as the additional information provided by the User (in particular the postal code) is only read out and not saved separately.

You can block geotargeting by using a VPN or proxy server, for example, which blocks precise localisation. In addition, depending on the browser you are using, you can also deactivate location localisation in the corresponding browser settings (as long as the respective browser supports this).

We use geotargeting on our website for the following purposes:

  • Customer approach
  • Advertising purposes

 

XV. Registration

 

1. Description and scope of data processing

We allow Users to register on our website by providing personal data. The data is entered into an input mask, transferred to us and stored. This data will not be transferred to third parties. The following data is collected during the registration process:

  • Email address
  • Name
  • First name
  • Pseudonym
  • Address
  • Telephone/Mobile phone number
  • IP address of the accessing computer
  • Date and time of registration

During the registration process, the User’s consent will be obtained for this processing of data.

 

2. Purpose of data processing

The registration of the User is necessary for the purpose of providing specific contents and services on our website.

 

3. Legal basis for data processing

Insofar as the consent of the data subject for the processing of personal data is obtained, Article 6 para. 1(a) GDPR serves as the legal basis for this processing.

 

4. Storage period

The data will be erased once it is longer necessary for the purpose for which it was collected.

This is also the case for data collected during the registration process if the registration on our website is cancelled or modified.

 

5. Option to object and have data deleted

As a User, you can cancel the registration at any time. You can ask the modification of the stored data concerning you at any time 

 

XVI. Application

 

1. Description and scope of data processing

We allow Users to apply for a job on our website by providing personal data. The data will be entered into an input mask and transmitted to us and stored.

The following data is collected as part of the application process:

  • Name (first and last name)
  • Email address
  • Phone number
  • Channel through which you became aware of us

You will also have the option of uploading meaningful documents such as a cover letter, your CV and references. This may contain further personal data such as date of birth, address, etc.

Only authorized employees from the personnel department or employees involved in the application process will have access to your data. 

 

2. Purpose of data processing

If you apply to us via our web form, we will collect and process your personal data for the purpose of handling the application procedure and implementing pre-contractual measures.

By submitting an application on our recruiting page, you are expressing your interest in pursuing employment with us. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application. 

 

3. Transfer of data to Personio

Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany

The data transmitted as part of your application will be transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, that offers personnel administration and applicant management software. In this context Personio is a processor according to Article 28 GDPR. We have concluded a processing contract with Personio for this purpose. For more information on data processing by Personio, please visit https://www.personio.de/datenschutzerklaerung/.

 

4. Transfer of data to Cronofy

Cronofy Limited, 9a Beck Street, Nottingham, NG1 1EQ, UK

In order to organise internal appointments or meetings with applicants directly via the recruiting platform and to invite the relevant persons directly, we integrate the service of Cronofy Limited. In this context, Cronofy is a processor according to Article 28 GDPR. We have concluded a processing contract with Cronofy for this purpose. For more information on data processing by Cronofy, please visit https://docs.cronofy.com/policies/privacy-notice/.

 

5. Storage period

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied. 

In the event of an unsuccessful application, your data will be stored for a maximum period of two months after the decision to reject your application. This is done in order to comply with legal obligations or to defend against possible claims arising from legal regulations. We are then obliged to erase or anonymise your personal data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).

For the processing of your personal data beyond the end of the specific application procedure, your consent within the meaning of the § 26 para. 3 sentence 2 and para. 2 German Data Protection Act (Bundesdatenschutzgesetz) is required during the submission process. Only if you give this consent, your data will be stored for a period of [twelve] months in order to contact you later and continue the application process if you are considered for another position.

If you receive an offer of employment with us during the application process and accept this offer, we will store the personal data collected during the application process for the duration of the employment relationship, if applicable.

 

6. Option to object and have data deleted

You can object to the processing of your personal data that we collect as part of the application process and assert your rights as a data subject as set out in IV of this Privacy Notice at any time. All you have to do is send us an informal e-mail to ARQIS@ARQIS.com or contact the data protection officer named under II.

 

XVII. Events

 

1. Description and scope of data processing

We hold events in our offices or virtually (video conference) to which we provide exclusive invitations. The respective invitation holds a link that leads to a registration form on our website. The data entered into the form will be transferred to us and stored. This data will not be transferred to third parties. The following data is collected during the registration process:

  • Email address
  • Name
  • First name
  • Address
  • Telephone/Mobile phone number

 

2. Purpose of data processing

This personal data will be processed for the purpose of the organisation, implementation and handling of the advertised event. If we process your personal data at events for purposes beyond this, you will be informed separately. 

 

3. Legal basis for data processing

Article 6 para. 1(f) GDPR serves as the legal basis for the processing of your data in connection with the staging of events.

 

4. Storage period

The data will be erased as soon as it is no longer necessary for the purpose for which it was collected unless its storage or processing is justified for another purpose. This is the case of data collected during registration for an event, when the event is finished and fully processed.

 

5. Option to object and have data deleted

You can at any time object to the processing of your personal data that we collect in the course of events and assert your rights as a data subject as stated under section IV of this Data Protection Declaration. All you have to do is send us an informal email to ARQIS@ARQIS.com or contact the data protection officer named under II.

 

PRIVACY POLICY – VIDEO SURVEILLANCE

This Privacy Policy explains how we process your personal data when video surveillance technology is used. Read now