Close

Data Privacy Notice

1. Who is responsible for the data processings?

Arvato infoscore GmbH (hereinafter referred as „Company“)
Rheinstraße 99
76532 Baden-Baden
Telefon: +49 (0) 7221/50 40-0
Internet: www.finance.arvato.com

is the provider of the website and responsible for processing your data on this website. The company processes personal data under the provisions of the GDPR.

You can contact the company's data protection officer at the postal address above, appending "To the Data Protection Officer".

Furthermore, our website also contains data processing instruments that fall under the responsibility of a third party. These are exclusively affiliated companies under the §15 German Stock Corporation Act (AktG) (hereinafter referred as "Arvato Financial Solutions Group", "AFS Group" or "AFS Company"). If such data processing activities takes place within the area of responsibility of an AFS Company, this will be indicated under section 4 of this privacy notice. A complete list of the data processing companies on this website as well as their address data, contact persons and supplementary information on data protection can be found here.

 

2. Personal Data

Personal data is any information that relates to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified directly or indirectly, by assigning an identifier such as a name, an e-mail address, a postal address, or an online identifier such as an IP address or a cookie identifier.

Personal data may only be processed with legal permission. Your personal data will only be processed when you visit and use the website and when the company has legal permission to do so.

 

3. Which data will be collected?

When you visit the website, information is automatically collected by the requesting computer (hereinafter referred as "access data"). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the internet service provider, the date and time of use of the website, the previously visited websites and websites newly accessed by the computer and the IP address of the computer. Except for the IP address, server log files are not personally identifiable. An IP address is personal if it is permanently assigned when using the Internet connection and the Internet provider can assign it to a person.

If you continue to use the services of the website, pseudonymous user profiles and/or the data you enter on the website (e.g. search words, login data, ratings, form, or contract entries, click data) will be processed.

In principle, you can use the services offered on the website without providing your data, for example to find out more about us.

A detailed breakdown of the purposes for which, for how long and on what legal basis this data will be processed is given under section 4 of this data privacy notice.

 

4. To what extent and for what purpose do we collect your data?

The purposes of data processing on this website may result from technical, contractual, or legal requirements as well as, if applicable, from consent.

The company uses the data mentioned in section 3 and the data mentioned in section 4 for the following purposes, among others:

  • provision of our website including measures to assure a undisturbed service, prevent fraud and hacking and to ensure the security of our systems.
  • for communication, customer support, and/or (pre-)contractual measures
  • for the purpose of improving the website services
  • for the purpose of web tracking and analysis of user behavior

Further information on the listed purposes of data processing can be found in the following sections of this privacy notice if personal data is processed for purposes other than those listed above, you will be informed in the following section about the purpose, method, duration, legal basis and if applicable the different processing controllers

 

4.1 Use of cookies through Cookie Consent Manager

Cookies are small text files used by websites to make the user experience more efficient. We use cookies to personalize content and ads and to analyze traffic to our website. We also share information about your use of our website with our analytics partners.
 
By law, we can store cookies on your device if they are absolutely necessary for operating the website. For all other cookie types, we need your consent. You can change or revoke your consent at any time with the help of our Cookie Consent Manager.
 
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can find out which cookies are used in detail in the Cookie Content Manager.

  1. Necessary Cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  1. Functional Cookies are designed to help us as the website owner to understand how visitors interact with us by collecting and reporting information anonymously.
  2. Marketing Cookies are cookies that helps us to optimize the user experience and measure the reach of the website. With the help of these cookies, we are able to record and evaluate user behavior on the website. However, web tracking does not require personal identification of the user concerned, so that when your access data is recorded, the saved IP address is either not used or is only used in a shortened form (shortening by the last octet) and pseudonymous usage profiles are created. Personal user profiles are only created in exceptional cases and if you have given your consent for the cookie in question to be set via our Cookie Consent Manager. These cookies may generally share the information collected with other organizations or advertisers. They are persistent cookies that almost always come from third parties. Web tracking services are regularly provided by our service providers, who only process usage profiles according to our instructions and not for their own purposes. This is ensured by means of contracts for order processing. If the service providers are established outside the European Union or the European Economic Area (hereinafter referred to as "EU or EEA"), a so-called third country transfer takes place. This is permissible if you have consented to it, we have created a guarantee for a level of data protection appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respective service is marked below. For more information about the recipients of your data and the third country transfer, please refer to section 6 and section 7 of this privacy policy.

4.1.1 Legal Basis for the processing activity

The legal basis for the setting of functional cookies is Art. 6 sec. 1 lit. f GDPR. Functional cookies are used to ensure the technical usability of the website. The legal basis for the setting of optional cookies for the purpose of recording and evaluating pseudonymous user profiles is Art. 6 sec. 1 lit. a GDPR. Accordingly, data processing is based on your consent to data processing using our cookie content manager.

4.1.2 Duration of storage, deletion, and retention period

The data collected and evaluated when using functional and optional cookies are usually stored until you object to their use. However, the storage period for analysis cookies is a maximum of 24 months (about 2 years).

4.1.3 Possibility of objection and removal

You have the right to object to the processing of your personal data when using functional cookies in accordance with Art. 21 GDPR, if there are reasons for doing so arising from your particular situation. If you wish to exercise your right of objection, please contact the address given under section 1. If you object to this data processing, you will only be able to use the website to a limited extent or not at all.

Furthermore, you can object your consent to the processing of your data within the scope of the use of optional cookies at any time. The objection can be made technically by opting out in our cookie consent manager on this website or by the technical cleaning of cookies with the help of the browser you use. Within the footer of this site, you can go to the settings mask of our cookie-content manager.

 

4.2 Personal Newsletter

On the website there is the possibility to subscribe to free newsletters. If you receive a newsletter, we process the e-mail address, name of your company and the country, based on the consent given by you upon registration. Fo the registration / subscription of those newsletters we always use a double-opt-in procedure. After registration and the granting of your consent, we will send you a message to the e-mail address you provided, asking you to confirm your registration. To prevent the misuse of your data and to prove your consent, we store the access data you entered during registration as well as the registration notification and the texts used for this purpose. After confirmation you are registered for the newsletter and your data will be stored in our customer database.

To sent you our free, personalized newsletters, we collect statistical data on the use of our web offer and to optimize our offers accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, which are used to collect data for marketing and optimization purposes and to store and process the data on the servers of our Marketing Automation Tool. The collected data is merged with the personal data you provide on the website to create a profile. You can end the profiling process by deactivating the cookie function in your browser. For further information, please refer to section 4.1.1.5 Marketing Automation.

4.2.1 Purposes and legal basis of the data processing

The mailing of our newsletter and the downloading of our content is aimed to addressing business customers to inform them about products, solutions and services of our business units ID & Fraud Management, Credit Risk Management, Payment and Financing Services as well as Receivables Management and events. This entrepreneurial diversity can only be achieved with the help of other companies in the Arvato Financial Solutions Group, which is why we are entitled, with your consent, to pass on your data for promotional purposes within our group. You can view an overview of the companies in the Arvato Financial Solutions Group of companies here.

The free, personalized newsletter is aimed at addressing (potential) business customers to inform them about products, solutions and services of our business units and events. The legal basis for the processing of your data when registering for and participating in the newsletter is your consent in accordance with Art. 6 sec. 1 lit. a GDPR / § 7 sec. 2 no. 3 German Law against unfair competition (hereinafter referred as "UWG").

 4.2.2 Duration of storage or criteria for determining this duration

Your data will be saved during your subscription to the respective newsletter. After inactivity, your data will be saved for a period of 1 year to be able to prove that your consent has been obtained for the newsletter and that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.

4.2.3 Possibility of objection and removal

You can revoke your consent within the scope of sending personalized newsletters at any time by notifying the company of your revocation via the e-mail address newsletter-abbestellung@finance.arvato.com or with the subject "Revocation Newsletter". An objection can also be made using the unsubscribe link in the newsletter e-mail.

 

4.3. Personal Newsletter to download E-Books/Whitepaper/Studies

In return for the download of whitepapers/e-books/studies (hereinafter referred to as "content") on current topics from our business areas, we have agreed with you to sent you a personal newsletter.

Within the scope of this agreement, for the sending a newsletter, we process the e-mail address, name of your company and the country you have specified. We use the so called Double-Opt-In procedure to register for the newsletter. In this process, we will send a message to the e-mail address you provided after registration, asking you to confirm your registration. To prevent the misuse of your data and to prove this agreement, we store the access data you entered during registration, the registration notification and the texts used for this purpose.

To sent you free, personalized newsletters, we collect statistical data on the use of our website and to optimize our offer accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, which are used to collect data for marketing and optimization purposes and to store and process the data on the servers of our Marketing Automation Tool. The collected data will be merged with the personal data you provide on the website to create a profile. You can end the profiling process by deactivating the cookie function in your browser. For further information, please refer to section 4.1.1.5 Marketing Automation.

After confirmation you are registered for the newsletter and your data will be stored in our customer database.

4.3.1 Purposes and legal basis of the data processing

The mailing of our newsletter and the downloading of our content is aimed at addressing business customers to inform them about products, solutions and services of our business units ID & fraud management, credit risk management, payment, and financing services as well as receivables management and about events. This entrepreneurial diversity can only be depicted with the help of other companies in the Arvato Financial Solutions Group of companies, which is why we are entitled, with your consent, to forward your data for promotional purposes within our group of companies. You can get an overview of the companies in the Arvato Financial Solutions group here.

The free, personalized newsletter is aimed at addressing (potential) business customers to inform them about products, solutions, and services of our business units as well as events. The legal basis for the processing of your data when registering for and participating in the newsletter is your consent in accordance with Art. 6 sec. 1 lit. a GDPR / § 7 sec. 2 no. 3 law against unfair competition (hereinafter referred as "UWG").

4.3.2 Duration of storage or criteria for determining this duration

Your data will be stored during your participation in the newsletter. After inactivity of the newsletter, your data will be stored for a period of 1 year to be able to prove that your consent has been obtained for the newsletter and that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.

4.3.3 Possibility of objection and removal

You can revoke your consent for this processing activity at any time by notifying the company of your revocation via the e-mail address newsletter-abbestellung@finance.arvato.com or with the subject "Revocation Newsletter". An objection can also be made by using the unsubscribe link in the newsletter e-mail.

 

4.4 Business Customer Survey

If you have a business relationship with us, we may occasionally use your data to conduct a customer survey to determine your satisfaction with our services and to identify areas for improvement. Participation in the survey is voluntary and only takes place with those customers who have given us their consent to do so when establishing the business relationship. The survey is carried out with the help of service providers who, as processors, are controlled by us according to our instructions. A data protection check of these service providers has been carried out by us before the surveys are conducted.

4.4.1 Purposes and legal basis of the data processing

The purpose of the survey is to improve our products and services and thus to expand and maintain good customer relations. The data protection legal basis for this survey can be found in Art. 6 sec. 1 lit. f GDPR. Our legitimate interest is to offer our customers a regular and efficient channel for expressing criticism so that we can adapt our services accordingly.

4.4.2 Duration of storage or criteria for determining this duration

The data used is saved in our CRM (Customer Relationship Management) system for the duration of our contractual relationship. After termination of our contractual relationship, the data will only be used for a last customer satisfaction survey and then blocked for this type of data processing.

4.4.3 Possibility of objection and removal

You have the right to revoke your consent to the use of your data for business customer surveys at any time. You will find a corresponding note in every e-mail inviting you to participate. You also have the right to object to the processing of your data. You also have the right to demand the deletion of your data in accordance with Art. 17 GDPR. Furthermore, you have the right to correct your data and to receive information about the data stored by us.
To exercise your data subject rights, please contact the address mentioned in section 1 or send an e-mail to: newsletter-abbestellung@finance.arvato.com.

 

4.5 Online application

On this website, the AFS Group publishes job advertisements where you can apply for a job. You will be forwarded to the group wide applicant portal via the job advertisement. In this respect, the actual data processing for the application procedure for your online application does not take place on this website.

4.5.1 Deviating data protection responsibility

The company that published the job advertisement and is looking for new employees is responsible for the job advertisements. It is the company that regularly receives your data when we receiving your application. Your data will not be passed on to other companies unless it is required by law or you give your consent.

Further information on the responsibilities, the purpose of data processing and the legal basis as well as possible recipients and storage period can be found in the respective job advertisement. Further details on data processing for the specific application procedure for your online application can be found when registering and creating your applicant profile.

4.5.1 Purposes and legal basis of the data processing

Upon receipt of your online application for a specific job advertisement, your data will be processed for hiring purposes only. During the phase of contractual initiation of an employment relationship, your potential employer has an interest in ensuring that you have the necessary professional competence and personal aptitude for the vacant position.

The legal basis for the processing of your data is Art. 6 sec. 1 lit. b GDPR. The data processing therefore takes place for the purpose of establishing a potential contractual or employment relationship with you.

4.5.2 Duration of storage or criteria for determining this duration

Your data will be processed for as long as it is necessary to establish the employment relationship. After completion of the online application and the hiring decision, your data will be deleted after the legal retention period (currently regularly 6 months).

4.5.3 Possibility of objection and removal

Due to the applicable legal basis, there is no right of objection for the described processing procedure according to Art. 21 GDPR. If you have any questions in this regard, you can contact us via the given information in section 1 at any time.

 

4.6 E-Mail and telephone contact

The website offers the possibility to contact the company via an e-mail address or a telephone number. If you make use of this option, the data entered, your e-mail address and/or your telephone number and your request will be transmitted to the company. Depending on the request (e.g. questions about the company's products and services, assertion of your data subject rights such as general information), your contact data will be processed further (with the help of our service providers).

4.6.1 Purposes and legal basis of the data processing

The legal basis for the processing of your contact data is based on Art. 6 sec. 1 lit. f GDPR. The legitimate interests lie in the processing of your request and further communication. If your contact aims at the conclusion of a contract with the company, the legal basis for the processing of your contact data is Art. 6 sec. 1 lit. b GDPR.

4.6.2 Duration of storage or criteria for determining this duration

After processing your request and the termination of further communication, the contact data will be deleted. This does not apply if your contact is aimed at concluding a contract with the company or you assert your rights as a data subject, such as information. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and legal retention periods do not prevent deletion. This is regularly the case after 6 months.

4.6.3 Possibility of objection and removal

You have the right to object to the processing of your contact data, insofar as there are justified reasons for doing so that arise from your particular situation. If you wish to take advantage of your right to object, please contact us at the contact address given in section 1. If you object, the communication cannot be continued. This does not apply if the storage of your contact data is necessary for the initiation or fulfillment of a contract or the assertion of your data subject rights.

 

4.7 Loox CRM-System

Loox is a cloud-based contact relationship management system (CRM system) and is used to record and keep up to date information on prospective customers, new customers, existing customers, partners, competitors, suppliers and service providers of AFS companies.

If your contact data is collected, for example, on this website by registering for our newsletter, the data is transferred to the contact relationship management system for further processing and is processed there for the purposes for which it was collected. Here, logical client separation ensures that only those companies have access to the data stored there that are legally authorized to do so (e.g. through their consent or a corresponding contractual relationship with you).

4.7.1 Purposes and legal basis of the data processing

The purpose of the data processing is the lawful use of your personal data for further data processing for which you have legitimized us, among other things, through your consent or for which we have been legitimized through a corresponding contractual relationship with you. The legal basis is therefore Art. 6 sec. 1 lit. a GDPR or Art. 6 sec. 1 lit. b GDPR.

4.7.2 Duration of storage or criteria for determining this duration

The data used is stored in our CRM system for the duration of our contractual relationship. After termination of our contractual relationship, the data will only be used for a last customer satisfaction survey and then blocked for this type of data processing. If the data processing is based on consent, the data will be deleted if you have objected to its further use.

4.7.3 Possibility of objection and removal

If the data processing is based on a contractual relationship agreed between you and us, there is no right to object to the described processing operation pursuant to Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time. You also have the right to request the deletion of your data in accordance with Art. 17 GDPR. In addition, you have the right to correct your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact us at the address given in section 1.

4.8 Digital Events

The Company regularly offers digital events for its employees, customers and/or service providers (hereinafter "Participants"). The events take place on separate areas of the company's own website or on externally hosted platforms of connected service providers. Depending on the respective event, the Participants are required to visit the website prepared for the event (so-called “landing page”) by means of username and/or E-Mail-Adress and password or by means of a password defined in advance for the event (hereinafter "Participation Data"). In this process, the IP address and the required participation data of the participants will be processed.

4.8.1 Purposes and legal basis of the data processing

The purpose of data processing is to enable employee of the company or external parties to participate in digital online events provided by the company. The legal basis under data protection law is based on the purposes pursued with the events. If it is a matter of mandatory trainings of our employees, the legal basis is regularly Art. 6 para. 1 lit. b) GDPR. Participation and the associated data processing is therefore necessary to conduct the employment relationship and its contract. If the event offered is an optional, i.e. voluntary, training or an information event for the participants, the legal basis is regularly Art. 6 (1) (f) GDPR. The processing is therefore based on a legitimate interest that lies in the creation of additional value for our employee. It is also possible that service providers do not provide the offered event as a processor within the meaning of Article 4 No. 8 of the GDPR, but act as a controller within the meaning of Article 4 No. 7 of the GDPR. In these cases, it is always a matter of voluntary events whose participation depends on your consent to the data processing. If it is such an event, you will be asked on the landing page to give your consent to the data processing in favour of the respective organizer. The legal basis for data processing is then Art. 6 para. 1 lit. a) GDPR. In this case, you must assert your rights directly towards the organizer. Further information on this can be found under section 7.

4.8.2 Duration of storage or criteria for determining this duration

The company processes your data within the scope of the offered event until the respective event has been completed. Accordingly, your data (username, e-mail address, IP address) will be completely deleted after the end of the event. If the processing of your data is carried out by the organizer as data controller, the duration of the storage is determined by the respective data protection information of the organizer.

4.8.3 Possibility of objection and removal

If the data processing is based on a contractual relationship and/or employment relationship agreed between you and us, there is no right to object to the described processing operation pursuant to Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time for the future. You also have the right to request the deletion of your data in accordance with Art. 17 GDPR. In addition, you have the right to correct your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact us at the address given in section 1.

 

4.9 Microsoft Bookings

The Company collects and processes personal data for the online booking of meeting appointments. For this purpose, it uses the "Microsoft Bookings" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The connection to the service is only established when you call up the online booking function via a button on our website. For more information on the handling of user data, please refer to Microsoft's privacy policy.

We would like to point out that you are not obliged to use Microsoft Bookings to arrange an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.

4.9.1 Purposes and legal basis of the data processing

The legal basis for the data transfer, storage and processing is your consent pursuant to Art. 6 (1) a) GDPR.

4.9.2 Duration of storage or criteria for determining this duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

4.9.3 Possibility of objection and removal

You have the option to revoke your consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.

5. Who receives my data?

Within the company, access to your data is granted to those departments that need it to fulfill the purposes described in section 4. Service providers of the Company may also be granted access to your data (so called " processors", e.g., data centers, hosting, IT infrastructure support or web design). Data processing agreements ensure that these service providers are bound by instructions, data security and confidential handling of your data.

 

6. Is my data processed outside the EU/EEA (third country transfer)?

If the service providers and/or third parties outside the EU/EEA mentioned in section 4 process your data for the purposes mentioned in section 4, this may result in your data being transferred to a country where no adequate level of data protection to the EU/EEA can be guaranteed. However, such a level of data protection can be ensured with a suitable guarantees. A suitable guarantee could be given by standard contractual clauses provided by the EU Commission. In accordance with the ruling of the European Court of Justice of 16 July 2020 (Case C-311/18), service providers in third countries commissioned by us are obliged to disclose to us which additional suitable technical and organizational measures have been implemented to prevent state monitoring mechanisms. If there is any doubt about the legality of such data processing, the service providers concerned will be obliged to adapt their technical and organizational measures.

A copy of these guarantees can be obtained on request from the contact details mentioned in section 1.

Any guarantees may be waived in exceptional circumstances, such as when you consent or the transfer to a third country is necessary for the performance of your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that the Company may also waive any appropriate guarantees at this point.

A transfer to a third country takes place in the following cases, among others:

  • for the delivery and settings of the website, service providers are used whose rights centers are located in a third country or who can access the data centers within the European Union or the EEA from a branch in a third country the company has agreed with these service providers, through standard contractual clauses, to comply with the European level of data protection.
  • Web tracking services are used by service providers whose rights centers are located in a third country or who can access data centers within the European Union or EEA from a branch in a third country. The company has agreed with these service providers to comply with the European data protection level by means of standard contractual clauses in accordance with Art. 46 sec.2 lit. c GDPR.

7. What data protection rights do I have?

You have the right to request information about the personal data we have stored about you at any time. If data concerning your person is incorrect or no longer up to date, you have the right to demand its correction. You also have the right to demand the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to have the data provided by you released in a common and machine-readable format (right of data portability). If you have given your consent to the processing of personal data for specific purposes, you can revoke your consent at any time with effect for the future. The revocation is to be addressed to the company at the contact address stated in section 1. In accordance with Art. 21 GDPR, you also have the right to object at any time, for reasons arising from your particular situation, to the processing of your data, which is carried out in accordance with the legal basis of Art. 6 sec. 1 letter f GDPR.

You also have the option of contacting a data protection authority and lodging a complaint. The authority responsible for the company is the

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Königstraße 10 a
70173 Stuttgart
0711 6155410
poststelle@lfdi.bwl.de

You can also contact the data protection authority responsible for your place of residence.

 

8. To what extent is there automated decision making?

We do not use fully automated decision making for the purposes mentioned in section 4.

 

9. Does profiling take place?

No profiling will take place for the purposes mentioned under section 4.

 

10. Update of the data protection information

If this Privacy Policy is changed, notice of the change will be posted in this Policy, on the homepage, and in other appropriate places.

 

Status of the data protection Notice: April 2021

.