What can we help you with?

Privacy Policy

Protecting your personal data (referred to below as 'data') is a matter of great importance and concern to us. Consequently, we would like to explain in greater detail which data are collected when you visit our online services (website, social media pages, blog), referred to below as 'Websites', and how these data are then processed. We would also like to inform you of your rights and the technical and organisational measures we have taken to ensure your data is processed securely.

This privacy policy meets the disclosure requirements pursuant to Articles 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and provides a summary of the processing of your personal data on the online services (website, social media pages, blog) of Arvato infoscore GmbH and other companies in the Arvato Financial Solutions Group (hereinafter referred to as ‘Websites’).

 

 

Who is the controller responsible for processing my data?

Arvato infoscore GmbH (hereinafter referred to as ‘Company’)
Rheinstraße 99
76532 Baden-Baden
Telephone: +49 (0) 7221/50 40-0
Internet: www.finance.arvato.com

is the controller responsible for processing your data on the website.

You can contact the Data Protection Officer of the Company at the above postal address with the addition “FAO Data Protection Officer”.

You can find further information on the Data Protection Officer for the relevant Arvato Financial Solutions company here

You can request a self-disclosure from infoscore Consumer Data GmbH (a company of the Arvato Financial Solutions Group) directly via the following link (www.finance.arvato.com/de/verbraucher/selbstauskunft.html). Only infoscore Consumer Data GmbH as the controller will have access to your postal self-disclosure or your online form for the purpose of processing your data. There shall be no further processing of your data within the group of companies. You can find further information about the data processing by infoscore Consumer Data GmbH from its Privacy Policy.

Arvato infoscore GmbH (hereinafter referred to as ‘we’ or ‘us’) process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (hereinafter referred to as ‘BDSG').

 

 

What data is collected?

When visiting our websites, and for technical, contractual or statutory requirements only, your data will be collected in order to display the desired content and to enable you to use the services.

When you visit our website, the data of the computer you use to access our website is automatically logged (‘access data’). This access data generally consists of information about the content you access on the website and your usage behaviour as well as information pertaining to your web browser type and version, your operating system, your internet service provider, the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer (also called 'server log files’). With the help of web tracking, pseudonymous user profiles are created and analysed from the access data. These cannot be attributed to your person.

You can use the website services without disclosing your data, such as to obtain information about us.

The scope, nature of collection and use of your data differs depending on whether you visit our websites simply to access information or whether you use services on our websites which require the provision of additional information, for example, if ordering a newsletter, downloading a white paper, ebooks, Business Insights or using a contact form:

  1. Use for information purposes

If you only use our websites for information purposes, in principle you do not need to provide personal data.

In this case we only collect and use the data sent to us automatically by your internet browser (see also Section 4 Cookies), such as:

  • Date and time you access one of our websites
  • Your browser type
  • Browser settings
  • Operating system used
  • The last site you visited

In the case of a visit for information purposes, we process this data solely in non-personal data form. We do this in order to make it possible for you to use the web pages you visit and to monitor whether our websites are displayed to you in an optimum manner. Processing takes place on the legal basis of point (f) of Article 6(1) GDPR and in our interests in order to display our websites to you in reliable and smooth manner wherever possible.

  1. Use of the contact form

If you wish to contact us using our contact form, we collect the following data from you:

  • Form of address
  • Name
  • E-mail address
  • Phone (optional), unless you expressly want us to call you
  • Company
  • Country
  • Your message

We use this data to respond to your query by e-mail or by phone if appropriate. We can also use the information you give us to tailor our response to you personally and provide specific information for you.

If required in order to process your request, your contact details may also be passed on to companies in the Arvato Financial Solutions group of companies.

2.1 Purposes and legal bases of data processing

The legal basis for the processing of your contact data is point (f) of Article 6(1) GDPR. Our legitimate interest lies in processing your specific matter and further communication. If your contact leads to the conclusion of a contract, the legal basis will then be point (b) of Article 6(1) GDPR.

2.2 Duration of storage or criteria for determining the duration

After processing your matter and the completion of any further communication, your contact data will be deleted Unless your contact leads to the conclusion of a contract or contains data relevant to financial flows. For this purpose, data will be stored until the contractual and/or statutory retention periods (currently 6 to 10 years) are met.

2.3 Right of objection and removal

You have the right to object to the processing of your contact data for reasons relating to your personal situation. Should you wish to exercise your right to object, please contact us at the contact address provided in section 1. If you object, we shall not be able to process your matter further Unless the storage of your contact data is required to initiate a contract or to perform the contract.

Cookies are online identifiers with no personal reference. Cookies may be attributable to a person if the information generated by the cookies are combined with other data such as access data [link section 2 to this word for quick access] (e.g. when using web tracking). Such a combination generally only takes place in pseudonymous form, which means your data cannot be directly attributed to you, or on the basis of your consent.

Exercising data subject rights

3.1 Description and scope of data processing

Via this privacy policy, we would like to inform you of your rights as data subject, including your right to information. To exercise your rights as data subject, it may be necessary to provide us with information concerning you and the individual instances of data processing. Without providing such information, we cannot comply with your rights as data subject.

3.1.1 Purposes and legal bases of data processing

The legal basis for processing your data when exercising your data subject rights is point (c) of Article 6(1) GDPR, compliance with a legal obligation.

3.1.2 Duration of storage or criteria for determining this duration

We shall store the correspondence exchanged with you in relation to exercising data subject rights for a period of 3 years. This shall be with the exception of the establishment of your identity, such as a photocopy of your personal identification document marked as a copy, if you have provided one to us. This shall be deleted no later than one week after having established your identity.

3.1.3 Right of objection and removal

The processing of your data is required for compliance with your data subject rights. As such, you shall have no right to object.

3.2 Personalised newsletter

3.2.1 Description of the processing

There is the option on our websites to subscribe to our free newsletter. In order to send this newsletter, we process the e-mail address, company name and country as provided based on the consent you give when registering. We use the 'double opt-in' procedure for newsletter registration. Once you have registered and given your consent, we will send a message to the e-mail address provided in which we ask for confirmation. In order to prevent the misuse of your data and demonstrate your consent, we store the access data recorded on registration as well as the confirmation message and the text used for this purpose. Once you have confirmed, you are registered for the newsletter and your data will be saved in our customer database.

The newsletters can be cancelled at any time with future effect using the unsubscribe link in the e-mail, for example.

3.2.2 Purposes and legal bases of data processing

The dispatch of our newsletter and the downloading of Content are aimed at advertising products, solutions and services from our business divisions (ID & Fraud Management, Credit Risk Management, Payment and Financing Services and Receivable Management) to our business customers and informing them of events. We can only demonstrate such corporate diversity with the help of other companies in the Arvato Financial Solutions group of companies, which is why we are entitled, with your consent, to pass on our data within our group of companies for promotional purposes. An overview of the companies in the Arvato Financial Solutions group of companies is available here.

If you agree to receive our free personalised newsletter, we collect statistical data about the use of our web services in order to optimise our services accordingly and adapt these (newsletter and other content) to your requirements. One or more cookies are saved on your PC for this purpose. These are used to collect data for marketing and optimisation purposes and are saved and processed further on the servers of our marketing automation tools. The data collected will be combined with personal data provided by you on the website in order to create a profile. You can stop the creation of a profile by disabling the cookie function in your browser. Further information can be found in Section 4.1.7 Marketing automation.

The free personalised newsletter is aimed at advertising products, solutions and services from our business divisions to our (potential) business customers and informing them of events. The legal basis for the processing of your data when subscribing and participating in the newsletter is the consent pursuant to Article 6(1) a) GDPR / Section 7(2) no. 3 Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb, UWG).

3.2.3 Duration of storage or criteria for determining the duration

Your data will be stored for the period of participation in the newsletter. Once the newsletter is unsubscribed, your data will be stored as evidence that you consented to the newsletter, and that we therefore acted lawfully. The same applies if you withdraw your consent. Data processing for advertising purposes will no longer take place in such a case.

3.2.4 Right of objection and removal

You can withdraw your consent at any time addressed to Arvato infoscore GmbH via e-mail newsletter-abbestellung@finance.arvato.com or by post to “Rheinstraße 99, 76532 Baden-Baden, Germany”.

3.3 Personalised newsletter when downloading ebooks/white papers/studies

3.3.1 Description of the processing

In return for downloads of white papers/e-books/studies (referred to below as 'content') covering current topics in our business areas, you agree that we will send you personalised newsletters.

In the context of this agreement, we will process your e-mail address, company name and country as provided in order to send a newsletter. We use the 'double opt-in' procedure for newsletter registration. Once you have registered, we will send a message to the e-mail address provided in which we ask for confirmation. In order to prevent the misuse of your data and demonstrate this agreement, we store the access data recorded on registration as well as the confirmation message and the text used for this purpose.

Once you have confirmed, you are registered for the newsletter and your data will be saved in our customer database.

 

3.3.2 Purposes and legal bases of data processing

The sending of our newsletter is aimed at advertising products, solutions and services from our business divisions (ID & Fraud Management, Credit Risk Management, Payment and Financing Services and Receivable Management) to our business customers and informing them of events. We can only demonstrate such corporate diversity with the help of other companies in the Arvato Financial Solutions group of companies, which is why we are hereby entitled to pass on our data within our group of companies for promotional purposes. An overview of the companies in the Arvato Financial Solutions group of companies is available here.

If you agree to receive our free personalised newsletter, we collect statistical data about the use of our web services in order to optimise our services accordingly and adapt these (newsletter and other content) to your requirements. One or more cookies are saved on your PC for this purpose. These are used to collect data for marketing and optimisation purposes and are saved and processed further on the servers of our marketing automation tools. The data collected will be combined with personal data provided by you on the website in order to create a profile. You can stop the creation of a profile by disabling the cookie function in your browser. Further information can be found in Section 4.1.7 Marketing automation.

3.3.3 Duration of storage or criteria for determining the duration

Your data will be stored for the period of participation in the newsletter. Once the newsletter is unsubscribed and the agreement therefore terminated, your data will be stored as evidence that you agreed to the newsletter, and that we therefore acted lawfully. The same applies if you terminate the agreement. Data processing for advertising purposes will no longer take place in such a case.

3.3.4 Right of objection and removal

The newsletter can be cancelled and as such the agreement terminated at any time with future effect using the unsubscribe link in the e-mail, for example.

3.4 Business customer surveys

3.4.1 Description of the processing

If you have a business relationship with us, we shall occasionally use your data in order to conduct a customer survey to gauge your satisfaction with our services and to show potential for improvement. Participation in the survey is voluntary and shall only occur for customers who gave use their consent when the business relationship was established. The survey is conducted via service providers who are bound to our instructions as processor. We have assessed them pursuant to data protection law prior to commencing the survey.

3.4.2 Purposes and legal bases of data processing

The purpose of the survey is to improve our products, services and as such establish and maintain good customer relations. The basis under data protection law for this survey is found in point (f) of Article 6(1) GDPR. Our legitimate interest lies in that we wish to offer our customers a regular and efficient channel to make criticism so that we can adapt our services accordingly.

3.4.3 Duration of storage or criteria for determining the duration

The data used are stored in our CRM system for the duration of our contractual relationship. After the termination of our contractual relationship, the data shall only be used for a final customer satisfaction survey and then blocked for this purpose.

3.4.4 Right of objection and removal

You have the right to withdraw your consent to the use of your data for the purposes of the business customer survey at any time. You will find a note to that end in every e-mail inviting you to participate. You also have the right to object to the processing. You also have the right to request the erasure of your data pursuant to Article 17 GDPR. Furthermore, you have to right to rectification and of access to the data we store.

In order to exercise your rights as a data subject, please send a message to the contact address mentioned in section 1 or by e-mail to: newsletter-abbestellung@finance.arvato.com.

3.5 Online applications

3.5.1 Description and scope of data processing

Job vacancies are published on this website, whereby you can apply for a job. From the job vacancy you will be redirected to the applicant portal. As such, the actual data processing of your online application for the application process will not take place on this website. The controller for job vacancies is the company that has published the job vacancy and is seeking new employees. This company is also the company that receives your data when receiving your application. Your data will not be transferred to other parties unless this is required by law or you consent.

You can find general information about the controller, the purpose of data processing and the legal basis as well as possible recipients and the storage duration in the relevant job vacancy listing. You can obtain further information on the data processing of your online application for the actual application process when registering and creating an applicant profile.

3.5.2 Purpose and legal bases of data processing

When receiving your online application for a specific job vacancy, your data will be processed for recruitment purposes. When initiating an employment contract, your potential employer will then have a legitimate interest in ensuring you have the professional skills and personal suitability for the vacant position. The legal basis for processing your data is point (b) of Article 6(1) GDPR / Section 26(1) sentence 1 Federal Data Protection Act; establishment of a contractual relationship.

3.5.3 Duration of storage or criteria for determining this duration

Your data will be processed for as long as this is necessary for the establishment of an employment relationship. Once the online application is complete and the recruitment decision is made, your data will be deleted upon expiry of the statutory retention period (currently 6 months).

3.5.4 Right of objection and removal

The processing of your data is required for the establishment of an employment relationship, i.e. for (pre-)contractual purposes. There is consequently no possibility to object.

Which cookies are used?

Cookies are used on our website.  Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser you use. When the website is visited again, the web browser returns the content of the cookies, thus enabling the user to be recognised.  Cookies are limited to a given period (e.g. closing of the browser session). You can also configure and delete the cookies according to your preferences via your browser settings. If you delete the cookies prematurely, however, you may not be able to use all the features of our website.

The website differentiates between two types of cookies: function-based cookies and optional cookies. The function-based cookies are used to ensure the website functions smoothly from a technical and functional perspective (e.g. identification and authentication of the user, language settings, displaying visual recordings). Without the function-based cookies, the website services will only be available on a limited basis. The optional cookies help the optimisation of the website services, whereby the user behaviour is logged and analysed in a statistical form.

4.1 Web tracking

Services are built into the website to optimise the user friendliness and measure the reach of the website. Your access data (see section 2) will thus be logged and the user behaviour analysed with the help of analysis cookies (see section 3). Personal identification is not generally necessary for web tracking, which means that when your access data is logged, the saved IP address is either not used or only used in abbreviated form (abbreviation of the last octet) and anonymous user profiles created. This will generally not be combined with other data and you have the right to object at any time. Personal user profiles will only be created in exceptional cases and if you have consented.

Web tracking is usually conducted by involvement of service providers who process user profiles on our instruction and not for their own purposes. This is ensured by way of data processing agreements. If the service provider is based outside the European Union or the European Economic Area (hereinafter referred to as ‘EU’ or ‘EEA’), a third country transfer will take place. This is permitted if you have consented to this, we have established safeguards of an adequate level of data protection or the EU Commission has classed the relevant third country as a safe third country. The third country transfer of the relevant service is indicated below. You can obtain further information about the recipients of your data and the third country transfer in section 6 and section 7.

4.1.1 Adobe Tag Manager

This website uses Adobe Tag Manager for purposes of functionality. This service is provided by Adobe Systems Software Ireland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Tag Manager manages the web tracking services embedded in this website using ‘tags’ (placeholder for website code). Adobe Tag Manager only implements these tags. Cookies are used and Adobe Tag Manager does not log specific data. The Adobe Tool Manager only releases other tags, which in turn may log data. Adobe Tag Manager cannot however access this data.


4.1.2 Google Analytics

This website uses Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics creates an anonymous user profile to optimise the user-friendliness of the website. The anonymity is assured in that prior to transferring your data to Google, the IP address is abbreviated by the last octet and your personal identification is not possible. The anonymous user profile is analysed after transfer for the purposes of optimising the user-friendliness. Google does not combine this data with other data. Under a data processing agreement, the company ensures that Google only processes the data on its instructions.

A third country transfer does take place by the use of Google Analytics. By way of certification according to the EU-US Privacy Shield, Google ensures that  the European data protection level is guaranteed upon the third country transfer. You can find further information on the third country transfer in section 5.

You can object to the use of Google Analytics at any time by changing your browser settings and/or clicking on the following link to download and install the available browser plugins: https://tools.google.com/dlpage/gaoptout.

You can find more information on data processing by Google Analytics in Google's privacy policy: https://policies.google.com/privacy?hl=de.

 

4.1.3 Adobe Analytics (Omniture)

This website uses Adobe Analytics, a service provided by Adobe Systems Software Ireland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Analytics creates an anonymous user profile to optimise the user-friendliness of the website. The anonymity is assured in that prior to transferring your data to Adobe, the IP address is abbreviated by the last octet and your personal identification is not possible. The anonymous user profile is analysed after transfer for the purposes of optimising the user-friendliness. Adobe does not combine this data with other data. Under a data processing agreement, the company ensures that Adobe only processes the data on its instructions.

 

You can object to the use of Adobe Analytics at any time by changing your browser settings and/or clicking on the following link to download and install the available browser plugins: http://bertelsarvatoprod.d3.sc.omtrdc.net/optout.html.

You can find further information on data processing by Adobe Analytics in Adobe's privacy policy: https://www.adobe.com/de/privacy/policy.html.


4.1.4 Adobe Audience Manager

This website uses Adobe Audience Manager, a service provided by Adobe Systems Software Ireland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Audience Manager creates cross-channel anonymous target group profiles to address potential customers. The anonymity is assured in that prior to transferring your data to Adobe, the IP address is abbreviated by the last octet and your personal identification is not possible. The anonymous target group profile is analysed after transfer for the purposes of optimising the content-presentation. Under a data processing agreement, the company ensures that Adobe only processes the data on its instructions.

You can object to the use of Adobe Audience Manager at any time by changing your browser settings and/or clicking on the following link to download and install the available browser plugins: https://www.adobe.com/de/privacy/opt-out.html.

You can find further information on data processing by Adobe Audience Manager in Adobe's privacy policy: https://www.adobe.com/de/privacy/opt-out.html.

 

4.1.5 Google Ads

We use the ‘Google AdWords Conversion’ function provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Adwords Conversion enables our website to be included in the Google search results and on the websites of other providers who also participate in the Google advertising network. For this purpose, Google saves a cookie when you visit our website, which automatically enables interest-based advertising within the scope of the Google advertising network by way of an anonymous cookie ID and on the basis of your access data. If you are redirected to our website via a Google ad on another website, Google will also place a cookie on your computer. These Google cookies generally become invalid after 30 days and do not serve to identify you personally. These cookies merely allow Google to recognise your internet browser. If a user visits certain pages of the website within the Google advertising network and the cookie saved by Google has not yet expired, Google and the website provider can recognise that the user has clicked on the ad and was redirected to this website. Every website provider participating in the Google advertising network is assigned a different cookie by Google. Cookies can therefore not be tracked via the website of other website providers who also participate in the Google advertising network. For our part, we do not collect and process personal data as part of Google Adwords Conversion. We only receive statistical analyses from Google. On the basis of these analyses, we can recognise which of our advertisements are particularly effective in the Google advertising network. We do not receive any further information, and we cannot identify our users using this information. You can find further information on the advertising network of Google and Google’s privacy policy at: http://www.google.com/privacy/ads/

4.1.6 Hotjar

Our website uses Hotjar, a tracking code-based web analysis tool provided by Hotjar Ltd. (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta). Hotjar logs the interactions of randomly selected individual visitors to our website on an anonymous basis. This creates an anonymous log of mouse movements and clicks, for example, with the aim of determining possible improvements to the website.  Hotjar also analyses information on the operating system, browser, incoming and outgoing links, geographical origin, resolution and type of device for statistical purposes, on an anonymous and not personal basis. The anonymised information logged will be stored by Hotjar Ltd. for no more than six months and will not be transferred to third parties. You can find additional information on the functions and data use by Hotjar at: https://www.hotjar.com/privacy. You can opt out of the web analysis by Hotjar on all the web pages using Hotjar by deactivating a DoNotTrack header in your browser (opt out). To do this, following this link: https://www.hotjar.com/opt-out.

Hotjar assures full compliance with GDPR guidelines. Find out more: https://www.hotjar.com/legal/compliance/gdpr-commitment

 

4.1.7 Marketing Automation
We use marketing automation on our websites. Our marketing automation tool cookie is used to track lead information about websites visited and links to websites that have been clicked.
This is done primarily in order to provide information that is tailored especially to your interests. You can prevent the use of these cookies (see also 5. Cookies). Please bear in mind, however, that in this case you may not be able to make full use of all functions and sending you information, which requires the provision of personal data (for example, name and e-mail address) via an online form, may no longer be possible.

Our marketing automation tool has EU-US Privacy Shield certification. The EU-U.S. Privacy Shield is a data protection agreement intended to ensure an appropriate level of data protection for data transfers to certified US companies. The EU Commission determined the guaranteed level of data protection according to the EU-U.S. Privacy Shield in its decision dated 12.07.2016 (Ref. no. C(2016) 4176).

The EU Commission's decision can be viewed here: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

The current status of the certification according to the EU-U.S. Privacy Shield can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000Gnm2AAC.

This information will be deleted after a maximum of two (2) years. The cookie is a so-called first-party cookie which is managed by our website.

4.2 Purposes and legal bases of data processing

The legal basis for logging and analysing anonymous user profiles is point (f) of Article 6(1) GDPR in conjunction with Section 15(3) of the Telemedia Act (Telemediengesetz, TMG). The legitimate interest of the company lies in optimising the user-friendliness of the website and the reach measurement.

4.3 Duration of storage or criteria for determining the duration

The data that is logged and analysed when using web tracking services is usually stored until you object to their use. The storage duration of analysis cookies is no more than 24 months.

4.4 External services and content

We incorporate external services or content in our website. If you use such a service or if third party content is displayed to you, communications data between you and the relevant provider may be exchanged for technical reasons.

The provider of the relevant services or content may also process your data for other purposes of its own. To the best of our knowledge and belief, we have configured services or content from providers who are known to process data for their own purposes so that either no communication takes place for purposes other than to display the content or service on our website or communication only takes place if you have actively decided to use the service. The final responsibility for the processing of data for other purposes shall at all times lies with the third party provider.

You can find further information about the purpose and scope of the collection and processing of your data in the privacy policy of the relevant provider and controller under data protection regulations of the services and content incorporated by us:

YouTube: https://support.google.com/youtube/answer/7671399

Google Maps: https://maps.google.com/help/terms_maps.html

Who receives my data?

At our company, your data will only be accessed by those parties who require it to fulfil the purposes set forth in section 4. Service providers we use may also receive access to your data (hereinafter ‘processors’). The processors support us with the provision and user-friendliness of the website, with the sending of newsletters and e-books as well as with the performance of customer surveys. They are bound by our instructions and must provide for data security and the confidential treatment of your information under the contract data processing agreements we have concluded with them.

No data is transferred to other recipients such as advertising partners, providers of social media services or banks (‘third parties’) unless statutory provisions require this or if you have consented.

In connection with the participation in a newsletter, you consent and agree that your data will be transferred to the companies of the Arvato Financial Solutions group of companies. Internal data protection guidelines and joint management of data security ensures the confidential handling of your data and compliance with data protection law provisions. Data transfers for purposes other than those covered by consent or to other third parties do not take place.

 

Will my data be transferred outside the EU or EEA (third country transfer)?

If the service providers and/or third parties mentioned in section 5 are based outside the EU or EEA, your data may be transferred to a country which does not provide for the same standard of data protection as the EU or EEA. Such a data protection level can however be safeguarded with an appropriate guarantee. Such a guarantee may for example consist of the standard contractual clauses provided by the EU Commission. Any guarantee may be unnecessary if you consent or the third country transfer is required for the performance of our contractual relationship. The EU Commission also has recognised certain third countries, whereby the company does not need to obtain appropriate guarantees in this cases either.

A third country transfer does take place by the use of Google Analytics. The data is generally stored by Google within the EU. Only in exceptional cases such as due to technical maintenance can Google temporarily access the data from the USA. By way of certification according to the EU-US Privacy Shield, Google ensures that the European data protection level is guaranteed upon the third country transfer.

A third country transfer also takes place within the scope of advertisement. One company in the Arvato Financial Solutions group of companies is based outside the EU, in Switzerland. The EU Commission has recognised Switzerland as a secure third country which means that an adequate level of data protection can be ensured.

What are my data protection rights?

You have at any time the right to request information about the personal data concerning you we have stored. If data concerning you is incorrect or no longer current, you have the right to request its rectification. You also have the right to request the erasure or restriction of processing of your data in accordance with Article 17 or Article 18 GDPR. You may also have the right to be issued the data you have provided in a commonly used and machine-readable format (right to data portability).

If you have provided your consent to the processing of personal data for certain purposes, you way withdraw your consent at any time with future effect. Withdrawals must be sent to the company at the contact address provided in section 1. You may also withdraw any consents you have provided on the website under section 4.3.4.


In accordance with Article 21 GDPR, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR.

You also have the right to object at any time to processing of your personal data for the purposes of direct advertising. The same applies to automated processes when using individual cookies, where these are not absolutely necessary to provide the website.

You may also contact the data protection authorities and lodge a complain with them. The competent authority is

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg

 

Königstraße 10 a
70173 Stuttgart
0711 6155410
poststelle@lfdi.bwl.de

You can also contact the competent data protection authority at your place of residence.

 

To what extent does automated decision-making take place?

We do not use any fully automated decision-making processes for any of the purposes set out in section 4.

See section 3.2 / 3.3 regarding profiling

Date of this privacy policy 25 July 2018

Last modified 13 March 2019

Contact