ARP Data Protection Policy.
Version 1.0 / 25.05.2018
Welcome to our website and thank you for your interest in our company. We take the protection of your data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU Data Protection Basic Regulation (EU GDPR) and the country-specific laws applicable to us. With the help of this data protection policy, we will inform you how ARP processes your personal data and the rights you have.
Personal data means information that can lead to the identification of an individual and includes name, date of birth, address, phone number, e-mail address and also IP address. Anonymous data exists when no connection can be made to a user.
Responsible authority and data protection officer
Address: ARP Europe GmbH, Weipert Str. 8-10, 74076 Heilbronn
Contact information: Homepage www.arp.com
Data protection officer: email@example.com
Your rights as a data subject
We would first like to inform you of your rights as a data subject as defined in Art. 15 - 22 EU GDPR This includes:
- The right of access (Art. 15 EU GDPR)
- The right to erasure (Art. 17 EU GDPR)
- The right to rectification (Art. 16 EU GDPR)
- The right to data portability (Art. 20 EU GDPR)
- The right to restriction of processing (Art. 18 EU GDPR)
- The right to object (Art. 21 EU GDPR)
To exercise these rights, please contact: firstname.lastname@example.org. The same applies if you have questions about data processing in our company. You also have the right to appeal to the data protection supervisory authority.
Right to object
Please note the following in connection with the right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object at any time without giving reasons. This right also applies to profiling as long as it is connected with direct advertising.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes. Objection is free of charge and can be made without the need for filling in a form at: email@example.com.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.
We shall no longer process the personal data unless the we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Purposes and legal bases for data processing
Processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 EU GDPR.
We use your data for business initiation, fulfilment of contractual and legal obligations, execution of a contractual relationship, offering products and services and for strengthening the customer relationship, which may also include analyses for marketing purposes, customer satisfaction surveys and direct marketing.
Your consent also constitutes a legal provision under data protection law. The following is information regarding the purposes of data processing and about your right to object. If consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent, Art. 88 Para. 1 EU GDPR.
Processing of special categories of personal data according to Art. 9 Para. 1 EU GDPR only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of the processing prevails, Art. 88 Para. 1 EU GDPR.
Transfer of data to third parties
We will only pass on your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, data will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
Within our company, we ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations.
Through our website, contracts of sale are established with Bechtle direct GmbH, which is a subsidiary of our parent Group responsible for this sales channel.
It is possible that other Bechtle-affiliated companies may become involved during contracts of sale and requests. For example, a request for on-site support at your location may be processed by a Bechtle-affiliated company in your area for said purpose.
In some cases, service providers support our specialist departments in performing their tasks, e.g. sending newsletters. The necessary data protection agreements have been concluded with all service providers.
Transfers of personal data to third countries / data intended for processing after transfer to a third country
Data is only transmitted to third countries (countries outside the European Union or the European Economic Area) if required to do so by law , you have given us your consent or if this is necessary for the performance of the obligation.
This is currently the case when you use our chat function for inquiries because a service provider outside the European Economic Area who provides this function for us receives access to your personal data. Compliance with the data protection level is ensured, among other things, by certification or participation in the so-called "Privacy Shield":
Cisco adopts the frameworks and principles of the EU-US Privacy Shield and has had its compliance certified. You can find more information on Privacy Shield here: https://www.privacyshield.gov/Program-Overview.
Erasure of personal data
We will store your data only for as long as it is needed for the purposes it was collected. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Secure data transfer
In order to protect data from accidental or deliberate manipulation, loss, damage or access by an unauthorised person, we have taken appropriate technical and organisational security measures. To this end, the level of security is continually tested and adjusted to reflect new standards in security, in collaboration with security experts.
Data transferred to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.
In addition, we offer our users content encryption for contact forms and applications. Only we are able to decrypt this data. It is also possible to use alternative communication channels (e.g. by post).
Obligation to provide data
Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
Data categories, sources and origins
The data we process depends on the context: This depends on e.g. if you place an online order, send an enquiry using our contact form, send us application or make a complaint.
Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
When you visit our website, we collect and process the following data:
When you visit our site, your internet browser transmits the following types of data, which we then save:
- the browser type
- the IP address of the computer used to access the site
- the server requests (e.g. accessed pages) including time stamps and
- the referral URL (i.e. the address of the previous website that you visited, if you came to our site by following a hyperlink from there).
These first three data types are technically required to be able to properly display the webpage you accessed. Moreover, this data may be used, if necessary, to maintain secure operation of this website (e.g. to protect against hacking). The referral URL is anonymised and used to compile statistics. For reasons of technical security and in particular to prevent attempts to attack our web server, this type of data are also stored for a certain period of time in accordance with Art. 6 Paragraph 1(f) EU GDPR.
When you contact us with an enquiry, we collect and process the following data:
Our website offers you different ways to contact us, e.g. to order a catalogue or to get information on certain products. You can use the online chat function, request a call back or send an e-mail message.
A contact form is used to collect the required details for communication (e.g. name, phone number or e-mail address) as well as to send your message. The collected data are used for customer relations management (contact history) and for responding to/fulfilling your request.
When you place an order, we process the following data:
As a business customer, you can order IT products in this Website’s integrated online shop.
To process your orders, your contact details, invoice/delivery address and payment method (bank, credit cards, etc.) are required.
In some cases a credit check may be performed when placing an order. Details will be provided during the ordering process. A credit check will be performed only with your consent.
When you apply online, we collect and process the following data:
- Master data (e.g. name, suffixes, date of birth, and academic titles, if applicable),
- Contact details (postal address, phone number, email address),
- Qualifications and education information (e.g. C.V. references),
- If necessary and depending on the job application, information regarding language and IT skills, work permits and driving licences or residency permits.
In addition, we collect and process various other (voluntary) data such as earliest start date, regional mobility, desired number of hours and duration of employment, previous employment at ARP or Bechtle, information on your social commitments or information on how you became aware of the position. You may also choose to provide information regarding your personal accounts on social networks that may be relevant for your application.
We have implemented security measures to ensure that your data remain safe and confidential at all times. All application documents submitted via the application portal are encrypted. Provisions to protect your information always correspond to the latest technological standards.
Your data provided in the context of the application process are stored subject to applicable law and purged no later than six months after the application process has concluded. We will retain your data beyond this point only if we are entitled or have an obligation to do so, e.g. if you have given your express consent for us to retain your data for an extended and specified period of time, or to exercise our rights under applicable law.
When you subscribe to a newsletter, we collect and process the following data:
- Last name, first name,
- E-mail address.
- Please be aware that we conduct anonymous link tracking for statistical purposes.
Automatised case-by-case decisions
Please note that we generally do not use purely automated processes to make a decision.
Contact forms / contact via e-mail, chat or phone
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the information you provide to contact you and answer your questions and requests.
All data required to complete the form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely necessary for us to contact you. This means your email address and the message field.
For reasons of technical security and in particular to prevent attempts to attack our web server, we will also process your IP address. All other information is voluntary (e.g. to give a more tailored answer to your question)
If you contact us by e-mail, we will process the personal data provided solely for the purpose of processing your enquiry.
You also have the option to contact us via Chat or to request a call back. The chat history is saved on our internal servers for 30 days for reasons of follow-up and is then deleted.
Newsletter (Art. 6 Para. 1(a) EU GDPR)
You can subscribe to our free newsletter via our website. The email address and name provided during the registration process is used to send a personalised newsletter.
The principle of data economy and data reduction is observed, as only the e-mail address and your name are marked as mandatory fields to enable personalisation. Due to technical and legal reasons, we will also process your IP address.
Of course, you can cancel your subscription at any time via the unsubscribe option provided in the newsletter and therefore revoke your consent. You also have the option to unsubscribe directly via our website
Webshop (Art. 6 Para. 1(b) EU GDPR)
Unless you agree to additional use, we only process the data you provide on an order form for the performance or processing of the contractual relationship.
All data are subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed for the performance of the contract or for the fulfilment of our contractual obligations (i.e. your name, address, e-mail address and the payment data required for the chosen payment method) or to which we are legally obliged to collect.
Due to technical and legal reasons, we will also process your IP address. Without this data we will unfortunately have to reject the contract, as we will then not be able to perform our obligations. We may also have to terminate an existing contract. You can of course provide us with more data if you wish.
Registration / Customer account (Art. 6 Para. 1(a+b) EU GDPR)
Users have the possibility to provide personal information to register on our website. The advantage is that you can see your order history and the data required for the order form is saved. This means that you don’t have to re-enter information every time you order.
Registration is therefore necessary either to fulfil a contract with you(via our online shop) or to carry out pre-contractual measures.
All data are subject to the principles of data reduction and data economy as mandatory information is marked with a star (*). This includes, for example, the email address and password and the repeated password.
If you order in our online shop, we also need details such as your title, first name, last name, address for delivery and billing. Additional information is required should the delivery and billing address differ.
During the registration process, the user’s IP address along with the date and time (technical background data) are also saved. You give your consent to the processing of your data by clicking on the “Register” button.
Please note: passwords encrypted and then saved, meaning that company employees are unable to view them. If you forget your password, we will therefore be unable to give you any information about it.
In this case, please click on “Forgotten your password?” so that an automatically generated password can be sent. No employee is authorised to call or write to you and request your password. Please never reveal this information even if you are requested to do so.
Once registration has been completed, your data are saved in the secure customer area. As soon as you log in to our website with your e-mail address as user name and password, this data will be made available on our website to help you carry out your tasks. You can view information on placed orders in the order history. You can also change your delivery or billing addresses.
Registered user are free to change / correct billing or delivery addresses in the order history. Alternatively, our customer services will be happy to change / correct any information. You of course have the right to delete your account.
Payment systems (Art. 6 Para. 1 (a+b EU GDPR),
You can pay by invoice, with a credit card or via PayPal in our online shop. The respective payment-relevant data are collected in order to be able to carry out and complete your order and payment. Due to technical and legal reasons, we will also process your IP address.
All data are subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed to complete your payment and therefore execute the contract or for the collection of which we are legally obliged.
Without this data we will unfortunately have to reject the contract, as we will then not be able to perform our obligations.
The payment system we use employs SSL encryption to ensure the secure transfer of your data.
A note on paying by invoice: If you select to use this method of payment in our online shop, we carry out a credit check. For this purpose, the relevant data are transmitted to the company “Creditsafe” to determine creditworthiness and default risks.
A note on credit card payments: As is standard with credit card payments, our service provider Wirecard checks the details and carries out a credit check.
A note on PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal , L-2449 Luxembourg. If you select this as your method of payment, your data are automatically transmitted to PayPal.
By selecting this payment option, you consent to the transfer of the personal data required for payment processing. This normally means your first and last names, address, e-mail address, IP address, phone number, mobile number or other data necessary for the payment to be completed.
Personal data connected to the order is also necessary to enable the processing of the purchase agreement. Details on data protection at PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev (valid from 25.5.2018).
A note on direct debits: As is standard with this payments method, account information is collected to enable the billed amount to be deducted.
Advertising to existing customers (Art. 6 Para. 1(f) EU GDPR)
ARP would like to maintain a relationship to its customers and send information and offers on products and services. We therefore use your data to email you relevant information and offers as well as customer satisfaction surveys.
If you would prefer us not to do so, you can object at any time to the use of your personal data for direct marketing purposes. This right also applies to profiling as long as it is connected with direct advertising. As soon as we receive your objection, your data will no longer be processed for this purpose.
An objection is free of charge and can be made without the need for filling in a form by e-mail at firstname.lastname@example.org or by post to ARP GmbH, Lise-Meitner-Str. 1, 63128 Dietzenbach.
Application portal (Art. 6 Para. 1(a+b) EU GDPR)
We understand that your data are a sensitive matter. That’s why all personal information you submit via our application form is exclusively used for the purpose of the application process, including any need to contact you. No data are transferred to a third party without your consent.
When you fill out the application form, you are asked to provide certain personal information. All data required to complete the application form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely needed to process your application, such as a resume, or that we are required to obtain under applicable law. Mandatory information is marked with a * (asterisk). Due to technical and legal reasons, we will also process your IP address.
Without this information, we are unable to process your application. It is therefore not possible to upload application documents to the portal without also providing this information. If you wish, you can also provide additional, optional information via the application form.
We have implemented security measures to ensure that your data remain safe and confidential at all times. All application documents submitted via the application portal are encrypted.
We keep your data for the above purposes for the duration of the application process and until all related deadlines have expired, however, for no longer than six months after we have informed you whether your application has been successful. However, you have the option of extending this retention period if you prefer that we keep your application documents for the purpose of matching them with other vacancies that fit your profile
Cookies (Art. 6 Para. 1 (f ) EU GDPR / Art. 6 Para. 1 (a) EU GDPR in case of consent)
These cookies help us to see how users use our website, enabling us to design the website content according to the visitor's needs. In addition, cookies enable us to measure the effectiveness of a particular advert and to place it according, for example, to the user's thematic interests.
We mostly use so-called “session cookies”, which are automatically deleted when you leave our site. Permanent cookies are automatically deleted by your computer when the validity period has been reached (usually six months) or you delete them yourself before this period expires.
Most Web browsers automatically accept cookies as default. If you don’t want to send this information, you can change your browser settings at any time. However, you will still be able to take full advantage of the offers in our online shop (the only exception to this is the configurators).
Cookies are saved on the user’s computer and transmitted from there to our website. This means that the user has complete control over how the cookies are used. You can deactivate or limit the transmission of cookies by changing the settings in your internet browser. Furthermore, cookies can be deleted at any time in the internet browser or other software programmes. This is possible in all common internet browsers.
Session cookies are required for processing your orders on this website. This will allow your browser session to actually be assigned to you. As the name “session cookie” implies, this cookie will be deleted when you close your browser. Simply browsing the individual pages of this website is possible without cookies (for example, by blocking cookies through such a browser add-on).
User profiles / Web tracking
This website—in part with the help of third-party service providers—creates anonymous usage profiles for advertising and market research purposes, as well as for target-group oriented web-design. These usage profiles are anonymised (on the web server), so that only anonymous data (i.e. no personal or personally identifiable data such as your IP address) are sent to the service providers.
Your personal data referred to under points 1 and 2 will not be associated with the usage profiles. That means that your usage profile is not attached to your name, and nobody knows what your usage profile looks like at any given time.
Web tracking (i.e. collecting data for these usage profiles) is carried out with usage-profile cookies and scripts. These cookies enable the web server to recognise you during your browser session and also during your next browser session, provided that the cookie has not been deleted in the meantime.
You can object to the creation of usage profiles during your time on this website by clicking on the following button: Revocation of Data Tracking
If you click the button, no usage-profile cookies will be saved on your computer, nor will the webtracking scripts be executed. Instead, a “no-tracking cookie” will be saved on your computer.
With this cookie saved on your computer, your objection will be respected (for the current and all future browser sessions) as long as the cookie is not deleted from your computer. In particular, the following webtrackers are used on this website to create anonymous usage profiles (unless you have objected to their use):
This web analysis service of Webtrekk GmbH is used to track the response to our website and its offers and to optimize them accordingly. For this purpose, some cookies are used, such as a session cookie, a last-click cookie and an evercookie (for recognition across multiple browser sessions). The most persistent cookie—the ever cookie—expires after six months at the latest, i.e. it is deleted by your browser.
We also make use of Webtrekk GmbH technologies for the statistical evaluation of websites. Webtrekk GmbH is based at Robert-Koch-Platz 4, 10115 Berlin and collects, saves and analyses data. The company has data protection certification in the area of web controlling in Germany after its data processing was checked for conformity and data security. With the help of Webtrekk services we collect statistical data about the use of our website. This data are used to improve and optimise our offers in order to make them more interesting for you.
Webtrekk uses session cookies, which are deleted when the browser session is closed. This also applies to last-click cookies. Webtrekk also uses evercookies, which are deleted after a defined number of clicks, and expire after a maximum of 6 months. Web-usage data are not combined with any other information about the pseudonym’s user. These cookies are deleted once it is no longer necessary to save data for analytical purposes, or upon user request.
This data will not be able to be directly linked to a particular individual. Data collected in this way is used to create anonymous user profiles that form the basis for web statistics. The data collected with Webtrekk technologies will not be used to personally identify visitors to these websites and will never be combined with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. Users can opt out of future data collection and storage by Webtrekk at any time here.
When you click on the link, an opt-out cookie will be saved on your computer, which is valid for 5 years. Please note that if you delete all cookies on your computer, this opt-out cookie will also be deleted, i.e. if you still wish to object to the anonymised data collection by Webtrekk, you must save the opt-out cookie again. Opt-out cookies are required per browser and computer meaning that if you visit our web pages from home and work or with different browsers, you must activate the opt-out cookie in the different browsers or on the different computers.
We also use the Google advertising tool "Google AdWords" to promote our website. To help us in this, we use the analysis service “Conversion Tracking” from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. If you accessed our website via a Google adverts, a cookie is stored on your computer.
Cookies are small files that are saved on your computer and in your browser. These conversion cookies cannot be used to identify any personal information and will expire automatically after 30 days. If you visit certain pages of our website before the cookie expires, we and Google may recognise that you have been redirected to our page after clicking on one of our adverts placed on Google.
The information collected using conversion cookies is used by Google to generate visit statistics for our website. These statistics show us the total number of users who clicked on our adverts and also which pages of our website were subsequently accessed by the respective user. However, we or other companies who advertise using Google AdWords do not receive any information with which users can be personally identified.
Social network plug-ins
Advertising and conversion cookies are used to show you relevant, interest-based advertising, also from third-party websites. Amongst other things, this prevents the same advertisement from being displayed again and again.
With these cookies, we can also measure the effectiveness of our advertising campaigns based on anonymous and pseudonymous user profiles and trace how users interact with our advertising material and what they do next (so-called "Conversion"):
With your permission, our website uses Facebook’s visitor action pixel to measure conversion. Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This allows the behaviour of visitors to the page to be tracked after they have been redirected to a provider's website by clicking on a Facebook ad, enabling the effectiveness of Facebook advertising to be evaluated for statistical and market research purposes and means that future advertising measures can be optimised. We, as the operator of the website, are unable to draw any conclusions about the identity of the users as the collected data are anonymous. However, the data are stored and processed by Facebook so that it can be linked to the user's profile. Facebook can then use the data for its own advertising purposes in accordance with its Data Usage Policy.
You can also deactivate the remarketing function "Custom Audiences" in your Ad Settings here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
You must first be logged in to Facebook. If you don't have a Facebook account, you can deactivate user-based Facebook advertising on the European Interactive Digital Advertising Alliance website:
Click here to revoke permission: Opt-out
This website uses LinkedIn’s analysis and conversion tracking technology. LinkedIn Inc. 2029 Stierlin Ct. Mountain View, CA 94043, USA. The above-mentioned technology from LinkedIn is used to show you relevant, interest-based advertising.
Furthermore, we receive aggregate and anonymous reports on advertising activities and how you interact with our website. However, LinkedIn is able to link your visit to our website to your LinkedIn account.
We have no control over the information that LinkedIn collects or the extent to which the company collects it. We also have no knowledge of the content of the data sent to LinkedIn. More information about data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig
You can opt-out of LinkedIn’s analysis of your usage behaviour and the display of interest-based recommendations by clicking on the field "Opt Out on LinkedIn" (for LinkedIn members) or "Opt Out" (for other users) here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Links to other providers
Our website contains links to Internet sites of other companies, and these links are clearly recognisable as such. We do not have any influence on the content of these sites and cannot, therefore, be held responsible for them. The respective provider or operator is always responsible for the content on the page.
The linked pages were tested for possible legal violations and recognisable infringements at the time at which they were added. No illegal content was detected at the time of creating the links. However, we cannot be expected to continuously check the content of the external websites without specific knowledge of illegal content. Should we be informed of any illegal content on the external sites, we will promptly remove the links.
Use of online services by children
Individuals under the age of 16 may not submit personal information or a declaration of consent to us without the consent of their legal guardian. We ask parents and legal guardians to actively participate in the online activities and interests of their children.