Data Protection

Data Protection Declaration

Privacy Policy of ARVOS GmbH

 

1.    General


The following data protection declaration explains how ARVOS GmbH (hereinafter referred to as ARVOS) processes personal data.


a.    Name and address of the person responsible

 

The responsible party in terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

 

ARVOS GmbH
Ellenbacher Straße 10
D - 34123 Kassel

Managing Directors: Karsten Stückrath, Ralf Keil and Thorben Schäfer
Phone: +49 (0)561 9527 130
Fax: + 49 (0)5619527 109
E-Mail: datenschutz.scs@arvos-group.com


b.    Data protection officer

 

If you have any questions or comments about our privacy policy, please contact us.
You can reach our data protection officer at:
datenschutz.scs@arvos-group.com or via our postal address with the addition of "Data Protection Officer" written on the envelope.

 

2.    Processing of personal data when visiting our website


On our website you will find information about the products and services offered by our company. When you visit our website, we process personal data about you.


a.    Log data

 

In principle, you can use our website without telling us who you are. If you do not register or otherwise provide us with information, we only collect the personal data (web server log file) that your browser sends to our server.


•    IP address
•    Date and time of the request
•    Time zone difference to Greenwich Mean Time (GMT)
•    Content of the request (specific page)
•    Access status/HTTP status code
•    Amount of data transferred in each case
•    Website from which the request comes
•    browser
•    Operating system and its interface
•    language and version of the browser software.

 

The web server log file is stored for 7 days. 

We regularly evaluate these server logs anonymously for statistical purposes (click stream analyses) so that we can determine how our web pages are used. We then optimize our website based on these findings. In addition, in the event of system abuse, we may use this information in cooperation with your Internet provider and/or local authorities to identify the perpetrator of this abuse.

The processing of the aforementioned data is in our legitimate interest (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest is the secure provision of the website. Due to these compelling reasons worthy of protection, an objection to the processing is excluded.

 

b.    Cookies


i.    What are cookies?


Our website uses the so-called cookie technology. A cookie is a piece of information that is sent from our web server to your computer. This information is stored as a text file in your computer. 
Information collected by cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application. These are preserved until the time all browser windows are closed by you.

 

ii. Why do we use cookies?


There are cookies that we use to provide you with our website technically and to ensure system security. Also, according to § 25 TTDSG, we may use cookies, provided that the sole purpose of storage or access is to carry out the transmission of a message over a public telecommunications network, or is necessary to provide the expressly requested telemedia service. Data processing through technically necessary cookies is based on our legitimate interest in the technical functionality and security of our website (Art. 6 para. 1 lit. f DSGVO). Based on these compelling reasons worthy of protection, an objection to the processing is excluded.

For cookies that do not meet these requirements, we need your consent (Art. 6 (1) a DSGVO), which we obtain via our cookie banner. This includes cookies that analyze your user behavior in order to improve our website and show you advertising in a more targeted manner.
You can block the use of cookies in your browser settings at any time. You can still visit our website even if you block cookies; however, you may then not be able to use all the functions of our website.

In addition, you can revoke your given consent at any time with effect for the future.

 

c.    Consent Manager (Consent Management System)


i.     Use of Consent Management System to manage and document consent and settings for data collection and cookies.


ii. As a user, you can decide yourself about the use of cookie-based services, technologies and the data collected by them on our portal and adjust or revoke them at any time with effect for the future. This is possible via an information and consent banner that is displayed on first visits and when services are changed, as well as via the cookie settings that can be accessed at any time via a link at the bottom of every page. As part of a DSGVO-compliant approach, we use services requiring consent only after your prior consent. You can also use our website without this consent.


iii. For the provision of this setting and consent function in the sense of the DSGVO and to inform you about the use of cookie-based technologies, we use a so-called Consent Management System of the company U Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. In addition, this system is used to document your decisions for your browser, with which we comply with the data protection requirements of the documentation and verification obligation.


iv. Usercentrics uses cookies and collects the date and time of the visit, browser and device information, anonymized IP address and opt-in and opt-out data solely to store your consent and to comply with legal obligations based on the legal basis § 25 (2) No. 2 TTDSG in conjunction with. DSGVO Art. 6 (1) (c). The data processing takes place within the European Union.
For more information on the data processor's privacy policy, please visit https://www.cookiebot.com/de/privacy-policy/.


v. As a user, you have other, alternative ways such as browser extensions, settings, adblockers or opt-out links of individual tools to prevent the setting of cookies or data collection by services. We point out that these ways are not equivalent to the use of a consent / consent management system. Browser extensions, settings and adblockers can indeed prevent cookies and possibly data collection by services. However, you cannot decide for yourself in all cases what you want to allow or prevent. In doing so, it is possible that your decisions made via the Consent Management System are overridden or even the necessary use of the Consent Management System is prevented. In addition, extensions and adblockers can cause unexpected problems with the basic functions of the portal.
Many marketing services provide their own opt-out options via opt-out links or cookies. We list these in the privacy policy, if available. The opt-out often applies to the basic portal-independent use of the service, but only takes place subsequently and on a page of the provider, independently of the consent management of our portal. Often, so-called opt-out cookies are set, which in turn can be revoked by the cookie settings of your browser or by deleting cookies.


If you use the aforementioned alternative ways, a documentation of your settings and decisions is not possible for us.

 

d.    Matomo


i. This website uses Matomo, a web analytics service. Matomo is software developed by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is used as an on-premise solution and operated in accordance with DSGVO.


ii. Matomo uses "cookies", which are text files placed on your computer. These cookies help us track your actions on this website. This helps us to constantly improve the website.


iii. The following information is collected in the cookie:


•    The date, time and duration of your visit to our website,
•    the frequency of your visits,
•    the web pages you visit within our website,
•    the referrer,
•    the type and version of the browser you are using, and
•    the operating system of your computer with which you access our website,
•    the country from which you are accessing the pages.


iv. Your personal data will be stored for a period of 7 days and then automatically deleted.


v. The data processing is based on your consent according to § 25 para 1 TTDSG, Art. 6 para 1 lit. a DSGVO, if you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings via our banner.


vi. The information is stored on a server managed by us and located within the European Union. 


vii. IP anonymization is enabled and your IP address is reduced. The generated information about the use of the website is not shared with third parties. 


viii. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can object to the storage and use of your data at any time via the cookie banner. In this case, a so-called opt-out cookie will be stored in your browser, i.e. Matomo will not collect any session data. Attention: If you delete your cookies on your computer, the opt-out cookie will also be deleted and must be reactivated by you.


e.    Social media


i.    Linking and forwarding to social media platforms.


•    On our website you will find links in the form of an icon to social media platforms such as Xing, LinkedIn, Facebook and Instagram. These are not plugins provided by the provider, which, without the users having any influence, already transmit data to the provider when the page is loaded. It is merely a link to the social media platform. No user data is transmitted from the website to the social media platform.

•    If you are already logged in to the corresponding social media service at the time you click on the icon, this will be detected. If this is not the case, you will be asked to log in. From this point on, you will be on the website of the respective social media platform.


a.    Clicking on the icon for LinkedIn will take you to the website of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).
LinkedIn is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For further information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?

 

b.    Clicking on the icon for Xing takes you to an Internet presence of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany Information on the collection, storage and use of your data by Xing can be found in the provider's privacy policy:

https://privacy.xing.com/en/privacy-policy

 

c. When you click on the icon for Facebook, you will be directed to a web presence of Facebook Inc., 1601 S. California Ave, Palo Ave, CA 04304, USA. Information regarding the collection, storage, and use of your data by Facebook Inc. can be found in the provider's privacy policy:

https://www.facebook.com/about/privacy/

 

d. When you click on the icon for Instagram, you will be directed to a web presence of Instagram LLC, 1601 Willow Rd., Menlo Park CA 94025, USA. Information regarding the collection, storage, and use of your data by Instagram LLC can be found in the provider's privacy policy:

https://help.instagram.com/155833707900388

 


ii.    Social media web presences


•    Our web presences on the various social media platforms serve to provide users as customers and interested parties with information about our services and offerings. In addition, the platforms provide a forum for communication between users and our company.
•    Through our presence on the social media platforms, personal data of the users is forwarded to the providers of social networks. 
Please note that the data of users of our social media presence may therefore be stored and processed outside the European Union. This results in a different legal situation than regulated by the GDPR. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.
•    User data within social networks is usually processed for market research and advertising purposes. By means of the surfing behavior and interests derived from it, profiles can be created which serve the purpose of presenting the user, for example, with customized advertisements within and outside the network. In the context of market research, so-called cookies are stored by the user's browser. These are small text files that can be deleted via the browser settings. In addition, further data may be stored in the user profiles, especially if the user has an account with the respective social media platform and is logged in. 
•    The legal basis for the storage and processing of personal data is legitimate interest with regard to the provision of beneficial information for customers and interested parties as well as beneficial communication with users within the meaning of Art. 6 (1) lit. f DSGVO. In the event that the user's consent to the processing of personal data is obtained via a checkbox to be ticked or confirmation via a button, Art. 6 (1) lit. a DSGVO applies.
•    Detailed information on the storage and processing of user data as well as on the given objection options (opt-out right) can be found on the pages of the respective providers, which are listed below.
•    In the event of questions and the assertion of user rights in the context of social media platforms, the respective network provider is the appropriate contact. This is because only the provider has full access to the stored user data. Therefore, only the respective provider can provide detailed information and, if necessary, initiate measures to change or delete the data. If you need advice or support, you can contact us at any time.

 

f.    Video service - Vimeo


i.    We have integrated Vimeo videos into our online offering. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.


ii.    We use the video service Vimeo to show you interesting video material directly on our website with the help of a plug-in. In the process, data may be transferred from you to Vimeo.


iii.    If you call up a page on our website that has a Vimeo video embedded, your browser connects to the servers of Vimeo. This data is collected, stored and processed on the Vimeo servers. Whether or not you have a Vimeo account, Vimeo collects data from you. This includes your IP address, technical information about your browser type, operating system and device information. Likewise, Vimeo stores information about which website you use the Vimeo service from and what actions you take on our website. Actions include: Session duration, bounce rate or which button with Vimeo function you clicked. Vimeo can do this by using cookies.


iv.    If you are logged into Vimeo as a registered member, more data may be collected by Vimeo, as cookies may already have been set by Vimeo on your browser. To prevent Vimeo from linking your activity on our website to your Vimeo account, you must log out of Vimeo.


v.    Vimeo has its headquarters in New York (USA). Your data is processed on the company's systems, which are located in the USA and other countries. Your data will remain stored by Vimeo until the company considers the purposes to be fulfilled. After that, the data will be deleted or anonymized.


vi.    We set the cookie only after you have consented to it (Art. 6 para. 1 lit. a DSGVO - Consent). 


vii.    You can prevent Vimeo from receiving your data by not allowing cookies. You can also disable or delete cookies that have already been set.


3. Processing of personal data as a customer


The object of our company is the sale of heat recovery systems and the related engineering and manufacturing services, billing and services. The collection, processing and use of data is carried out for these purposes.


a.    Contact


i. telephone contact


If you contact our customer service by telephone, we will only collect the personal data from you which you provide to us during the conversation.
This could be the following data:


•    First & last name
•    Company data (company name, customer number)
•    Address data (street, postal code, city, country)
•    Communication data (telephone number, e-mail)
•    Order data (order number)
•    Product data (item number)

 

The processing of data for customer service is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

ii. contact via contact form


A contact form has been set up on our Internet site, which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored.
The following data is:


Required fields:


•    First and last name
•    Company name
•    Country
•    E-mail address

 

Optional


•    Type of request
•    Telephone number

 

The following data is also stored at the time the message is sent:
•    Date and time of sending the request.

 

The processing of the personal data from the input mask serves us solely to process the contact.

The processing of data for contacting us via the contact form is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO), if this has been requested by us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

iii. contacting us by e-mail


When you contact us by e-mail, the personal data you provide, is as such:


•    E-mail address
•    first and last name
•    telephone number


This data will be stored by us in order to answer your inquiry.
The processing of the data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

4.    Processing of personal data in the company


In order to contact our company in general or to apply for a job in particular, we process your personal data.


a.    Contacting us by e-mail, telephone or mail


When you contact us by e-mail, telephone or mail, we only process the personal data you have provided. 
For example, we process:


•    E-mail address
•    First and last name
•    telephone number
•    postal address


in order to answer your inquiries.
The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO), if this has been requested by us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

b.    Application 


On our website, you have the opportunity to find out about vacancies as well as available training and study positions and to apply directly online via our applicant portal. Our applicant portal is managed by our service provider softgarden e-Recruiting GmbH and its subcontractors. Personal data is processed exclusively in Germany. During operational and maintenance work, the service provider may gain insight into the following anonymized data:


•    Date and time of access,
•    browser type and version,
•    operating system used,
•    URL of the previously visited website,
•    amount of data sent,
•    IP address of the access


Purpose of data processing
Data processing is carried out for the purpose of personnel recruitment, management and development. This includes, among other things, the management of applications, the implementation of candidate selection procedures and internal communication.
To make the application process transparent for you, you can register. To do this, you must enter your name and e-mail address and a password. This data is required to set up and manage an account for you in the career portal. Finally, we also need this and, if necessary, other data to be able to respond to requests, questions and criticism.
Further optional data are:


•    Contact data (address, telephone number)
•    Curriculum vitae data (e.g. school education, vocational training, work experience, language skills)
•    Profiles in social networks (e.g. XING, LinkedIn, Facebook)
•    Documents related to job applications (application photos, cover letters, references, work samples, etc.)


Data that is absolutely necessary for processing in order to be able to determine your suitability for a job are specially marked as mandatory fields.
In addition, you have the option of providing further data in the form that will make it easier for us to process your application (for example, the name of the specific position and salary requirements). This information is voluntary.
The legal basis for this processing is Art. 6 para. 1 lit. b DS-GVO pre-contractual measures.
We store your complete application data for a period of 6 months after completion of the application process.


 
c.    Online meetings and video conferences


We use the application "Microsoft Teams" to conduct online meetings and video conferences (hereinafter: meetings). Microsoft Teams is a software product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"), which is available as a desktop/web application and mobile app.
The legal basis for the processing of data to conduct meetings with Microsoft Teams is our legitimate interest in the effective conduct of meetings pursuant to Art. 6 (1) p. 1 lit. f DSGVO. Insofar as the meetings are conducted within the framework of existing contractual relationships with you, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO. We are not responsible for any further data processing on Microsoft's product websites, where the desktop software can be downloaded and the web app can be used.
During a meeting, the following data may be processed under certain circumstances:


•    Participant details: Display name, first name, last name, phone number, email address, password (encrypted for authentication), profile picture;
•    Metadata: Meeting topic and description, IP address, participant phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of last participant activity, number of chat and channel messages, number of meetings attended, duration of audio, video, and screen sharing time;
•    For chat or channel message usage: text data for viewing and logging, if applicable;
•    For audio usage: microphone recording data;
•    For video usage: camera recording data;
•    For phone usage: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data, such as the IP address of the device;
•    For recordings: Audio, video and screen shares for storage in the cloud.


The data is stored at Microsoft Teams for the duration according to the retention policies we have made.
For a meeting, you can sign up via email. In doing so, your registration data will be processed by us. Before the meeting you will receive a calendar appointment. To participate in a meeting, you must at least provide information on your name or - in the case of telephone use - your telephone number. If we allow anonymous participation in meetings, we will inform you of this possibility in the course of the invitation.


You can deactivate your microphone (audio) and camera (video) at any time via the corresponding settings. We only record meetings with your consent. Microsoft uses the metadata to create aggregate reports about Microsoft Teams usage.
Microsoft may become aware of the above data in the course of meetings to enable it to conduct meetings on our behalf. All data traffic is encrypted (MTLS, TLS or SRTP) and data storage generally takes place on servers in the European Economic Area (EEA). In the event that data is nevertheless processed in the USA, we have concluded EU standard contractual clauses with Microsoft in addition to the above-mentioned measures to protect your privacy.


For more information, please see Microsoft's Privacy Policy, available at:

https://privacy.microsoft.com/de-de/privacystatement.

 


5.    Further legal information


a.    Storage period


i.    We generally retain your personal data for as long as we have a business relationship with you.


ii.    After termination of the business relationship, we will delete your data, provided that there are no legal retention periods to the contrary or you do not request us to delete it.


iii.    If you request us to delete your data, we will comply with this request by deleting the data that we do not need for legal retention.

 

b.    Place of data processing (outside EU as well)


i.    ARVOS GmbH also processes your data outside the EU.


ii.    Due to the global nature of our business, we may transfer your personal data to other countries whose data protection laws may be less comprehensive than those in the EU. In doing so, access to your personal data will be limited to certain natural persons who need to know that data for the purposes described in this Privacy Policy. 


iii.    In order to secure your data in the so-called third countries as well, we conclude standard contractual clauses with our local partners and satisfy ourselves that the local partners also act in accordance with the EU-wide guidelines and guarantee the deletion of the data.

 

c.    Disclosure to third parties


The following categories of recipients may receive access to your personal data:


i.    Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DSGVO, insofar as they are not order processors;


ii.    Government agencies / authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. c DSGVO;


iii.    Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. b or lit. f DSGVO.

 

d.    Links to other websites


Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages.


e.    Rights of the parties concerned


You have the following rights vis-à-vis us with regard to the personal data concerning you:

 

•    Right to information, in accordance with Art. 15 DSGVO.
•    Right to rectification, in accordance with Art. 16 DSGVO
•    Right to erasure/"right to be forgotten", pursuant to Art. 17 DSGVO 
•    Right to restriction of processing, pursuant to Art. 18 DSGVO
•    Right to data portability, pursuant to Art. 20 DSGVO
•    Right to object to processing, pursuant to Art. 21 DSGVO


If you have given us consent, you can revoke it at any time with effect for the future. To do so, please contact us or the data protection officer using the contact details above.
If you feel that your personal data has been processed unlawfully, you can contact us or our data protection officer at any time using the contact details above, or you can lodge a complaint with one of the supervisory authorities responsible for data protection.