Search
Close this search box.
Logo der Arineo GmbH

Privacy Policy

Data protection notice for visitors to our website arineo.com

The protection of your personal data is important to us. In the following, we inform you about which data is collected on this website and about your rights as a data subject according to the GDPR.

I. Controller as stipulated in Art. 4 No. 7 of the GDPR


  1. 1. Address of the Controller

    Paulinerstr. 12
    37073 Göttingen
    Phone: 0551 521380
    E-mail: info@arineo.com
  2. Data Protection Officer
    Michael Vogelbacher
    colenio GmbH & Co KG
    Bahnhofstr. 5
    53572 Unkel
    datenschutz@arineo.com

 

II. Intended purpose and data minimization

The collection and use of personal data on the following website is carried out by Arineo GmbH – www.arineo.com.

We collect and use your personal data exclusively in accordance with the provisions of national and European data protection laws. In the following, we inform you about the type, scope and purpose of the collection and use of personal data. Any further processing for purposes other than those specified below will not take place. You can access this information at any time on this website.

III. Legal basis

Depending on the specific processing context, different legal grounds may be relevant for the processing of personal data carried out within the framework of our website.

In principle, the following legal grounds may apply, whereby the specific processing context and the associated legal basis are presented in the following section IV:

  • Consent acc. to Art. 6 Para. 1 lit. a, Art. 7 of the GDPR, if applicable in conjunction with Section 25 Para. 1 of TDDDG
  • Fulfillment of (pre-) contractual obligations according to Art. 6 Para. 1 lit. b of the GDPR
  • Fulfillment of legal obligations according to Art. 6 Para. 1 lit. c of the GDPR
  • Legitimate interest according to Art. 6 Para. 1 lit. f of the GDPR

IV. Processing of your personal data

Your personal data will be processed in the following cases:

1. Data transmission and logging for internal system and statistical purposes

For technical reasons, your Internet browser automatically transmits data to our web server when you access our website. This data includes the date and time of access, the URL of the referring website, the file accessed, the amount of data sent, the browser type and version, the operating system and your IP address. This data is stored separately from other data that you enter when using our website. It is not possible for us to assign this data to a specific person. This data is evaluated for statistical purposes and subsequently deleted.

 

2. Cookies

This website uses cookies. Cookies are small files that allow specific information related to the device to be stored on the user’s access device (PC, smartphone or the like). On the one hand, these cookies serve the purpose of making websites more user-friendly, and thus also the convenience of the users (e.g. storage of login data). On the other hand, they are used to collect statistical data on website use and to be able to analyze it for the purpose of improving the offer. Users can choose whether or not to accept cookies. Most browsers feature an option that restricts or completely prevents the storage of cookies. However, we would like to mention that the use and especially the convenience of use may be limited without cookies.

Via our consent management tool Borlabs you have the option to consent to the use of cookies not required for the operation of the website according to Art. 6 Para. 1 lit. a of the GDPR in conjunction with Section 25 Para. 1 of the TDDDG in the form of a consent. You can revoke this consent at any time with effect for the future.

he following sections list the various services and the processing operations involved.

 

3. Borlabs

In order to comply with our statutory obligations and to provide website visitors with all the functionalities they require, we use the consent management tool Borlabs. Borlabs stores the cookies and services selected in the consent management tool when you visit our website for the first time.

We would like to bring to your attention via Borlabs that we require your consent under data protection law in accordance with Art. 6 Para. 1 lit. a of the GDPR for the use of certain services and the setting of cookies (cf. IV. No. 2). Apart from that, there exists no legal basis for carrying out the optional processing of personal data to provide certain functions. The personal data processed in the context of the use of Borlabs will not be disclosed to third parties.

In this respect, the relevant legal basis for the use of Borlabs is Art. 6 para. 1 lit. c of the GDPR (fulfillment of legal obligations).

 

4. Contact forms

We use various contact options (contact forms) on our website to communicate with customers or interested parties and equally to present our products and services.

In addition, depending on the design of the contact form at hand, we rely on different legal bases to process your personal data:

  • When using the general contact form (without a specific contact person or context), we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in general contact requests), on the basis of Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures for questions about our products and services) or on the basis of Art. 88 GDPR in conjunction with Art. 88 GDPR. § 26 Abs. 1 BDSG (for questions about career opportunities at Arineo)
  • When processing your personal data to provide you with marketing content relevant to you via email, we draw on your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR.
  • When using so-called asset forms (forms for requesting certain content in connection with registration for our marketing communication via e-mail, for example), we process your personal data on the basis of consent pursuant to Art. 6 Para. 1 lit. a of the GDPR.
  • When processing your participation request for webinars in connection with the registration for our marketing communication via e-mail, we rely on your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR.
  • When processing your participation request for paid webinars, we rely on Art. 6 para. 1 lit. b of the GDPR (fulfillment of contractual obligations).
  • If cookies are installed in the course of using one of the described contact forms, we rely on your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR, Section 25 para. 1 of the TDDDG.
  • The data processing for the collection and analysis of statistics and the logging of the registration process for marketing communication via e-mail is based on your consent to receive e-mail communication via Microsoft Dynamics 365 Marketing (see below) in accordance with Art. 6 para. 1 lit. a of the GDPR.

 

Microsoft Dynamics 365 Marketing (Forms and email tracking).

We use Microsoft to carry out marketing campaigns, for analysis purposes (incl. personal email tracking) and for target group-specific contact with customers and interested parties. More specifically, we use the system to send e-mail messages (for example, in connection with the provision of downloads), for event management (for example, to manage event participants) and to provide contact forms (see above).

Here, the following information is collected with particular emphasis: Client ID, IP address, geographical location, browser type, duration of visit, session name and pages viewed.

Furthermore, the following information is processed as part of personal e-mail tracking: IP address, browser and device properties, time of calling up an e-mail, whether and whether and which links were clicked. This personal data is processed until the respective profile is deleted. Overall, the e-mail tracking allows us to optimize and personalize the advertising content and to assign the appropriate advertising content to different groups of recipients.

When using free services, such as a whitepaper or other downloadable content, the following data is collected and processed as a prerequisite for receiving these services: Form of address, last name, e-mail address and, if applicable, company affiliation, telephone number, communication details, interests as well as downloaded assets.

Double opt-in and collection of data: The registration for our marketing communication via e-mail is subject to a so-called double opt-in procedure. This means that after signing up for our email communications, you will receive an email asking you to confirm your subscription. This kind of confirmation is necessary to ensure that people do not subscribe using someone else’s e-mail address. Your subscription is logged so that the registration process can be verified in accordance with legal requirements. This includes the recording of the date and time of subscription and confirmation, as well as the IP address. Changes to your data stored by the email marketing service provider are also logged.

Unsubscribe: You can unsubscribe from the newsletter at any time, i.e. you can withdraw your consent to receive it. There is an unsubscribe link at the end of each email received.

Your personal data processed in connection with the provision of the relevant marketing content will be deleted after you have unsubscribed.

For additional privacy notices, see the Microsoft Privacy Statement at https://privacy.microsoft.com/en-US/privacystatement.

For more information on the use of cookies in connection with the system, please check out https://docs.microsoft.com/en-US/dynamics365/marketing/cookies.

 

Data sharing

Microsoft Marketing is a component of the Microsoft Dynamics 365 Cloud Application. As a service provider, Microsoft reserves the right to use and process your data for its own legitimate business purposes. In this case, Microsoft acts as its own data controller within the meaning of the General Data Protection Regulation and then has the sole obligation to comply with data protection laws. In this case, a transfer of data to third countries cannot be ruled out, which may pose a data protection risk for data subjects.

Your data will not be passed on to third parties by us. The processor acting on our behalf is Microsoft Ireland Operations Ltd. in Dublin/Ireland (Microsoft). The agreed storage location of your data in the cloud is in the region of Europe. Nevertheless, in order to provide an adequate level of protection and due to the circumstance described in the previous paragraph, Microsoft has implemented standard contractual clauses in the event of a third country transfer (Art. 44 to 49 of the GDPR, Information page of Microsoft: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses; Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

5. Web Analytics

SalesViewer®

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of legitimate interests of the website operator (Art. 6 para.1 lit.f of the GDPR). For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is in no way used to identify visitors to this website individually. The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the data collection by SalesViewer® within the context of this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

 

Dealfront

Our website uses the technologies of Dealfront (Liidio Oy as part of Dealfront Group GmbH) to analyze visitor behavior.

In this process, the IP address of a visitor is processed.

This processing has the purpose of helping us understand which businesses (B2B) are visiting our site, by enriching IPs with associated information such as the company name or industry code.

To do this, at the beginning of the visitor’s session, their IP address and corresponding session data is matched against a large whitelist of known companies.

To increase data protection of our visitors we have turned on “IP address anonymisation”, so that only shortened values instead of the actual IP addresses will be stored. If the feature is on, we will not store the actual IP address anywhere in our systems, including logs. This anonymisation makes it impossible to connect outside IP address information later, preventing identification of an individual person.

As part of this processing, first party cookies are used in order to analyze visitor behavior.

Whenever we process website traffic data, this is based on our legitimate interest (Art. 6 (1) lit. f GDPR) in optimizing our products, services, sales and marketing.

To prevent this processing activity, you (website visitor) may install and configure appropriate ad-blockers or use no-script-plugins in your browser.

The data will be deleted as soon as it is no longer required for its intended purposes. Statutory retention obligations can lead to a longer retention period of the data in question.

We have concluded a data processing agreement with Dealfront in order to ensure compliance with applicable data protection standards.

 

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”; for users within the EU: Google Ireland Limited, Gordon House Barrow St, Dublin 4, Ireland; in other respects: Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies. The information generated by the cookies about your use of this website is transmitted to a Google server in the USA and stored there. Due to the IP anonymization activated on our website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area in order to ensure anonymized recording of IP addresses (so-called IP masking).

In exceptional cases, the full IP address is transmitted to a Google server in the USA and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics may be further used in connection with the use of Google Ads.

The relevant legal basis for the use of Google Analytics is your consent pursuant to Art. 49 para. 1 lit. a of the GDPR in conjunction with Section 25 Para. 1 of the TDDDG. You can revoke your consent at any time with effect for the future.

With regard to the transfer of personal data to the USA, it has been determined by the Court of Justice of the European Union that an adequate level of data protection cannot be guaranteed in the USA. This may be due to the possibility that the US authorities may have access to the data and to the lack of legal remedies, which may pose risks to the rights and freedom of data subjects.

You can refuse the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and also the processing of this data by Google by adjusting your browser settings to save cookies accordingly or by downloading and installing the browser plugin available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

LinkedIn Insight Tag

We use the “LinkedIn Insight Tag” service of LinkedIn Ireland Unlimited Company (Wilton Pl, Dublin, Ireland) on our website. With the help of this service, a cookie is set which enables the following categories of personal data to be processed: IP address, device properties, browser properties, URL, referrer URL and time.

No further personal data is provided to us by LinkedIn. Rather, by setting the LinkedIn Insight Tag, we receive aggregated data records that enable us to optimize our website and related marketing measures.

Furthermore, the service offers the possibility of so-called retargeting, whereby you may also receive advertising content from us outside of our website. This does not require any personal identification of data subjects on our part.

The relevant legal basis for the use of the “LinkedIn Insight Tag” is your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR in conjunction with Section 25 Para. 1 of the TDDDG. You can revoke your consent at any time with effect for the future. You can find this opt-out function here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

With regard to the transfer of personal data to the USA, it has been determined by the Court of Justice of the European Union that an adequate level of data protection cannot be guaranteed in the USA. This may be due to the possibility that the US authorities may have access to the data and to the lack of legal remedies, which may pose risks to the rights and freedom of data subjects. When using the “LinkedIn Insight Tag”, it cannot be entirely ruled out that your personal data will be processed downstream in the USA. By clicking on “Accept” via our consent management tool, you are thus giving your consent in accordance with Art. 49 para. 1 lit. a of the GDPR.

If you have a personal LinkedIn profile, you can change the associated settings relevant in connection with the “LinkedIn Insight Tag” in your personal LinkedIn settings: https://www.linkedin.com/psettings/enhanced-advertising.

For more information, please refer to LinkedIn’s data protection notice: https://de.linkedin.com/legal/privacy-policy?.

 

Microsoft Dynamics 365 Marketing (Analytics)

We use the analysis functions of Microsoft Dynamics 365 Marketing (Microsoft Ireland Operations Ltd. in Dublin/Ireland) on our website. The use of this tool allows us to evaluate and continuously improve the performance of our website. In doing so, various cookies are placed on your terminal device, which help us to process the following categories of personal data from you: Visitor ID, browser and device settings and, if applicable, account information.

For more information and a list of the cookies set by Dynamics 365 Marketing, please see the following links: https://learn.microsoft.com/en-us/dynamics365/marketing/track-online-behavior https://learn.microsoft.com/en-us/dynamics365/marketing/cookies

https://learn.microsoft.com/en-us/dynamics365/marketing/track-online-behavior

https://learn.microsoft.com/en-us/dynamics365/marketing/cookies

The relevant legal basis is your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR in conjunction with Section 25 of the TDDDG. You can revoke your consent at any time with effect for the future.

With regard to the transfer of personal data to the USA, it has been determined by the Court of Justice of the European Union that an adequate level of data protection cannot be guaranteed in the USA. This may be due to the possibility that the US authorities may have access to the data and to the lack of legal remedies, which may pose risks to the rights and freedom of data subjects.

 

Microsoft Advertising

We use Microsoft Advertising (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18) on our website. This is an online marketing method that permits us to place advertising content on the Microsoft network in order to address interested users. In the course of this placement, it is also analyzed whether the placed advertising content prompts further interaction with us. This enables us to constantly improve the placement of our advertising content. In order to make this possible, it is necessary to set cookies on your terminal device.

Through these cookies, the following personal data can be processed: IP address as well as device and browser properties.

The relevant legal basis is your consent pursuant to Art. 6 Para. 1 lit. a of the GDPR in conjunction with Section 25 Para. 1 of the TDDDG. You can revoke your consent at any time with effect for the future.

With regard to the transfer of personal data to the USA, it has been determined by the Court of Justice of the European Union that an adequate level of data protection cannot be guaranteed in the USA. This may be due to the possibility that the US authorities may have access to the data and to the lack of legal remedies, which may pose risks to the rights and freedom of data subjects.

When using Microsoft Advertising, it cannot be ruled out that your personal data will be processed downstream in the USA. By clicking on “Accept” via our consent management tool, you are thus giving your consent in accordance with Art. 49 para. 1 lit. a of the GDPR.

For more information please visit: https://privacy.microsoft.com/de-de/privacystatement.


Azure Hosting

We host this website on Microsoft’s Azure Cloud. When visiting our website, the following categories of personal data are therefore processed in this context: IP address, date, time, browser and, if applicable, device information as well as visited web pages.

The relevant legal basis here is our legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR in the provision of a functional online presence.

Your data will not be passed on to third parties outside the EU. The processor acting on our behalf is Microsoft Ireland Operations Ltd. in Dublin/Ireland (Microsoft). The agreed storage location of your data in the cloud is in the region of Europe. In order to nevertheless provide an adequate level of protection, Microsoft has implemented standard contractual clauses for the non-excludable case of a third country transfer (Art. 44 to 49 of the GDPR, Information page of Microsoft: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses I Information page of the EU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

V. Data subjects and data categories

The data subjects are customers, visitors to the website, suppliers and business partners as well as employees. Here, IP address as well as (when contacting us via our contact form) name, e-mail address, subject and message are collected. However, such data is only collected to the extent specified under Purpose and data minimization. For more detailed information on the categories of data affected in each case in the course of using various services, please refer to IV.

VI. Deletion of data

If the purpose of processing ceases to apply and there is also no legal retention period, the corresponding personal data will be deleted. In principle, the data will only be processed for the duration required to fulfill the purposes stated above.

VII. Data processing in third countries

If we transfer data for processing due to the use of third-party services on our website or processing in any other way, and if this data is transferred for this purpose to a third country, i.e. outside the EU or the European Economic Area, or if personal data is transferred to companies, persons or other entities located outside the European Economic Area, this will only be done in compliance with the legal requirements.

We transfer the personal data for processing only to third countries that either offer a recognized level of data protection, that the receiving entity has committed to contractually, through standard contractual clauses of the EU Commission, or that offer the appropriate guarantees for processing through certified mandatory internal data protection rules. Subject to explicit consent or contractual or legal obligations (Art. 44 to 49 of the GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

VIII. Data subject rights

At any time, you have the choice and the right to contact the data controller (see above) and request information about how your data is processed.

In addition, you have the right to rectify your data and delete your data.

You have the right to restriction of processing, i.e. to allow only partial information to be processed.

In addition, you have the right to object to the processing of your personal data at any time. Arineo GmbH will then check to what extent the non-processing conflicts with legal disclosure and processing obligations and inform you accordingly.

You have a right to data portability, i.e. that we hand over your personal data to you in machine-readable form in a common format determined by us upon request.
In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for your country if you believe that we are not handling your personal data properly and in accordance with this statement. If you have given us your consent to process your data, you can revoke this consent at any time. If you receive advertising from us, you also have the right to object to no longer receiving advertising from us at any time.

If you have any questions, please contact our data protection officer at datenschutz@arineo.com.

IX. Security of data transmission

We use a secure data transmission procedure by means of SSL/TLS encryption. This means that the data you enter in a form on our website is protected. Pay special attention to the “s” in the “http(s)” of the URL (the Internet address you enter). This is an indication that your data entry is secure on the Internet. Additional information: The web browser you use contains detailed explanations about security procedures and encryption under the Help tab.

Social Media

The logos of the social networks Facebook, Twitter, Instagram and YouTube are linked on our website. Data is only collected when you click on one of the logos. Below we inform you about the data collected by these networks when you share content from our website on the respective network or visit our presence on the social networks. You can prevent the collection and processing of the data generated by the network cookies and related to your use of the respective network (including your IP address) to / by the respective network by adjusting your cookie settings before clicking on one of the logos. Most browsers feature an option that restricts or completely prevents the storage of cookies. However, it should be noted that the use and in particular the ease of use are restricted without cookies. You can also activate the “do not track” function in your browser, deactivate script code execution in your browser or use a so-called script blocker.

Information on data protection for the social networks Xing and LinkedIn can be found at https://privacy.xing.com/en/privacy-policy and at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Facebook and Instagram

Below we inform you which data is processed when you visit our Facebook or Instagram fan page. As the operator of our fan page, we receive anonymized visitor statistics (Insights) that are created by Facebook (Facebook Inc., headquarters: 1 Hacker Way, 94025 Menlo Park, CA, USA; for users within the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of the data described below: Page Insights is aggregated data that allows us to gain insight into how users interact with our site. We do not receive any personal data. We therefore have no insight into the individual personal data of visitors to our Facebook or Instagram page. As the operator of the fan page, we are jointly responsible with Facebook for the visitor statistics (Insights) (Art. 26 GDPR), with Facebook assuming primary responsibility. The legal basis for the use of Insights data is our legitimate interest within the meaning of Art. 6 para. 1 f) GDPR to provide information and communication offers for interested parties and customers via social networks. We use this information for commercial and communication purposes, including to remain competitive as a company.

When you visit our Facebook or Instagram page, Facebook, which also owns Instagram, places cookies on the device you use for this purpose (i.e. your computer or mobile device), which are used to store information in web browsers and remain effective for up to two years unless they are deleted. Facebook receives the information stored in the cookies, records it and processes it. This happens not only when you access Facebook services such as our Facebook or Instagram page, but also for services provided by other members of the Facebook group of companies and services provided by other companies that use Facebook services. Facebook partners and third parties also use cookies on Facebook services to provide services to Facebook/Instagram or the companies advertising on Facebook/Instagram. The data is used by the Facebook group and third parties for product research and development, advertising and sponsored content.

Please note that cookies are placed when you visit our Facebook or Instagram page regardless of whether you have a Facebook or Instagram account or not. If you have a Facebook or Instagram account, Facebook collects and processes data when you access the fan page if you have provided this data in your Facebook or Instagram account. This includes your age, gender, relationship status, professional situation as well as information about your lifestyle, your interests and your purchases or purchasing behavior (demographic data). Facebook also collects and processes geographical data such as your location. This enables Facebook to offer targeted information and advertising (personalization). Facebook can assign this data to you personally. If you do not have a Facebook or Instagram account, the cookie placement will in any case collect your IP address, information about your device, the region or, if applicable, the exact location where you are using it, access time and length of stay, as well as the demographic data mentioned above based on your surfing behavior.

You can prevent the collection of the data generated by the cookie and related to your use of our Facebook or Instagram page (including your IP address) to Facebook and the processing of this data by Facebook by adjusting your cookie settings before accessing the Facebook or Instagram page. Most browsers feature an option that restricts or completely prevents the storage of cookies. However, it should be noted that the use and in particular the ease of use are restricted without cookies. You can also activate the “do not track” function in your browser, deactivate script code execution in your browser or use a so-called script blocker.

Further information can be found in Facebook’s data policy at www.facebook.com/privacy/explanation, the Facebook cookie policy at www.facebook.com/policies/cookies, Instagram’s data policy at https://privacycenter.instagram.com/policy/?section_id=0-WhatIsThePrivacy, Instagram’s cookie policy at https://privacycenter.instagram.com/policies/cookies/, information on Page Insights data at www.facebook.com/legal/terms/information_about_page_insights_data and options for advertising settings in the data protection information at www.facebook.com/help/568137493302217.
Information about the data processing agreement concluded between us and Facebook on joint responsibility can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

Data protection instruction for customers and interested parties

 

We, Arineo GmbH, Paulinerstraße 12, 37073 Göttingen, Tel.: 0551 52138 0, Email: info@arineo.com would like to explain to you how we handle your personal data in the context of establishing, expanding and maintaining business relationships. If you have any queries, you can always contact our data protection officer at datenschutz@arineo.com.

Purpose, legal basis and data minimisation

The following categories of personal data are processed within the scope of the processing of customer data: salutation, last name, first name, email address, position in the company, telephone numbers, type of business relationship, timeline (overview of past sales activities), email communication, billing address, source of contact, company affiliation, email interaction of the recipient if applicable (only for marketing emails, not per se), website activity (with consent to tracking on website and prior completion of the contact form).

The purposes pursued are as follows:

  • Establishing and maintaining business relationships; Article 6, paragraph 1, letter b of the GDPR (implementation of pre-contractual measures or fulfilment of contractual obligations) is the legal basis for this
  • Expansion of business relationships; Article 6, paragraph 1, letter b of the GDPR (implementation of pre-contractual measures) and, if required, Article 6, paragraph 1, letter f of the GDPR (legitimate interest) is the legal basis for this
  • Management of interested parties; Article 6, paragraph 1, letter f of the GDPR (legitimate interest), e.g. when contacting us via the website form, is the legal basis for this
  • Settlement and billing of the services provided; Article 6, paragraph 1, letter b of the GDPR (fulfilment of contractual obligations) is the legal basis for this
  • Newsletter dispatch; Article 6, paragraph 1, letter a of the GDPR (consent) is the legal basis for this; in case of newsletter dispatch to existing customers, Article 6, paragraph 1, letter a of the GDPR (consent) or Article 6, paragraph 1, letter f of the GDPR (legitimate interest) are also considered as legal basis

Group of data subjects

Only personal data of customers, business partners and interested parties is processed within the scope of the described processing activities.

Forwarding of personal data

As a matter of principle, only the relevant internal departments of Arineo GmbH have access to the personal data processed in the context described. A strict authorisation concept is applicable.

If we rely on the support of other service providers for certain measures, personal data will only be forwarded in compliance with the prevailing data protection requirements. If required by law, corresponding agreements shall be concluded. We therefore rely on service providers who are separately obligated as far as confidentiality and data protection are concerned.

The main processor acting on our behalf is Microsoft Ireland Operations Ltd. in Dublin/Ireland (Microsoft). The storage location of your data in the cloud is also in the European region. The contract processing relationship between Arineo and Microsoft does not include or provide for any transfer to third parties or third countries. In order to nevertheless offer an appropriate level of protection and due to the fact that Microsoft is partly responsible for processing (see below), we have concluded standard contractual clauses with Microsoft. (Articles 44 to 49 of the GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

When using Microsoft Teams, Microsoft as a service provider reserves the right to use and process your data for its own legitimate business purposes. In this case, Microsoft acts as its own controller within the meaning of the GDPR and is then solely obliged to comply with data protection laws. The possibility of data being transferred to third countries cannot be ruled out, which may pose a data protection risk for data subjects. For more information, visit: https://learn.microsoft.com/de-de/microsoftteams/teams-privacy.

In exceptional cases, external parties subject to professional secrecy, such as lawyers, tax advisors, auditors or the data protection officer, may also get access to the data. In the case of overriding legal provisions, disclosure to authorities cannot be ruled out.

Storage period

The personal data arising in the context described will be deleted after fulfilment of the underlying purposes and taking into account existing retention obligations.

  • Documents relevant for tax or accounting purposes will be stored for 10 years after termination of the underlying business relationship.
  • In the event of an objection or revocation of consent in the context of the newsletter dispatch, the personal data required for the newsletter dispatch will be deleted immediately.

Rights of Data Subjects

You have the option and the right to contact Arineo GmbH at any time and request information about how your data is processed (Article 15 of the GDPR).

You also have the right to rectification and erasure of your data (Articles 16, 17 of the GDPR).

You can withdraw your consent at any time with effect for the future.

You have the right to restrict the existing processing so that you can only authorise the processing of partial information (Article 18 of the GDPR).

You also have the right to object to the processing of your personal data at any time (Article 21 of the GDPR). Arineo GmbH will then check the extent to which the non-processing conflicts with statutory disclosure and processing obligations and will inform you accordingly.

You have a right to data portability (Article 22 of the GDPR), i.e. that we hand over your personal data in machine-readable form in a common format specified by us upon request.

You also have the right to lodge a complaint with the competent data protection supervisory authority if you think that we are not handling your personal data properly and in accordance with these instructions.

Please use the above contact details to assert the aforementioned rights of data subjects.