Privacy Policy
for the Arvato Systems Group
The Privacy Policy complies with the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter “GDPR”) and provides you with an overview regarding the processing of your personal data (hereinafter referred to as “data”) on the Arvato Systems website.
1. Who Is Accountable for Processing My Personal Data?
The companies of the
Reinhard-Mohn-Straße 18
33333 Gütersloh
Tel.: +49-5241-80 0
(hereinafter referred to as "company") are responsible for processing your data on this website. The company processes personal data in accordance with the GDPR and laws locally applicable.
The company data protection officer can be reached at the above postal address by adding “For the attention of the data protection officer” or at the email address: datenschutz@arvato-systems.de.
2. What Data Is Collected?
When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information about your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you, and the websites you accessed from our website, in addition to the IP address of your computer. Except for your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable if the data subject can be identified from further details.
If you continue to use the website's services, pseudonymous usage profiles and/or the data entered by you on the website (for example, search words, login data, ratings, form or contract entries, click data) will be processed.
Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g., search queries, entries made in forms or contracts, click data).
3. Which Cookies Are Used?
This website uses cookies. Cookies are small text files that are stored on your computer when you visit a website. The stored cookies are assigned to the browser you use. If the corresponding website is re-visited, the web browser sends the contents of the cookies back and thus enables the user to be recognized.
Certain cookies are deleted when you log out or end the browser session (so-called "transient cookies"). Other cookies are stored for a specified time or permanently (so-called "temporary cookies" or "persistent cookies"). These cookies are automatically deleted after the defined time has elapsed.
You have the option of agreeing to the use of cookies, changing them or rejecting them via the cookie query that appears when you first visit our website. Cookies, which are essential for providing the web service (see explanation under 3.1), cannot be rejected. You can delete the stored cookies in the security settings of your browser at any time and configure the use of cookies according to your wishes. We would like to point out, however, that you may then not be able to use all functions of this website.
Basically, cookies are only an online identification without personal reference. Cookies become personal when the information generated by cookies is combined with other data. A distinction can be made between cookies that are required for the provision of the website and cookies that are required for further purposes such as analysis of user behaviour or advertising.
3.1 Functional Cookies
These cookies are essential for the proper functioning of the website. They enable navigation through the pages as well as basic functions, these include:
- Cookies that serve to identify or authenticate users.
- Cookies that temporarily store specific user input (e.g., the content of an online form).
- Cookies that store particular user preferences (e.g., search or language settings).
- Cookies that store data to ensure trouble-free playback of video or audio content. The legal basis for these cookies is Art. 6 para. 1 lit. f DSGVO. The storage period of the cookie settings as a website visitor is 14 days.
3.2 Analytical Cookies
These cookies are used to better understand user behavior. Analytical cookies enable the collection of usage and recognition possibilities in so-called pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual website visitors or to analyze user behavior based on anonymous and pseudonymous information. A direct conclusion on a person is not possible. The legal basis for these cookies is Art. 6, para. 1 lit. a DSGVO.
3.3 Marketing Cookies
These cookies and similar technologies are used to show you personalized and, thus, advertising-relevant content. This creates a pseudonymous interest profile and the placement of relevant advertising on other websites (retargeting). A direct conclusion to a person is not possible within the website. Marketing and retargeting cookies help us to display possible relevant advertising content for you. You will continue to see the same number of advertisements by suppressing marketing cookies, but they may be less relevant to you. The legal basis for these cookies is Art. 6 para. 1 lit. a DSGVO.
3.3.1 Web Tracking Services
The website includes services that optimize the user experience and measure the website's reach. Your access data (see section 2) is recorded, and usage behavior is evaluated with the help of analysis cookies (see section 3). For web tracking, personal identification is generally not required. When your access data is collected, the stored IP address is either not used or only used in a shortened form (shortening by the last octet), and pseudonymous usage profiles are created. In doing so, these are generally not merged with other data, and you have the option to revoke this at any time.
Web tracking services are usually provided by service providers who process the data according to the controller's instructions as so-called order processors. This is ensured using contracts for commissioned processing. Suppose the service providers process your data outside the European Union or the European Economic Area ("EU or EEA"). In that case, a so-called third-country transfer occurs. This is permitted if you have consented to it. The company has created guarantees for a level of data protection appropriate to the European standard, or the EU Commission has classified the respective third country as a safe third country. The third-country transfer of the individual service is marked below. Further information on the recipients of your data can be found in section 5.
The legal basis for collecting and analyzing pseudonymous usage profiles is Art. 6 para. 1 lit. a DSGVO.
The individual web tracking services of the website are described in more detail below:
3.4.1 Google Analytics
This website uses the Google Analytics service. The provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin. Google Analytics creates a pseudonymous usage profile to optimize the website's user-friendliness. The pseudonymity is ensured because before Google stores your data, the IP address is shortened, and it is impossible to conclude your person. The pseudonymous usage profile is evaluated after transmission to optimize user-friendliness. Through Google Analytics, a third country transfer takes place (for further details, see section 6).
The company ensures an appropriate level of data protection via an order processing contract and the conclusion of further guarantees.
You can find more information on data processing at Google Analytics in the Google privacy policy: https://policies.google.com/privacy?hl=de.
Google Tag Manager is a solution that lets you manage website tags through one interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect personal data. The tool takes care of triggering other tags, which may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain for all tracking tags implemented with Google Tag Manager.
The data collected and analyzed during Google Analytics and Google Tag Manager are generally stored until you object to their use. The storage period of the analysis cookies is a maximum of 24 months.
3.4.2 Google Ads
We use the Google AdWords Conversion feature of Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (Google). Through Google Adwords Conversion, we advertise the website in Google search results and on the websites of other providers who also participate in the Google advertising network. When you visit our website, a Google Cookie is set, which automatically enables interest-based advertising within the Google advertising network using a pseudonymous cookie ID and based on your access data. If you reach our website via a Google ad on another website, Google will also set a cookie. These Google cookies generally expire after 30 days and are not intended to identify you personally. These cookies only enable Google to recognize your internet browser. Suppose a user visits certain website pages within the Google advertising network and the cookie stored by Google has not expired. In that case, Google and the website provider can recognize that the user clicked on the ad and was redirected to this website. Google assigns each website provider participating in the Google advertising network a different cookie. Therefore, cookies cannot be tracked through the website of other website providers who also participate in the Google advertising network. We do not collect and process any personal data in the context of Google AdWords Conversion. We only receive statistical evaluations from Google. Using these evaluations, we can recognize which advertisements are particularly effective in the Google advertising network. We do not accept any further data; in particular, we cannot identify our users based on this information. Additional information on the Google advertising network and the Google privacy policy can be found at: http://www.google.com/privacy/ads/.
3.4.3 Matomo
We use the service "Matomo" based on your consent by Art. 6 para. 1 lit. a. DSGVO the service "Matomo" offered by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769).
With the help of Matomo, we can optimize our online offer by collecting and analyzing data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g., IP address, referrer, browsers, and operating systems used) and can measure whether our website visitors perform specific actions (e.g., clicks, purchases, etc.).
The service (Matomo) uses "cookies" - text files stored on your terminal device. The information collected by the cookies is usually sent to a Matomo server in Germany and stored there so that, technically, no third country transfer takes place. Insofar as a data transfer from InnoCraft's company headquarters to outside the EEA occurs, this is secured by an EU adequacy decision for New Zealand.
We have set Matomo so that IP addresses are only processed in abbreviated form to limit direct personal reference. The end of your IP address is replaced by zeros directly after collection through IP anonymization.
You can prevent the storage of cookies on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies. Here you can find more information about the use of data by the Matomo Cloud: https://matomo.org/matomo-cloud-privacy-policy/.
3.4.4 LinkedIn Insight Tag
Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows the following information to be collected: IP address, device and browser characteristics, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal information with Arvato Systems but provides anonymized reports about the website's target audience and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Arvato Systems may use this data to display targeted advertising outside its Web site without identifying you as a Web site visitor. For more information about LinkedIn's privacy policy, please refer to the LinkedIn privacy statement.
LinkedIn members can control the use of their personal information for promotional purposes in their account settings. To disable ("opt-out") the Insight tag on our website, click here.
3.4.5 Use of SalesViewer® technology
This website collects and stores data for marketing, market research, and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.
The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose. The deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, click this link again.
3.4.6 Meta Pixel (formerly Facebook Pixel)
Our website uses the conversion tool "Meta Pixel (Facebook Custom Audiences)" from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of the Meta Pixel, Facebook/Instagram is able to determine you as a visitor to our website as a target group for the placement of ads on Facebook and Instagram. For this purpose, Meta compares your user data (IP address, user ID) with the data of your Facebook/Instagram account. The data collected by Meta is anonymous to us and is deleted after 30 days. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/privacy/policy/). This use of the data cannot be controlled by us as the website operator.
We use the Meta pixel to show the ads we place on Facebook/Instagram only to those users who have also shown an interest in our website or who have certain characteristics (e.g. interests in certain products determined on the basis of the websites visited) that we transmit to Meta (so-called "custom audiences"). In addition, we can track the effectiveness of the advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook/Instagram advertisement (so-called "conversion"). You can find more information on data protection at Meta in the Meta data protection information. You can check and adjust your Facebook/Instagram ad settings yourself at any time.
4. What Personal Data Is Collected and for What Purpose?
The purpose of data processing may be based on technical, contractual, or statutory requirements or result from the user has given consent.
We use the data described in section 2 for the following purposes:
- To provide website features and content and ensure technical security in trouble-shooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
- To conduct marketing reach measurements and web analyses to make our website more efficient and interesting for you and market research purposes;
- To implement our own and external advertising (online advertising);
- For communication, completion of precontractual procedures, and customer care purposes;
- For advertising purposes
- For event registration and participation
For information on other data processing purposes, please refer to the sections below of this Privacy Policy.
4.1 Provision of the Website
4.1.1 Description and scope of data processing
To enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and optimize the proper functioning of our website.
4.1.2 Purpose and legal basis of data processing
The legal basis for the creation of server log files follows Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses, and defending against threats.
4.1.3 Duration of storage or criteria applied in defining this period
When our website pages are accessed, information is logged to server log files stored on our web server; the IP address is deleted after seven days at the latest. No analysis is conducted during this time unless there is a denial of service or other attacks.
4.1.4 Options for lodging an objection and having your data removed
You have the right to object to processing your data contained in the server log files, provided compelling reasons that arise from your specific situation. If you would like to exercise your right to object, please write to the contact address in section 1.
4.2 Contact Form, Email, and Telephone Contact Information
4.2.1 Description and scope of data processing
On our website, you can contact us through a contact form, email, telephone, or chat using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address, and/or your phone number is disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g., submitting a request for information), your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g., partner companies).
To ensure sufficient data security during the transmission of forms, we use, in some instances, the service reCAPTCHA of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, based on your consent. This differentiates whether the input is made by a natural person or misused by mechanical and automated processing. The service includes the transmission of the IP address and any other data required by Google for the reCAPTCHA service. The differing data protection provisions of Google Ltd. apply here. Further information on the data protection guidelines of Google Ltd. can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.
4.2.2 Purpose and legal basis of data processing
The legal basis for processing your contact details follows from Art. 6(1)(f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose of establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6(1)(b) GDPR.
4.2.3 Duration of storage or criteria applied in defining this period
Your contact details are deleted once your request has been processed and further communication has been discontinued. This applies if the purpose of your contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g., request information). In this case, the data will be further processed on a new legal basis and deleted as soon as the processing purpose and the legal retention periods are fulfilled.
4.2.4 Options for lodging an objection and having your data removed
You have the right to object to processing your contact information provided that there are compelling reasons that arise from your specific situation. If you would like to exercise your right to object, please write to the contact address in section 1. If you object, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract, or exercising your rights as a data subject.
4.3 Asserting Your Rights as a Data Subject
4.3.1 Description and scope of data processing
On the website, you have the possibility of asserting your rights as a data subject, e.g., request information on your personal information that we currently store. To maintain your rights as a data subject, you may need to provide information to Bertelsmann and/or its subsidiaries about your person and the specific information that has been processed. Bertelsmann and/or its subsidiaries cannot cater to your rights as a data subject without providing this information.
4.3.2 Purpose and legal basis of data processing
The legal basis for processing your data in asserting your rights as a data subject follows from Art. 6 (1) point c GDPR, “Complying with a legal obligation”.
4.3.3 Duration of storage or criteria applied in defining this period
We store correspondence with you regarding the assertion of data subject rights for three years. An exception to this is a copy of your ID card marked for clarification of your identity, for example, if you have provided Bertelsmann and the subsidiaries with one. This will be deleted again within one week after your identity has been established.
4.3.4 Options for lodging an objection and having your information removed
The processing of your information is required for complying with your rights as a data subject, and to that extent, you have no right to revoke your consent to its processing.
4.4 Advertising purposes
4.4.1 Description and scope of data processing
The website offers the possibility of registering to receive advertising communication from Arvato Systems, which, in addition to a newsletter with information on products and services, may also include occasional surveys and allow you to download content free of charge. The personal data entered by you and your consent for advertising purposes in the double opt-in procedure will be stored in our CRM system of the company and processed further (also with the help of service providers) for the advertising purposes of sending newsletters.
We point out that the company may evaluate your user behavior when sending advertising communication. The emails sent include web beacons or tracking pixels, which are one-pixel image files stored on the website to carry out this evaluation. The company can link your data and the web beacons with your email address and an individual ID for assessments. The company can create a user profile to tailor the newsletter to your interests with the data obtained. The company can record which links you click on when you read the emails and can use these to derive your interests. The company can associate this data with your behavior on our website.
4.4.2 Purpose and legal basis of data processing
The processing of your data via the registration mask is necessary for the promotional approach by the company. The legal basis for the processing of the data during registration is consent, according to Art. 6 para. 1 lit. a DSGVO using § 7 para. 2 No. 3 Law against Unfair Competition (referred to as "UWG"). If you are contacted in the context of our existing business relationships, the data processing is based on Art. 6 para. 1 lit. f DSGVO using § 7 para. 3 Law against Unfair Competition (referred to as "UWG"). The legitimate interest of the company lies in the acquisition of existing customers.
4.4.3 Duration of storage or criteria applied in defining this period
The data will be stored for as long as the advertising communication is subscribed to. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until the contractual and/or legal obligations have been fulfilled, and deletion is not precluded by statutory retention periods.
4.4.4 Options for lodging an objection and having your data removed
You may revoke your consent to receive promotional communications by clicking on the unsubscribe link provided in each promotional communication or by sending your revocation for promotional communications to Arvato Systems via e-mail info@arvato-systems.de or by mail "Arvato Systems GmbH, Reinhard-Mohn-Straße 18, 33333 Gütersloh".
4.5 Events
4.5.1 Description and scope of data processing
On our website, you can register for Arvato Systems’ events. The events include lectures on current topics and developments in the IT sector and presentations of the service portfolio and new products and services of Arvato Systems. The addressees of these events are usually business customers. You can register for the individual events via a registration form. The data required for registration is collected and processed for attending the event. The registration form also allows you to arrange personal interest and sales meetings with Arvato Systems. Registration is voluntary.
In addition, our events are regularly recorded with images and sound, some of which are published on our homepage, on our social media channels, or as part of external and internal reporting. In addition to the photo and video recordings, metadata such as the location and time of the recording location are automatically stored in the digital cameras.
Your data will only be passed on to third parties (e.g., organizers) if necessary for your participation in the event.
4.5.2 Purpose and legal basis of data processing
We use your data to contact you, register you, organize events, and advertising purposes. The legal basis for registering an event is Art. 6 para. 1 lit. f GDPR. The legitimate interests lie in customer care and customer acquisition. If you have consent to be contacted by telephone and/or e-mail for advertising purposes, Art. 6 I lit. a GDPR serves as the legal basis.
The legal basis for taking and storing photographs and video recordings at an event is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in reporting on the event. The legal basis for publishing the photo and video recordings is §§ 22, 23 Kunsturhebergesetz (KUG).
4.5.3 Duration of storage or criteria applied in defining this period
Your data will be stored until the end of the event as soon as they are no longer required for their intended purpose, and the deletion does not conflict with any statutory storage obligations.
4.5.4 Options for lodging an objection and having your data removed
You have the right to object to processing your registration data if there are grounds for doing so that arise from your particular situation. If you wish to exercise your right to object, please contact Arvato Systems by e-mail at info@arvato-systems.de or by mail at "Reinhard-Mohn-Straße 18, 33333 Gütersloh". If you object, the registration cannot be continued.
4.6 Links to Other Websites
This website contains links to websites of other website operators. When you click on the links, you will be directed to the respective website (e.g. career site, social networks). With the exception of your access data for the provision of the respective other website, no data will be transmitted from you to the other website operators.
The data protection information applies exclusively to this website. We are not responsible for the data protection information of other website operators. Nevertheless, when you visit the linked websites, we recommend that you also read their data protection notices carefully.
4.7 External Services and Content on Our Website
We integrate external services and content on our website. If you use one of these services or are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.
That provider may use your data for their purpose. To the best of our knowledge and belief, we have configured the services or content of third-party providers who are known to use data for their purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them, we are unable to make any binding statements about the purpose and scope of the processing of your data.
For further information on the purpose and scope of the collection and processing of your data, please refer to the privacy policy of the responsible provider (under data protection law) of the services or content integrated by us:
5. Who Comes into Possession of My Personal Data?
Those entities within the company who need your data to fulfil the purposes described in Section 4 above. Also, service providers employed by the company may gain access to your data (“proces-sors”, such as data centres, newsletters, customer service or debtor management). Data processing contracts ensure that these service providers commit to instructions, data security and the confiden-tial handling of your data.
Your data is only transferred to other recipients at your request or if required by law. The following third parties are included in the data transfer:
- Providers of social media services that for their own purposes merge your data from the website with the data already stored there.
- Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
- Affiliate companies to which you refer in your request
Public bodies and institutions, such as law enforcement agencies, who receive access to your data for reasons of compliance with legal or regulatory obligations
6. Is My Personal Data Processed outside of the EU or EEA (‘Transfer to a Third Country’)?
If the service providers listed in Section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in Section 4, this may result in your data being transmitted to a coun-try where a level of data protection equivalent to that in the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. When selecting service providers, Arvato Systems takes the necessary steps to contractually ensure an equivalent level of data protection.
7. What Data Privacy Rights Do I Have?
You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).
If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.
Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situa-tion to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal infor-mation for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.
You also have the possibility to contact a data protection authority and file a complaint. A list of data protection authorities and their contact data can be found here.
8. To What Extent Is Automated Decision-Making and Profiling Utilised?
We do not use any fully automated decision-making processes for any of the purposes set out in section 4. No profiling takes place for any of the purposes set out in section 4.
9. End / Version Information
As the site evolves and new technologies are introduced to improve our service to you, changes to these privacy statements may be required. Therefore, we recommend that you review these privacy statements from time to time.
Last update of the Privacy Policy: April 2022