The following privacy policy explains how ARVOS GmbH (hereinafter referred to as ARVOS) processes personal data.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
ARVOS GmbH
Ellenbacher Straße 10
D – 34123 Kassel
Managing Directors: Karsten Stückrath, Ralf Keil and Thorben Schäfer
Phone: +49 (0)561 9527 130
Fax: +49 (0)561 9527 109
E-Mail: datenschutz.scs@arvos-group.com
If you have any questions or comments regarding our privacy policy, please contact us:
You can reach our data protection officer at:
datenschutz.scs@arvos-group.com
or by post at our address with the addition “Data Protection Officer”.
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may primarily involve IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
The use of the host is for the purpose of fulfilling our contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR). If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Our host will process your data only to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
We have concluded a data processing agreement (DPA) with the provider named below. This is a contract required by data protection law that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
We use the following host:
Mittwald CM Service GmbH & Co. KG,
Königsberger Str. 4–6,
32339 Espelkamp,
Germany
https://www.mittwald.de/datenschutz
On our website you will find information about the products and services offered by our company. When you visit our website, we process personal data about you.
You can generally use our website without telling us who you are. If you do not register or otherwise provide us with information, we only collect the personal data (web server log file) that your browser transmits to our server.
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software
The web server log file is stored for 7 days.
We regularly evaluate these server logs anonymously for statistical purposes (click stream analyses) so that we can determine how our web pages are used. We then optimize our website based on these findings. In addition, in the event of system abuse, we may use this information in cooperation with your Internet provider and/or local authorities to identify the perpetrator of this abuse.
The processing of the aforementioned data is in our legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest is the secure provision of the website. Due to these compelling reasons worthy of protection, an objection to the processing is excluded.
i. What are cookies?
Our website uses so-called cookie technology. A cookie is information sent from our web server to your computer. This information is stored as a text file on your computer. Information collected through cookies and similar technologies may include the date and time of your visit as well as the way you use a particular website or mobile application. This information is retained until you close all browser windows.
ii. Why do we use cookies?
There are cookies that we use to technically provide you with our website and to ensure system security. Also, according to § 25 TTDSG, we may use cookies if the sole purpose of storage or access is to carry out the transmission of a message over a public telecommunications network, or is necessary to provide the expressly requested telemedia service. Data processing through technically necessary cookies is based on our legitimate interest in the technical functionality and security of our website (Art. 6(1)(f) GDPR). Based on these compelling reasons worthy of protection, an objection to the processing is excluded.
For cookies that do not meet these requirements, we need your consent (Art. 6(1)(a) GDPR), which we obtain via our cookie banner. This includes cookies that analyze your user behavior in order to improve our website and display advertising to you in a more targeted manner.
You can block the use of cookies in your browser settings at any time. You can still visit our website if you block cookies; however, you may then not be able to use all the functions of our website.
In addition, you can revoke your given consent at any time with effect for the future.
i. We use a consent management system (Borlabs Cookie, Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg) to manage and document consents and settings for data collection and cookies.
ii. As a user, you can decide for yourself whether and which cookie-based services, technologies and data are processed on our website. You can adjust or revoke these settings at any time with effect for the future—either via the consent banner when you first visit or via the cookie settings, which you can access at any time via a link at the bottom of the page. Services requiring consent will only be loaded after your active consent.
iii. The consent management system also serves to document your decisions (proof and accountability obligations according to GDPR). Further information can be found at: https://de.borlabs.io/datenschutz/
iv. You also have the option of preventing the storage of cookies or the collection of data by services via browser extensions, settings, adblockers or opt-out links of individual tools. Please note that these alternatives do not provide documented proof of consent as the consent management system does and may lead to functional restrictions on the website.
i. This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics is used as a cloud solution and operated in accordance with GDPR.
ii. Google Analytics uses “cookies”, which are text files placed on your computer to help analyze your use of the website. This enables us to continuously improve our website.
iii. The following information is collected in the cookie:
Date, time, and duration of your visit
Frequency of your visits
Pages visited within our website
Referrer
Type and version of your browser
Operating system of your computer
Country of access
iv. Your personal data will be stored for 14 months and then automatically deleted.
v. Data processing is based on your consent according to § 25(1) TTDSG, Art. 6(1)(a) GDPR, if you have given your consent via our banner. You can revoke your consent at any time.
vi. The information is stored on Google’s servers, which may be located in the EU or the USA. Transfers to the USA are secured by EU Standard Contractual Clauses.
vii. IP anonymization is enabled, i.e., your IP address is stored in shortened form. The generated information about the use of the website will not be passed on to third parties, except as required by law or to support the service.
viii. You may refuse the use of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this you may not be able to use the full functionality of this website. You can object to the storage and use of your data at any time via the cookie banner. In this case, a so-called opt-out cookie will be stored in your browser, i.e., Google Analytics will not collect any session data. Note: If you delete your cookies on your computer, the opt-out cookie will also be deleted and must be reactivated by you.
i. Linking and forwarding to social media platforms
On our website you will find links in the form of icons to social media platforms such as Xing, LinkedIn, Facebook, and Instagram. These are not plugins provided by the provider, which, without the users’ influence, already transmit data to the provider when the page is loaded. They are merely links to the social media platform. No user data is transmitted from the website to the social media platform.
If you are already logged in to the corresponding social media service at the time you click on the icon, this will be detected. If this is not the case, you will be asked to log in. From this point on, you will be on the website of the respective social media platform.
a. Clicking on the LinkedIn icon will take you to the website of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn). LinkedIn is generally solely responsible for the processing of personal data when visiting our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
b. Clicking on the Facebook icon will take you to an online presence of Facebook Inc., 1601 S. California Ave, Palo Ave, CA 04304, USA.
Information on the collection, storage, and use of your data by Facebook Inc. can be found in the provider’s privacy policy: https://www.facebook.com/about/privacy/
c. Clicking on the Instagram icon will take you to an online presence of Instagram LLC, 1601 Willow Rd., Menlo Park CA 94025, USA.
Information on the collection, storage, and use of your data by Instagram LLC can be found in the provider’s privacy policy: https://help.instagram.com/155833707900388
ii. Embedded content (LinkedIn, YouTube)
Our website uses embedded content from LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) and YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Such content is only loaded after you have given your consent via the cookie banner, whereby data (e.g. IP address) is then transmitted to the respective provider.
iii. Social media presences
Our online presences on the various social media platforms serve to provide users, as customers and interested parties, with information about our services and offers. In addition, the platforms provide a forum for communication between users and our company.
Through our presence on the social media platforms, personal data of users is forwarded to the providers of social networks. Please note that the data of users of our social media presence may therefore also be stored and processed outside the European Union. This results in a different legal situation than regulated by the GDPR. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.
The data of users within social networks is usually processed for market research and advertising purposes. By means of surfing behavior and interests derived from it, profiles can be created which serve the purpose of presenting the user, for example, with customized advertisements within and outside the network. In the context of market research, so-called cookies are stored by the user’s browser. These are small text files that can be deleted via the browser settings. In addition, further data may be stored in the user profiles, especially if the user has an account with the respective social media platform and is logged in.
The legal basis for the storage and processing of personal data is legitimate interest with regard to the provision of useful information for customers and interested parties as well as beneficial communication with users within the meaning of Art. 6(1)(f) GDPR. In the event that the user’s consent to the processing of personal data is obtained via a checkbox to be ticked or confirmation via a button, Art. 6(1)(a) GDPR applies.
Detailed information on the storage and processing of user data as well as on the given objection options (opt-out right) can be found on the pages of the respective providers, which are listed below.
In the event of questions and the assertion of user rights in the context of social media platforms, the respective network provider is the appropriate contact. This is because only the provider has full access to the stored user data. Therefore, only the respective provider can provide detailed information and, if necessary, initiate measures to change or delete the data. If you need advice or support, you can contact us at any time.
i. We have integrated YouTube videos on our website (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
ii. The integration of YouTube videos takes place via a plugin. Only after you have given your consent via the cookie banner will data (e.g. IP address, usage data) be transmitted to Google/YouTube when playing a video.
iii. When you access a page with an embedded YouTube video, your browser connects to the servers of YouTube. Whether or not you have a YouTube account, YouTube can collect data about you. You can prevent this by not giving consent in the banner.
iv. Further information: https://policies.google.com/privacy?hl=en
The object of our company is the distribution of heat recovery systems and the associated engineering and manufacturing, billing and service activities. Data collection, processing, and use are carried out for these purposes.
i. Telephone contact
If you contact our customer service by telephone, we will only collect the personal data that you provide to us during the conversation.
This may include the following data:
First & last name
Company data (company name, customer number)
Address data (street, postal code, city, country)
Communication data (telephone number, e-mail)
Order data (order number)
Product data (item number)
The processing of data for customer service is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
ii. Contact via contact form
A contact form is available on our website, which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored.
Required fields:
First and last name
Company name
Country
E-mail address
Optional:
Type of request
Telephone number
At the time the message is sent, the following data is also stored:
Date and time the request is sent.
The processing of the personal data from the input mask serves solely to process the contact.
The processing of data for contacting us via the contact form is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
iii. Contact by e-mail
When you contact us by e-mail, the personal data you provide, such as:
E-mail address
First and last name
Telephone number
will be stored by us in order to answer your questions.
The processing of the data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
To contact our company in general or specifically to apply for a job, we process your personal data.
When you contact us by e-mail, telephone or post, only the personal data you provide to us will be processed.
We process, for example:
E-mail address
First and last name
Telephone number
Postal address
to answer your questions.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested by us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
On our website you have the opportunity to find out about open positions as well as available training and study positions and to apply directly online via our applicant portal. Our applicant portal is managed by our service provider softgarden e-Recruiting GmbH and their subcontractors. The processing of personal data is carried out exclusively in Germany. In the course of operational and maintenance work, the service provider may gain insight into the following anonymized data:
Date and time of access,
Browser type and version,
Operating system used,
URL of the previously visited website,
Amount of data sent,
IP address of access
Purpose of data processing
Data processing is carried out for the purpose of recruitment, management, and development of personnel. This includes, among other things, the management of applications, the implementation of selection procedures and internal communication.
To make the application process transparent for you, you can register. To do this, you must enter your name and e-mail address as well as a password. This data is required to set up and manage an account for you in the career portal. Finally, we also need this and, if necessary, other data to respond to requests, questions and criticism.
Other optional data are:
Contact details (address, telephone number)
Curriculum vitae data (e.g. school education, vocational training, work experience, language skills)
Profiles in social networks (e.g. XING, LinkedIn, Facebook)
Documents related to applications (application photos, cover letters, certificates, employment references, work samples, etc.)
Data that is absolutely necessary for processing in order to determine your suitability for a job are specially marked as mandatory fields.
You also have the option of providing further data in the form that will make it easier for us to process your application (for example, the name of the specific position and salary requirements). This information is voluntary.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR pre-contractual measures.
We store your complete application data for a period of 6 months after completion of the application process.
We use the application “Microsoft Teams” to conduct online meetings and videoconferences (hereinafter: meetings). Microsoft Teams is a software product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”), which is available as a desktop/web application and mobile app.
The legal basis for the processing of data to conduct meetings with Microsoft Teams is our legitimate interest in the effective conduct of meetings pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Insofar as the meetings are conducted within the framework of existing contractual relationships with you, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. We are not responsible for any further data processing on Microsoft’s product websites, where the desktop software can be downloaded and the web app can be used.
During a meeting, the following data may be processed:
Information about participants: Display name, first name, last name, telephone number, e-mail address, password (encrypted for authentication), profile picture
Metadata: Meeting topic and description, IP address, participant’s phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of last participant activity, number of chat and channel messages, number of meetings attended, duration of audio, video, and screen sharing
For chat or channel message usage: text data for display and possibly logging
For audio use: microphone recording data
For video use: camera recording data
For phone use: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data, such as the IP address of the device
For recordings: audio, video and screen sharing for storage in the cloud
The data is stored at Microsoft Teams for the duration according to the retention policies we have set.
You can sign up for a meeting via email. In doing so, your registration data will be processed by us. Before the meeting, you will receive a calendar appointment. To participate in a meeting, you must at least provide information on your name or—in the case of telephone use—your telephone number. If we allow anonymous participation in meetings, we will inform you of this option in the invitation.
You can deactivate your microphone (audio) and camera (video) at any time via the corresponding settings. We only record meetings with your consent. Microsoft uses the metadata to create aggregate reports about Microsoft Teams usage.
Microsoft may become aware of the above data in the course of meetings to enable it to conduct meetings on our behalf. All data traffic is encrypted (MTLS, TLS or SRTP) and data storage generally takes place on servers in the European Economic Area (EEA). In the event that data is nevertheless processed in the USA, we have concluded EU standard contractual clauses with Microsoft in addition to the above-mentioned measures to protect your privacy.
Further information can be found in Microsoft’s privacy policy, available at:
https://privacy.microsoft.com/en-us/privacystatement
i. We generally retain your personal data for as long as a business relationship with you exists.
ii. After termination of the business relationship, we will delete your data, provided that there are no legal retention periods to the contrary or you do not request us to delete it.
iii. If you request us to delete your data, we will comply with this request by deleting the data that we do not need for legal retention.
i. ARVOS GmbH also processes your data outside the EU.
ii. Due to the global nature of our company, we may transfer your personal data to other countries whose data protection laws may be less comprehensive than those in the EU. Access to your personal data will be limited to certain individuals who need to know that data for the purposes described in this privacy policy.
iii. In order to secure your data in so-called third countries, we conclude standard contractual clauses with our local partners and ensure that the local partners also act in accordance with the EU-wide guidelines and guarantee the deletion of the data.
The following categories of recipients may receive access to your personal data:
i. Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors;
ii. Government bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;
iii. Persons engaged in carrying out our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
d. Links to other websites
Our offer contains links to external third-party websites, the content of which we have no influence over. Therefore, we cannot accept any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages.
e. Rights of data subjects
You have the following rights vis-à-vis us regarding your personal data:
Right of access, pursuant to Art. 15 GDPR
Right to rectification, pursuant to Art. 16 GDPR
Right to erasure/ “right to be forgotten”, pursuant to Art. 17 GDPR
Right to restriction of processing, pursuant to Art. 18 GDPR
Right to data portability, pursuant to Art. 20 GDPR
Right to object to processing, pursuant to Art. 21 GDPR
If you have given us consent, you can revoke it at any time with effect for the future. To do so, please contact us or the data protection officer using the above contact details.
If you feel that your personal data has been processed unlawfully, you can contact us or our data protection officer at any time using the above contact details, or you can lodge a complaint with one of the data protection supervisory authorities.
