Data Protection Declaration

We are pleased that you visit the website www.schmidtsche-schack.com of ARVOS GmbH (hereinafter referred to as “ARVOS“) and thank you for your interest in our company, our products and our websites.
The protection of your privacy when using our websites is of great importance to us. Therefore we use your data in compliance with the legal regulations on data protection.

 

1. General information on the collection of personal data and information

a)The protection of your privacy when using our websites is very important to us. Accordingly, we use your personal data in accordance with the statutory provisions on data protection and privacy. Personal data is all data that is related to you personally, e.g. name, address, e-mail address, user behavior. Below we inform you about how we handle your personal data.

b)The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and other national data protection and privacy laws of the member states as well as other data protection and privacy provisions is:

ARVOS GmbH
Ellenbacher Straße 10
D – 34123 Kassel
Managing Directors: Karsten Stückrath und Thorben Schäfer
Tel.: +49 (0)561 9527 130
Fax: + 49 (0)5619527 109
E-Mail: datenschutz.scs@arvos-group.com

Data Protection Officer according to Art. 37 of the EU General Data Protection Regulation (GDPR) and § 5 BDSG (German Federal Data Protection and Privacy Act) is:

SPIE GmbH Unternehmensgruppe
Lyoner Straße 9
60528 Frankfurt
Internet: www.spie.de
 
You can reach our data protection officer by e-mail at datenschutz.scs@arvos-group.com or by mail at ARVOS GmbH using the subject line "data protection officer".
 
c) If you are under the age of 16, please obtain permission from a parent or guardian before providing any personal information to us.

2. Collection of personal data when visiting our website

a) In principle, you can visit our website without telling us who you are. Usually with almost all websites, the server on which our website is located (hereinafter referred to as "web server") automatically collects information from you when you visit us on the Internet. This data is technically necessary for us and guarantees the stability and security of the website.
 
The web server automatically recognizes certain personal data such as your IP address, the date and time you are on our site, the pages you visit on our site, the site you were on before visiting our site, the browser you use (e.g. Internet Explorer, Firefox, Safari), the operating system you use (e.g. Windows, Linux, MAC OS) and the domain name and address of your Internet service provider (e.g. 1&1, Telekom, Unitymedia). If our website uses cookies (as explained below), the web server also stores this information (permissible pursuant to Art. 6 (1)(f) DGPR).

We regularly evaluate these server protocols anonymously for statistical purposes (click stream analyses) so that we can determine how our websites are used. On the basis of these findings, we then optimize our Internet presence.
Moreover in the event of system misuse, we may use this information in conjunction with your Internet service provider and/or local authorities to determine the perpetrator of the misuse.
The server log files are stored for a maximum of 1 year and then deleted. The data is stored for security reasons, e.g. to clarify cases of misuse. If data must be stored in order to preserve it for evidentiary purposes, this data shall be excluded from deletion until the incident has been finally resolved.
b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. On the whole, they serve to make the Internet offer more user-friendly and effective.
aa) This website uses the following types of cookies, the scope and function of which are explained below:

- Transient cookies (see bb)

- Persistent cookies (see cc)

bb)    Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.

cc)     Persistent cookies are automatically deleted after a specified period of time, but at the latest after 2 years, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.

dd)     You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
 

c) Cookies from third parties on our websites

We allow third parties to place cookies on your computer via these websites.
 
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google in advance within the Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and Internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be commingled with other Google data.
(3) You can prevent the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are truncated for further processing and that it is not possible to identify you as a person. Insofar as the data collected about you is personal, this is immediately excluded and the personal data deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is set forth in Art. 6 (1)(f) DGPR.

(6) Third-party supplier information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: www.google.com/analytics/terms/de.html, Overview of Data Protection and Privacy: www.google.com/intl/de/analytics/learn/privacy.html, as well as the Privacy Policy: www.google.de/intl/de/policies/privacy.

(d) Contact by e-mail

(1) When you contact us by e-mail, the data you provide us with (your e-mail address and your name) will be stored by us in order to contact you and answer your questions.

This may be the case for the following purposes:

•     Initiation, execution and administration of your contractual relationship (or the contractual relationship of your organization) with us, e.g. through the execution of transactions and orders of products or services, in the context of all procurement processes, the associated processing of payment transactions, accounting, auditing, billing and debt collection activities, the initiation of shipments and deliveries, repairs and the provision of support services or other services which you or your organization may have commissioned or requested or which we have commissioned or requested with you.

•    Information and advice within an existing business relationship on similar or related products or services, to the extent permitted by applicable law.

•     Maintain and protect the security of our products, services and websites or other systems, prevent and detect security risks, fraud or other criminal or illegal activity.

•     To comply with our legal or regulatory obligations. These obligations may include, for example, the retention of sales records for tax purposes or the dispatch of legally required notices and other notifications, compliance screenings or recording obligations (e.g. under competition law, export regulations, trade sanctions and embargo regulations or to prevent white-collar crime or money laundering). In this context, we may be required to cross-check your contact information or identity with relevant sanctions lists and confirm your identity in the event of a possible match, record information about our cooperation with you where relevant under antitrust law, and report to or assist with investigations by relevant regulatory, law enforcement, or other competent government authorities.

•     Settle disputes, enforce our contractual agreements and establish, enforce, or defend legal claims.

•     Invitations to corporate events such as trade shows or other marketing activities.

We delete the data arising herewith in our Outlook or CMS system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or are no longer employed by the company for which they have registered), or we restrict processing if there are statutory limitations for retention periods.

(2) Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.

e) Online contact form

(1) A contact form has been set up on our website, which can be used to establish an electronic contact. If you choose this option, the data entered in the input mask will be transmitted to us and stored.
The following data are:
Mandatory fields:
- First name and last name
- Company's name
- Country
- E-mail address

Optional:
- Type of request
- Telephone number

The following data will also be stored at the time the message is sent:
- Date and time the request is dispatched.
We only process personal data from the input mask for the establishment of contact.
(2) Within the scope of dispatch, your consent to process the data will be obtained upon reference to this data protection and privacy policy.
(3) Data and information within this context will not be passed on to third parties. It will only be used and processed for preservation purposes.
(4) Your consent is required to process the data pursuant to Art. 6 (1)(a) DGPR. Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.  Further pursuant to Art. 6 (1)(b) DGPR data may be processed if the purpose of the e-mail contact is to conclude a contract.
(5) The data shall be deleted when it is no longer required for the purpose of its collection. This is the case when the respective conversation with you has been concluded. The conversation is considered concluded when the circumstances infer that the relevant issue has been conclusively resolved.
(6) You have the right to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you may alter the scope of or completely revoke your consent to the storage of your personal data at any time effective into the future and without the need to justify your decision. In such case, the preservation of your data and information may not continue. You may transmit your revocation to us either by mail, e-mail, fax (address information etc. cf. Section 1 herein) or using the form in which you granted consent. In this case, the personal contact information on file will be deleted.

f) Applicant Management / e-Recruiting

(1) ARVOS GmbH collects and processes the personal data of applicants for the purpose of handling the application procedure and for anonymized statistics.  
(2) On our website (www.schmidsche-schack.com) you have the possibility to find out about job vacancies and free apprenticeship and study places and to apply directly online via our application portal. Our applicant portal is attended by our service provider softgarden e-Recruiting GmbH and its subcontractors. The personal data are exclusively processed in Germany. The service provider can obtain an insight into the following anonymized data during operation and maintenance work:
•    Date and time of access
•    Browser type and version
•    Applied operating system
•    URL of website visited before
•    Amount of data sent
•    IP address of access
(3) You can register so that the application process becomes transparent for you. For this purpose you need to enter your name and your e-mail address as well as a password. These data are needed to set up and manage an account in the career portal for you. We need these data and possibly also further data to respond to requests, questions and criticism.  
Further optional data are:  
•    Contact data (address, phone number)
•    Curriculum vitae data (e.g. school education, vocational training, work experience, language skills)
•    Profiles in social networks (e.g. XING, LinkedIn, Facebook)
•    Documents related to applications (application photos, cover letters, employment certificates, work certificates, work samples, etc.)
Data which are absolutely required for processing in order to determine your suitability for a job are marked as mandatory fields.
Furthermore you have the possibility to communicate to us in the form sheet further data, which make it easier for us to process your application (for example name of specific job and salary request). This information is voluntary.

(4) The legal basis of the processing is Art. 6 Abs. lit b GDPR, pre-contractual measures.

(5) Processing of curriculum vitae documents
The documents uploaded by the applicant are analyzed in order to extract the curriculum vitae data. Processing takes place within the infrastructure. A transmission to third parties will not be made. Legal basis is § 26, Abs. 1, BDSG-„neu”.  

(6) We store your complete application data after completion of the application process for a period of 6 months.

(7) Additional offers by the service provider
(a) Use of the collected data
The data about the user are collected so that softgarden can render the services. In addition, the data are collected for the following purposes: Analytics, interaction with support and evaluation platforms, administration of support and contact requests, administration of user databases, administration of contacts and sending of messages, contacting the user, access to profiles of third providers (e.g. login via LinkedIn and XING), display of contents from external platforms.
The person-related data which are used for the specified purposes are indicated in the relevant sections of this document.

(b) Improvement of the softgarden services
Various systems are used to improve the services offered and to assist the customer in support

 

3. Legal basis for data processing

The provision of your personal data is not a legal obligation. This means that you are not obliged to provide us with your personal data. If you decide not to provide us with your personal data, it will not be possible for you to use the services offered on or through the website.

There is no automatic decision-making based exclusively on automated processing, including profiling, resulting in any legal or similar obligation affecting you.

4. Your rights

According to the provisions of DGPR you can assert the following rights against us:

• Right to information
• Right to rectification
• Right to limit processing
• Right to erasure / right to be forgotten
• Right to data portability
• Right to object

If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time effective into the future. This shall not affect the legal validity of any processing taking place up until you have revoked such consent.

If you are of the opinion that we process your personal data in an impermissible manner, please contact us by e-mail at datenschutz.scs@arvos-group.com or via a letter addressed to ARVOS GmbH using the subject line "Data Protection Officer". You also have the right to contact the data protection supervisory authority. The responsible supervisory authority is "Der Hessische Datenschutzbeauftragte, Gustav-Stresemann-Ring 1, 65189 Wiesbaden”.

5. Place of data processing

Your data will mainly be processed in Germany. Under certain circumstances, however, it may also be possible for the data to be accessed by foreign Group companies, for example by contacting them via e-mail.

6. Disclosure of your personal data

We only collect data from you (except within the framework of the web server protocols) if you yourself communicate this to us in order to use one of our offered services (e.g. sending enquiries via the contact e-mail addresses). This data is then processed and/or used exclusively for the performance of the respective service. For this purpose, it may be necessary for service providers to support us. Furthermore, it may also be necessary for your data to be passed on to other units of our group of companies. In doing so, we observe data protection and privacy regulations. Furthermore courts, law enforcement agencies, or other statutory commissioned authorities may upon observance of legal provisions retrieve data or request information. In particular, your personal data may be passed on to the following recipients:

•     Our parent company Arvos Bidco S.à.r.l. Luxembourg or other Group companies,

•     IT service providers, waste disposal service providers,

•     Government authorities, offices, and banks.

If individual service providers or affiliates are located outside of the EU, there may not be an adequate level of data protection there compared to the level of data protection and privacy within the European Union. This means that the data protection and privacy laws in the country to which your data may be transferred do not provide the same level of protection as in Germany. We have therefore taken appropriate protective measures to ensure data protection: standard contracts for order processing or standard contract clauses within the Group and with external service providers. Agreements for data processing by independent contractors have been executed in accordance with Art. 28 DGPR, the standard contract clauses in accordance with EU regulations (https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=DE). You can obtain a copy of these protective measures from datenschutz.scs@arvos-group.com.

7. Security measures

Insofar as we forward data and information to our service providers within the scope of the services described herein, these service providers are obligated under contract with us with respect to provisions on the subject of data protection and privacy in addition to mandatory statutory provisions.

We use security measures, which we continuously optimize in accordance with technical and legal developments in order to protect your data and privacy as best as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized third parties.

8. Links to other websites

Our online offers contain links to other websites. This data protection and privacy policy does not extend to other providers.

We have no influence on whether these operators comply with data protection and privacy regulations and therefore accept no responsibility for the accuracy, timeliness, and sufficiency of the information provided there.

Our website may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own data protection and privacy policies, and most likely also use cookies. We recommend that you review them. The policies of these websites govern the use of personal information that you provide when you visit the website and that may also be collected through cookies. We assume no liability for such third-party websites, and your use of such websites is at your own risk.

9. Contacting us

If you have any questions or comments about our policies on data protection and privacy and cookies, please contact our authorized representative using the contact details provided in this policy statement (cf. Section 1).
The rapid development of the Internet makes it necessary for us to amend our data protection and privacy policies from time to time. Information about changes will be posted here.