1. General information on the collection of personal data and information

a) The protection of your privacy when using our websites is very important to us. Accordingly, we use your personal data in accordance with the statutory provisions on data protection and privacy. Personal data is all data that is related to you personally, e.g. name, address, e-mail address, user behavior. Below we inform you about how we handle your personal data.

b) The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and other national data protection and privacy laws of the member states as well as other data protection and privacy provisions is:

ARVOS GmbH
Ellenbacher Straße 10
D – 34123 Kassel
Managing Directors: Karsten Stückrath, Ralf Keil und Thorben Schäfer
Tel.: +49 (0)561 9527 130
Fax: + 49 (0)5619527 109
E-Mail: datenschutz.scs@arvos-group.com

Data Protection Officer according to Art. 37 of the EU General Data Protection Regulation (GDPR) and § 5 BDSG (German Federal Data Protection and Privacy Act) is:

bpc GmbH

Dr. Thomas Balzer 
Einigkeitstraße 9
45133 Essen

Tel.: +49 (0) 201 890 881 - 13

E-Mail: thomas.balzer@b-p-c.eu

Internet: www.b-p-c.eu 

You can reach our data protection officer by e-mail at datenschutz.scs@arvos-group.com or by mail at ARVOS GmbH using the subject line "data protection officer".
 
c) If you are under the age of 16, please obtain permission from a parent or guardian before providing any personal information to us.

2. Collection of personal data when visiting our website

a) In principle, you can visit our website without telling us who you are. Usually with almost all websites, the server on which our website is located (hereinafter referred to as "web server") automatically collects information from you when you visit us on the Internet. This data is technically necessary for us and guarantees the stability and security of the website.
 

The web server automatically recognizes certain personal data such as your IP address, the date and time you are on our site, the pages you visit on our site, the site you were on before visiting our site, the browser you use (e.g. Internet Explorer, Firefox, Safari), the operating system you use (e.g. Windows, Linux, MAC OS) and the domain name and address of your Internet service provider (e.g. 1&1, Telekom, Unitymedia). If our website uses cookies (as explained below), the web server also stores this information (permissible pursuant to Art. 6 (1)(f) DGPR).

We regularly evaluate these server protocols anonymously for statistical purposes (click stream analyses) so that we can determine how our websites are used. On the basis of these findings, we then optimize our Internet presence.
Moreover in the event of system misuse, we may use this information in conjunction with your Internet service provider and/or local authorities to determine the perpetrator of the misuse.
The server log files are stored for a maximum of 1 year and then deleted. The data is stored for security reasons, e.g. to clarify cases of misuse. If data must be stored in order to preserve it for evidentiary purposes, this data shall be excluded from deletion until the incident has been finally resolved.
 

b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. On the whole, they serve to make the Internet offer more user-friendly and effective.

aa) This website uses the following types of cookies, the scope and function of which are explained below:

• Transient cookies (see bb)
• Persistent cookies (see cc)

bb) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.

cc) Persistent cookies are automatically deleted after a specified period of time, but at the latest after 2 years, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

dd) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
 

c) Cookies from third parties on our websites

We allow third parties to place cookies on your computer via these websites.

(1) We use Matomo software to analyse and statistically evaluate the use of our website. The legal basis is Art 6 (1) lit f. GDPR with respect to the needs-based design and optimisation of the website. These interests are legitimate in the context of Art. 6 (1) lit f. GDPR.
Cookies can be used. Cookies are small text files stored locally in the cache of the site visitor's internet browser. The cookies enable, among other things, the recognition of the internet browser. The data collected using Matomo technology (including your anonymized IP address) will be processed on our servers. This enables us to analyse the use of the website and to ensure that our website is designed based on user needs. The information will not be passed on to third parties.

If individual pages of our website are visited, the following data is stored:

• Two bytes of the IP address of the user's invoking system
• The visited website
• The website from which the user came to the called website (referrer)
• The visited subpages that are originating from web page
• The length of stay on the website
• The frequency of calling the web page

The software is set accordingly, that the IP addresses are not completely stored and 2 bytes of the IP address are masked (eg: 130.75.xxx.xxx). That way, a direct correlation of the shortened IP address to the visiting computer is no longer possible. The anonymization of the IP address sufficiently takes into account the interest of the users in their personal data protection.
Cookies are stored on the computer of the user and transmitted to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use the full functionalities of the website.
We offer our users the option of opting out of the analysis process on our website. In this way, another cookie is set on your system that signals our system not to store the user's data. If the user deletes the corresponding cookie in the meantime from his own system, he must set the opt-out cookie again.
Revocation of data collection by Matomo
Matomo supports the "Do Not Track" of current web browser. If you want to prevent the analysis of your web behavior in general, we recommend that you activate this option in your browser.

(d) Contact by e-mail

(1) When you contact us by e-mail, the data you provide us with (your e-mail address and your name) will be stored by us in order to contact you and answer your questions.

This may be the case for the following purposes:

• Initiation, execution and administration of your contractual relationship (or the contractual relationship of your organization) with us, e.g. through the execution of transactions and orders of products or services, in the context of all procurement processes, the associated processing of payment transactions, accounting, auditing, billing and debt collection activities, the initiation of shipments and deliveries, repairs and the provision of support services or other services which you or your organization may have commissioned or requested or which we have commissioned or requested with you.

• Information and advice within an existing business relationship on similar or related products or services, to the extent permitted by applicable law.
• Maintain and protect the security of our products, services and websites or other systems, prevent and detect security risks, fraud or other criminal or illegal activity.
• To comply with our legal or regulatory obligations. These obligations may include, for example, the retention of sales records for tax purposes or the dispatch of legally required notices and other notifications, compliance screenings or recording obligations (e.g. under competition law, export regulations, trade sanctions and embargo regulations or to prevent white-collar crime or money laundering). In this context, we may be required to cross-check your contact information or identity with relevant sanctions lists and confirm your identity in the event of a possible match, record information about our cooperation with you where relevant under antitrust law, and report to or assist with investigations by relevant regulatory, law enforcement, or other competent government authorities.
• Settle disputes, enforce our contractual agreements and establish, enforce, or defend legal claims.
• Invitations to corporate events such as trade shows or other marketing activities.

We delete the data arising herewith in our Outlook or CMS system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or are no longer employed by the company for which they have registered), or we restrict processing if there are statutory limitations for retention periods.

(2) Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.

e) Online contact form

(1) A contact form has been set up on our website, which can be used to establish an electronic contact. If you choose this option, the data entered in the input mask will be transmitted to us and stored.
The following data are:
Mandatory fields:

• First name and last name
• Company's name
• Country
• E-mail address

Optional:

• Type of request
• Telephone number

The following data will also be stored at the time the message is sent:

• Date and time the request is dispatched.

We only process personal data from the input mask for the establishment of contact.

(2) Within the scope of dispatch, your consent to process the data will be obtained upon reference to this data protection and privacy policy.

(3) Data and information within this context will not be passed on to third parties. It will only be used and processed for preservation purposes.

(4) Your consent is required to process the data pursuant to Art. 6 (1)(a) DGPR. Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.  Further pursuant to Art. 6 (1)(b) DGPR data may be processed if the purpose of the e-mail contact is to conclude a contract.

(5) The data shall be deleted when it is no longer required for the purpose of its collection. This is the case when the respective conversation with you has been concluded. The conversation is considered concluded when the circumstances infer that the relevant issue has been conclusively resolved.

(6) You have the right to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you may alter the scope of or completely revoke your consent to the storage of your personal data at any time effective into the future and without the need to justify your decision. In such case, the preservation of your data and information may not continue. You may transmit your revocation to us either by mail, e-mail, fax (address information etc. cf. Section 1 herein) or using the form in which you granted consent. In this case, the personal contact information on file will be deleted.

f) Applicant Management / e-Recruiting

(1) ARVOS GmbH collects and processes the personal data of applicants for the purpose of handling the application procedure and for anonymized statistics.  

(2) On our website (www.schmidsche-schack.com) you have the possibility to find out about job vacancies and free apprenticeship and study places and to apply directly online via our application portal. Our applicant portal is attended by our service provider softgarden e-Recruiting GmbH and its subcontractors. The personal data are exclusively processed in Germany. The service provider can obtain an insight into the following anonymized data during operation and maintenance work:

• Date and time of access
• Browser type and version
• Applied operating system
• URL of website visited before
• Amount of data sent
• IP address of access

(3) You can register so that the application process becomes transparent for you. For this purpose you need to enter your name and your e-mail address as well as a password. These data are needed to set up and manage an account in the career portal for you. We need these data and possibly also further data to respond to requests, questions and criticism.  
Further optional data are:  

• Contact data (address, phone number)
• Curriculum vitae data (e.g. school education, vocational training, work experience, language skills)
• Profiles in social networks (e.g. XING, LinkedIn, Facebook)
• Documents related to applications (application photos, cover letters, employment certificates, work certificates, work samples, etc.)

Data which are absolutely required for processing in order to determine your suitability for a job are marked as mandatory fields.
Furthermore you have the possibility to communicate to us in the form sheet further data, which make it easier for us to process your application (for example name of specific job and salary request). This information is voluntary.

(4) The legal basis of the processing is Art. 6 Abs. lit b GDPR, pre-contractual measures.

(5) Processing of curriculum vitae documents
The documents uploaded by the applicant are analyzed in order to extract the curriculum vitae data. Processing takes place within the infrastructure. A transmission to third parties will not be made. Legal basis is § 26, Abs. 1, BDSG-„neu”.  

(6) We store your complete application data after completion of the application process for a period of 6 months.

(7) Additional offers by the service provider
 

(a) Use of the collected data
The data about the user are collected so that softgarden can render the services. In addition, the data are collected for the following purposes: Analytics, interaction with support and evaluation platforms, administration of support and contact requests, administration of user databases, administration of contacts and sending of messages, contacting the user, access to profiles of third providers (e.g. login via LinkedIn and XING), display of contents from external platforms.
The person-related data which are used for the specified purposes are indicated in the relevant sections of this document.

(b) Improvement of the softgarden services
Various systems are used to improve the services offered and to assist the customer in support

 3. Online meetings with Microsoft Teams

We use “Microsoft Teams” to hold online meetings. Microsoft Teams is a software product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”) which is available as a desktop, web and mobile app.

The legal basis for data processing when holding meetings with Microsoft Teams is our legitimate interest in the effective holding of business meetings according to Art. 6 Para. 1, Sentence 1 lit. f of the GDPR. Insofar as the meetings are held with you as part of an existing contractual relationship, the legal basis is Article 6 Paragraph 1 Sentence 1 lit. b of the GDPR. We are not responsible for further data processing on the Microsoft product websites from which the desktop software can be downloaded and the web app can be used.

The following data may be processed during a meeting:

•     Information about the participant: display name, first name, last name, telephone number, e-mail address, password (encrypted for authentication), profile picture,

•     Metadata: topic and description of the meeting, IP address, telephone number of the participant, type of device / software (Windows / Mac / Linux / Web / iOS / Android Phone / Windows Phone), time of the last activity of the participant, number of Chat and channel messages, number of meetings attended, length of time for audio, video and screen sharing,

•     When using chat or channel messages: text data for display and, if necessary, logging,

•     When using audio: recording data of the microphone,

•     When using video: recording data of the camera,

•     When using a telephone: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data such as the IP address of the device, and

•     For recordings: audio, video and screen shares for storage in the cloud.

The data is stored at Microsoft Teams for the duration in accordance with our retention guidelines.

You can register for a meeting via e-mail. Your login data will be processed by us. You will be given a calendar appointment before the meeting. To participate in a meeting, you must at least provide us with your name or - if you are using a telephone - your telephone number. If we enable anonymous participation in meetings, we will inform you of this option during the invitation.

You can deactivate your microphone (audio) and your camera (video) at any time via the corresponding settings. We will only record meetings with your consent. Microsoft uses the metadata to generate aggregated reports on the use of Microsoft Teams.

Microsoft use the above data during the meetings in order to enable the meetings to be carried out on our behalf. All data traffic is encrypted (MTLS, TLS or SRTP) and data is generally stored on servers in the European Economic Area (EEA). If data is still processed in the USA, we have concluded EU standard contractual clauses with Microsoft in addition to the above-mentioned measures to protect your privacy.

You can find more information in Microsoft's privacy policy, available at: privacy.microsoft.com/de-de/privacystatement

4. Legal basis for data processing

The provision of your personal data is not a legal obligation. This means that you are not obliged to provide us with your personal data. If you decide not to provide us with your personal data, it will not be possible for you to use the services offered on or through the website.

There is no automatic decision-making based exclusively on automated processing, including profiling, resulting in any legal or similar obligation affecting you.

5. Your rights

According to the provisions of DGPR you can assert the following rights against us:
 

• Right to information
• Right to rectification
• Right to limit processing
• Right to erasure / right to be forgotten
• Right to data portability
• Right to object

If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time effective into the future. This shall not affect the legal validity of any processing taking place up until you have revoked such consent.

If you are of the opinion that we process your personal data in an impermissible manner, please contact us by e-mail at datenschutz.scs@arvos-group.com or via a letter addressed to ARVOS GmbH using the subject line "Data Protection Officer". You also have the right to contact the data protection supervisory authority. The responsible supervisory authority is "Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden”.

6. Place of data processing

Your data will mainly be processed in Germany. Under certain circumstances, however, it may also be possible for the data to be accessed by foreign Group companies, for example by contacting them via e-mail.

7. Disclosure of your personal data

We only collect data from you (except within the framework of the web server protocols) if you yourself communicate this to us in order to use one of our offered services (e.g. sending enquiries via the contact e-mail addresses). This data is then processed and/or used exclusively for the performance of the respective service. For this purpose, it may be necessary for service providers to support us. Furthermore, it may also be necessary for your data to be passed on to other units of our group of companies. In doing so, we observe data protection and privacy regulations. Furthermore courts, law enforcement agencies, or other statutory commissioned authorities may upon observance of legal provisions retrieve data or request information. In particular, your personal data may be passed on to the following recipients:

• Our parent company Arvos Bidco S.à.r.l. Luxembourg or other Group companies,
• IT service providers, waste disposal service providers,
• Government authorities, offices, and banks.

If individual service providers or affiliates are located outside of the EU, there may not be an adequate level of data protection there compared to the level of data protection and privacy within the European Union. This means that the data protection and privacy laws in the country to which your data may be transferred do not provide the same level of protection as in Germany. We have therefore taken appropriate protective measures to ensure data protection: standard contracts for order processing or standard contract clauses within the Group and with external service providers. Agreements for data processing by independent contractors have been executed in accordance with Art. 28 DGPR, the standard contract clauses in accordance with EU regulations (https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=DE). You can obtain a copy of these protective measures from datenschutz.scs@arvos-group.com.

8. Security measures

Insofar as we forward data and information to our service providers within the scope of the services described herein, these service providers are obligated under contract with us with respect to provisions on the subject of data protection and privacy in addition to mandatory statutory provisions.

We use security measures, which we continuously optimize in accordance with technical and legal developments in order to protect your data and privacy as best as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized third parties.

9. Links to other websites

Our online offers contain links to other websites. This data protection and privacy policy does not extend to other providers.

We have no influence on whether these operators comply with data protection and privacy regulations and therefore accept no responsibility for the accuracy, timeliness, and sufficiency of the information provided there.

Our website may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own data protection and privacy policies, and most likely also use cookies. We recommend that you review them. The policies of these websites govern the use of personal information that you provide when you visit the website and that may also be collected through cookies. We assume no liability for such third-party websites, and your use of such websites is at your own risk.

10. Contacting us

If you have any questions or comments about our policies on data protection and privacy and cookies, please contact our authorized representative using the contact details provided in this policy statement (cf. Section 1).
The rapid development of the Internet makes it necessary for us to amend our data protection and privacy policies from time to time. Information about changes will be posted here.