The data protection information meets the requirements of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). It provides you with an overview of the processing of your personal data (hereinafter referred to as "data") on this website.

The individual companies of the

Arvato Systems Group *

Reinhard-Mohn-Straße 18

33333 Gütersloh

info@arvato-systems.de

Tel.: +49-5241-80 0

(hereinafter referred to as "company") are jointly responsible for processing your data on this website. In a joint responsibility agreement, it has been agreed that Arvato Systems GmbH will manage the operation of the website and the lifecycle of all IT applications necessary for joint processing on behalf of the Arvato Systems Group and will act as the contact for all data protection issues. 

The company processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

You can contact the company's data protection officer at the above postal address, with the addition "To the data protection officer," or at the following email address: datenschutz@arvato-systems.de

When you visit the website, information is automatically collected from the accessing computer (hereinafter referred to as “access data”). This access data includes server log files, which usually contain information about the browser type and version, the operating system, the Internet service provider, the date and time of use of the website, the websites previously visited, and the websites newly accessed via the website, as well as the IP address of the computer. Except for the IP address, the server log files are not personal. An IP address is personal if the data subject can be identified based on additional information.

If you continue to use the services of the website, pseudonymous usage profiles and/or the data you enter on the website (e.g., search terms, login data, ratings, form or contract entries, click data) will be processed.

Some services on the website require you to provide the company with personal data. In these cases, the data you provide will be used to deliver the desired service or to process the request. The following personal data may be processed on the website: user data such as email address and password, address data, contact details, as well as image, video, and audio recordings.

Cookies are used on this website. Cookies are small text files that are stored on your computer when you visit a website. The stored cookies are assigned to the browser you are using. When you revisit the website, the web browser sends the contents of the cookies back, enabling the user to be recognized.

Certain cookies are deleted when you log out or close your browser (so-called "transient cookies"). Other cookies are stored for a specified period of time or permanently (so-called "temporary cookies" or "persistent cookies"). These cookies are automatically deleted after the defined period of time has expired.

The cookie query that appears when you first visit our website gives you the option to agree to, change, or reject the use of cookies. Cookies that are essential for providing the web service (see explanation under 3.1) cannot be dismissed. You can delete stored cookies at any time in your browser's security settings and configure cookie use according to your preferences. However, we would like to point out that you may then not be able to use all the functions of this website.

Cookies are essentially online identifiers that do not contain any personal information. Cookies become personal when the information they generate is combined with other data. A distinction can be made between cookies necessary for the provision of the website and those necessary for different purposes, such as analyzing user behavior or advertising.

The purposes of data processing may arise from technical, contractual, or legal requirements, as well as from consent, where applicable. We use the data referred to in section 2 for the following purposes:

• to provide the website and ensure technical security, to correct technical errors, and to ensure that unauthorized persons do not gain access to the website's systems
• to manage consent and store cookie settings
• to measure reach and perform web analytics to make the website more efficient and enjoyable for you, as well as to conduct market research.
• to carry out our own and third-party advertising (online advertising);
• for communication, contract initiation, and customer care;
• for advertising purposes
• for registration/participation in events

Further information on these data processing purposes can be found in the following sections of this privacy policy.

4.1 Technical provision of the website

4.1.1 Description and scope of data processing

To ensure the website's functionality, perform security analyses, and defend against attacks, the server log files are automatically collected and temporarily stored as part of the access data generated by the accessing computer when entering and using the website, in accordance with Section 2. The server log files are not stored together with other data. We use server log files for statistical evaluations, to analyze and remedy technical malfunctions, to defend against attacks and fraud attempts, and to optimize the website's functionality.

4.1.2 Purposes and legal basis of data processing

The legal basis for the collection of server log files is Art. 6 (1) (f) GDPR and § 25 (2) No. 2 TDDDG. The company's legitimate interests lie in the functionality of the website, the performance of security analyses, and the prevention of dangers.

4.1.3 Duration of storage or criteria for determining this duration

After a website is accessed, the server log files are stored on the web server, and the IP address contained therein is deleted at the latest within 7 days. An evaluation during this storage period is conducted only in the event of an attack.

4.1.4 Right to object and right to erasure

You have the right to object to the processing of your data in the context of server log files, provided there are reasons for this arising from your particular situation. If you wish to exercise your right to object, please contact the address given in section 1.

4.2 Consent with UserCentrics

4.2.1 Description and scope of data processing

We use Usercentrics cookie consent technology on our website to obtain your consent to the storage of certain cookies on your device, to the use of specific technologies, and to document this in accordance with data protection regulations. This technology is provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you visit our website, the following personal data is transferred to Usercentrics:

• Your consent(s) or the revocation of your consent(s)
• Your IP address
• Information about your browser
• Information about your device
• The time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to assign the consents you have given or their revocation to you.

4.2.2 Purposes and legal basis of data processing

Usercentrics is used to obtain the legally required consent for the use of specific technologies. The legal basis for this is Art. 6 (1) (c) GDPR.

4.2.3 Duration of storage or criteria for determining this duration

The collected data will be stored until you request that we delete it, delete the Usercentrics cookie yourself, or the purpose for which the data was stored no longer applies. Mandatory legal retention obligations remain unaffected.

4.2.4 Options for objection and removal

Processing your data is necessary to fulfill the legally required consent requirement. In this respect, you have no right to revocation.

4.3 Contact form, email, and telephone contact

4.3.1 Description and scope of data processing

On the website, you can find ways to contact us via the contact form, email, or phone. If you choose to do so, the data entered in the contact form, your email address and/or your phone number, and your request will be transmitted to the company. Depending on the nature of your request (e.g., questions about the company's products and services, or the exercise of your rights as a data subject, such as the right to information), your contact details will be processed further (also with the help of service providers). If necessary for the processing of your request, your contact details may be forwarded to third parties (e.g., partner companies).

To ensure sufficient data security when transmitting forms, we use Google Ireland Limited's reCAPTCHA service in some instances. This is primarily used to distinguish whether the input is made by a natural person or by automated processing. The service includes sending the IP address and, if necessary, other data required by Google for the reCAPTCHA service. Google Ltd.'s separate privacy policy applies to this. Further information on Google Ltd.'s privacy policy can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.

4.3.2 Purposes and legal basis of data processing

The legal basis for processing your contact details is Art. 6 (1) lit. f GDPR. The legitimate interest lies in processing your specific request and in further communication. If your contact is intended to conclude a contract with the company, the legal basis for processing your contact details is Art. 6 (1) lit. b GDPR.

We use the reCAPTCHA service based on our legitimate interest in preventing fraudulent activities in accordance with Art. 6 (1) lit. f GDPR and § 25 (2) No. 2 TDDDG.

4.3.3 Duration of storage or criteria for determining this duration

Once your request has been processed and further communication has been concluded, your contact details will be deleted. This does not apply if your contact is intended to conclude a contract with the company, or if you assert your rights as a data subject, such as the right to information. In this case, the data will be further processed on a new legal basis and deleted as soon as the purpose of processing has been fulfilled, and the statutory retention periods have expired.

4.3.4 Options for objection and removal

You have the right to object to the processing of your contact details if there are reasons for this arising from your particular situation. If you wish to exercise your right to object, please contact us at the address given in section 1. If you object, we will not be able to continue processing your request. Otherwise, the storage of your contact details is necessary for the initiation of a contract, the fulfillment of a contract, or the assertion of your rights as a data subject.

4.4 Assertion of data subject rights

4.4.1 Description and scope of data processing

The website offers you the opportunity to assert your rights as a data subject, such as the right to information. To assert your rights as a data subject, it may be necessary for you to provide us with information about yourself and the individual data processing operations. Without this information, we will not be able to fulfill your rights as a data subject.

4.4.2 Purposes and legal basis of data processing

The legal basis for the processing of your personal data when exercising your rights as a data subject is Art. 6 (1) (c) GDPR, the fulfillment of a legal obligation.

4.4.3 Duration of storage or criteria for determining this duration

We store correspondence with you regarding the assertion of data subject rights for three years. This does not apply to documents used to verify your identity, such as a copy of your identity card, if you have provided Bertelsmann and/or its subsidiaries with such a document. This will be deleted at the latest within one week of your identity being verified.

4.4.4 Options for objection and removal

Processing your data is necessary to fulfill your rights as a data subject. In this respect, there is no right of withdrawal.

4.5 Advertising

4.5.1 Description and scope of data processing

The website offers the option to register for promotional communications from Arvato Systems, including a newsletter with product and service information, occasional surveys, and free content downloads. The personal data you enter via a registration form and your consent for advertising purposes in the double opt-in procedure are stored in our CRM system and further processed (also with the help of service providers) for advertising purposes.

Please note that the company may evaluate your user behavior when sending advertising communications. For this evaluation, the emails sent contain so-called web beacons, or tracking pixels, i.e., single-pixel image files stored on the website. For assessments, the company can link your data to web beacons, your email address, and an individual ID. With the data obtained this way, the company can create a user profile to tailor the newsletter to your individual interests. When you read the emails, the company records which links you click and uses this information to infer your personal interests. The company can link this data to the actions you have taken on our website.

4.5.2 Purposes and legal basis of data processing

Processing your data via the registration form is necessary for the company to contact you for advertising purposes. The legal basis for the processing of data during registration is consent in accordance with Art. 6 (1) (a) GDPR, with reference to § 7 (2) No. 3 of the German Unfair Competition Act (hereinafter referred to as "UWG"). Your user behavior is evaluated in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. If you are contacted within the scope of our existing business relationships, data processing is carried out based on Art. 6 (1) (f) GDPR, with reference to Art. 13 (2) of the ePrivacy Directive. The company has a legitimate interest in advertising to existing customers.

4.5.3 Duration of storage or criteria for determining this duration

The data will be stored during the advertising campaign. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until contractual and/or legal obligations have been fulfilled and there are no legal retention periods preventing deletion.

4.5.4 Options for objection and removal

You can revoke your consent to receive advertising at any time by clicking on the unsubscribe link provided in every advertisement or by sending your revocation for advertising to Arvato Systems by email to info@arvato-systems.de or by post to "Arvato Systems GmbH, Reinhard-Mohn-Straße 18, 33333 Gütersloh."

4.6 Registration for events

4.6.1 Description and scope of data processing

You can register for Arvato Systems events via the website. The events include presentations on current topics and developments in the IT sector, as well as Arvato Systems' service portfolio and new products and services. These events are generally aimed at business customers. You can register for individual events using a registration form. The data required for registration is collected and processed to attend the event. Within the registration form, you can also arrange personal meetings with Arvato Systems to discuss your interests and sales. Registration is voluntary.

In addition, images and audio recordings are regularly captured at our events, some of which are published on our website and social media channels, as well as in internal and external reports. In addition to photos and video recordings, metadata such as the recording time and location, as well as the camera location, is automatically stored.

Your data will be shared with third parties (e.g., event organizers) only when necessary for your participation in the event.

4.6.2 Purposes and legal basis of data processing

We use your personal data to contact you, to register and hold events, and for advertising purposes. The legal basis for registering for an event is Art. 6 (1) (f) GDPR. Customer care and customer acquisition are legitimate interests. If you have given your consent to receive advertising by telephone and/or email, Art. 6 (1) (a) GDPR serves as the legal basis.

The legal basis for taking and storing photos and videos at an event is Art. 6 (1) sentence 1 lit. Under GDPR, based on our legitimate interest in reporting on the event. The legal basis for publishing the photos and videos is Sections 22 and 23 of the German Art Copyright Act (KUG).

4.6.3 Duration of storage or criteria for determining this duration

Your data will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations are preventing its deletion.

4.6.4 Options for objection and removal

You have the right to object to the processing of your registration data if there are reasons for this arising from your particular situation. If you wish to exercise your right to object, please contact us by email at info@arvato-systems.de or by post at Arvato Systems, Reinhard-Mohn-Straße 18, 33333 Gütersloh, Germany. If you object, the registration cannot be continued.

4.7 Links to other websites

This website contains links to websites operated by other website operators. Clicking the links will take you to the respective website (e.g., the career page or social networks). Except for your access data for the provision of the respective other website, no data about you will be transmitted to the other website operators.

The privacy policy applies exclusively to this website. We are not responsible for the privacy policies of other website operators. Nevertheless, when visiting the linked websites, we recommend that you also read their privacy policies carefully.

4.8 External services and content on our website

We integrate external services or content on our website. When you use such a service or view third-party content, communication data is exchanged between you and the respective provider for technical reasons.

In addition, the provider of the respective services or content may process your data for their own purposes. To the best of our knowledge and belief, we have configured services or content from providers who are known to process data for their own purposes in such a way that either no communication takes place for purposes other than the display of content or services on our website, or communication only takes place when you actively decide to use the service. However, as we do not influence the data collected by third parties or their processing, we cannot provide any binding information on the purpose and scope of their processing of your data.

For further information on the purpose and scope of the collection and processing of your data, please refer to the privacy policies of the providers of the services or content integrated by us, who are responsible for data protection:

• YouTube: https://support.google.com/youtube/answer/7671399
• Google Maps: https://maps.google.com/help/terms_maps.html

Within the company, those departments that need your data to fulfill the purposes described in section 4 will have access to it. Service providers employed by the company (see https://www.arvato-systems.com/privacy-policy/subprocessors) may also have access to your data (so-called “processors,” e.g., data centers, newsletter dispatch, competition handling, customer service, or accounts receivable management). Contracts for order processing ensure that instructions, data security, and the confidential handling of your data are bound to these service providers.

Data will be shared with other recipients only at your request or if required by law. The data transfer covers the following third parties:

• Providers of social media services who combine your data with the data already stored on the website for their own purposes.
• Providers of measurements and web analyses that are used to measure the reach of websites and to create usage profiles.
• Partner companies to which you refer in your inquiry

Public authorities and institutions, such as law enforcement agencies, have access to your data due to legal or official obligations.

If the service providers and/or third parties outside the EU or EEA mentioned in section 5 process your data for the purposes set out in section 4, this may result in your data being transferred to a country where an adequate level of data protection cannot be guaranteed in accordance with EU or EEA standards. However, such a level of data protection can be ensured through an appropriate guarantee. When selecting service providers, Arvato Systems takes the necessary steps to ensure an equivalent level of data protection.

You have the right to obtain information about the personal data we have stored about you at any time. If your data is incorrect or no longer up to date, you have the right to request that it be corrected. You also have the right to request the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to receive the data you have provided in a commonly used, machine-readable format (the right to data portability).

If you have given your consent to the processing of personal data for specific purposes, you can revoke this consent at any time with effect for the future. The revocation must be sent to the company at the contact address specified in section 1. You can also revoke consent given on the website in section 4.4.5, or by clicking the unsubscribe link in the respective newsletter.

In accordance with Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data that is based on the legal basis of Art. 6 (1) lit.f You also have the right to object at any time to the processing of your personal data for direct marketing purposes. The same applies to automated procedures that use individual cookies, unless they are necessary for the provision of the website.

In addition, you can contact a data protection authority to file a complaint. A list of data protection authorities and their contact details can be found here: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html.

We do not use fully automated decision-making for the purposes mentioned in section 4, and no profiling is carried out.