Data Privacy
With this data protection notice we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). Responsible for data processing is Arndt Benedikt GmbH (hereinafter referred to as “we” or “us”).
I. General data
1. Contact
If you have any questions or suggestions about this information, or if you would like to contact us about asserting your rights, please send your request to:
Arndt Benedikt GmbH
Hamburger Allee 45
60486 Frankfurt am Main
Germany
E-Mail: info@arndt-benedikt.de
2. Legal basis
The term “personal data” under data protection law refers to all information relating to an identified
or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) TMG or Art. 6 (1) a DSGVO), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal obligation (Art. 6 (1) (c) DSGVO) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override (Art. 6 (1) (f) DSGVO).
If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding whether to establish an employment relationship (Section 26 (1) sentence 1 BDSG ).
3. Duration of storage
Unless otherwise stated in the following notes, we store the data only for as long as is necessary to
achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and ontracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of recipients of the data
We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, accounting and billing, and marketing activities. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors and the tax authorities. Further recipients may result from the following information.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards exist pursuant to Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://legal.linkedin.com/pages-joint-controller-addendum.
If we consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 (1) a DSGVO.
6. Processing in the exercise of your rights
If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO. These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and § 34 para. 2 BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 DSGVO and § 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
- You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
- You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21 (1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) DSGVO on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Article 21 (2) and (3) of the GDPR.
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Server log files processing
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical administration and security of the website. The stored data will be deleted after six weeks unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.
2. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases. Further information on this is available from the German Federal Office for Information Security.
The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content and for analysis and marketing purposes. These may also include cookies from thirdparty providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO. Information on the purposes, providers, technologies used and stored data can be found in the following notes.
3. Consent-Management-Tool
In order for you to be able to declare and manage your consent to the use of cookies on our website, we use a so-called Consent Management Tool. The Consent Management Tool enables users of our website to give consent to certain data processing procedures or to revoke consent they have given.
When you call up our website, you will be shown a so-called consent banner for the cookie settings. You can select here for which of the named categories you want to allow the use of cookies. The category “Essential Cookies” cannot be deselected. The cookies grouped under this category are insofar technically necessary for the operation of our website.
Here you can change the settings and revoke your consent for cookies: Access Consent Management Tool.
4. Google Analytics
We use the Google Analytics service of Google Ireland Limited (Ireland/EU) for the needs-based design and ongoing optimization of our website. The service uses cookies that enable an analysis of your use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website are processed in the process. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data from Google.
We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships.
Further information on this processing activity, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Google Marketing Services is only used with your consent in accordance with Section 15 (3) TMG or Art. 6 (1) a DSGVO.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy: www.google.com/policies/privacy
5. Vimeo
On our website, we use the Vimeo service of Vimeo, Inc. (USA) for the integration of videos. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Vimeo and Vimeo may set its own cookies. Further information on this processing activity and the storage period can be found in the settings of our Consent Management Tool. Vimeo is only used with your consent pursuant to Section 15 (3) TMG or Art. 6 (1) a DSGVO.
When using Vimeo, a transmission of the processed data to the USA cannot be excluded. The transfer takes place only with your consent pursuant to Art. 49 (1) a DSGVO . For more information on data protection at Vimeo, please see Vimeo’s privacy policy: www.vimeo.com/privacy
III. Data processing on our social media pages
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.
1. Visit social media sites
a. Facebook and Instagram
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed.
The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU). For more information about the processing of personal data by Facebook, please visit of appropriate guarantees in accordance with Article 46 of the GDPR. Facebook offers the option to object to certain data processing; information and opt-out options in this regard can be found at www.facebook.com/privacy/explanation.
Please note that according to the Facebook Privacy Policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate guarantees in accordance with Article 46 of the GDPR. Facebook offers the option to object to certain data processing; information and opt-out options in this regard can be found at www.facebook.com/settings?tab=ads.
Page Insights Processing
Facebook provides us with anonymized statistics and insights for our Facebook and Instagram pages that help us gain insights about the types of actions people take on our page (called “Page Insights”). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. The legal basis for this processing is Art. 6 (1) (f) DSGVO. We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page.
We have entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement concluded between us and Facebook, please visit www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to this data processing, you also have the option of asserting your data subject rights (see “Your rights”) against Facebook. Further information on this can be found in Facebook’s privacy policy at www.facebook.com/privacy/explanation.
Processing of data that you communicate to us
We also process information that you have provided to us via our Facebook or Instagram page. Such information may be the Facebook/Instagram name, contact details or a message to us. We only process this personal data if we have previously expressly requested you to provide us with this data. This processing by us takes place as the sole responsible party.
If your request is directed towards the conclusion or performance of a contract with us, Art. 6 (1) b) DSGVO is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 lit. f) DSGVO.
b. LinkedIn
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole responsible party for the processing of personal data when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Accordingly, the following applies:
LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of the Page Insigts. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission according to Art. 45 DSGVO or on the basis of appropriate guarantees according to Art. 46 DSGVO.
c. Xing
New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when visiting our Xing profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).
IV. Other data processing
1. Contact us by e-mail
If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest to get in touch with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO.
2. Customer and prospect data
If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master, contract and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 para. 1 lit. f DSGVO. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) f DSGVO and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).
3. Applications
If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. The legal basis for data processing is Section 26 (1) sentence 1 BDSG. If we store your applicant data beyond a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) DSGVO. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
Status: 19.11.2020