Privacy policy - General part
Name and contact details of the body responsible, data protection officer
This data protection policy applies to ARBURG GmbH + Co KG and its affiliated companies (hereinafter referred to as "we"). A list of all affiliated companies can be found in Appendix 1_ARBURG companies.
In the following, we explain how we collect your personal data, what we do with it, for what purpose and on what legal basis your data is processed, as well as the resulting rights and entitlements for you. For this purpose, the data protection policy is divided into two parts - the general part and the specific part. The general part contains general regulations on data protection and applies to each specific part. The specific part contains the regulations relating specifically to your case of application. Simply click on the case of application that concerns you.
The body responsible pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is ARBURG GmbH + Co KG, Arthur-Hehl-Strasse, 72290 Lossburg, Germany, e-mail: contact@arburg.com, phone: +49 7446 33-0, (see also our legal notice) as well as the respective local affiliated company, to the extent that your personal data is processed by the latter.
You can contact our data protection officer at the e-mail address datenschutzbeauftragter@arburg.com or using our above-mentioned postal address, adding "For the attention of the data protection officer".
Personal data
"Personal data" includes all information relating to an identified or identifiable natural person, such as their name, address, e-mail address and user behaviour.
General note on the obligation to provide data
You are under no legal or contractual obligation to provide us with your personal data. However, the use of our services may not be possible to some extent without the provision of personal data.
Your rights
You are entitled:
- Pursuant to Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing and objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
- Pursuant to Article 16 GDPR, to request the rectification of inaccurate or incomplete personal data stored by us without delay.
- Pursuant to Article 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
- Pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful and you oppose its erasure, we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Article 21 GDPR.
- Pursuant to Article 20 GDPR, to receive the personal data belonging to you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another data controller.
- Pursuant to Article 7 (3) GDPR, to withdraw your consent at any time. As a consequence, we will no longer be permitted to continue processing data based on this consent.
If you wish to exercise the above-mentioned rights, please send an e-mail to datenschutzbeauftragter@arburg.com or send us a message using the contact details specified above and in the legal notice ("For the attention of the data protection officer").
Right to object
If we use your personal data to protect legitimate interests within the meaning of Article 6 (1) (1) f) GDPR, you have the right to object to this processing for reasons that arise from your particular situation in accordance with Article 21 (1) GDPR. You may object to the processing of your data for direct marketing purposes at any time without stating a reason pursuant to Article 21 (2) GDPR. To exercise your right of objection, it is sufficient to send us an informal message, for example by e-mail to contact@arburg.com.
Right to lodge a complaint
If you believe that the processing of personal data relating to you violates the General Data Protection Regulation, you have the right, pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority responsible for data protection.
Data security
We use state-of-the-art encryption methods to protect the security of your data during transmission. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional tampering, partial or total loss or destruction, and against unauthorised access by third parties. Our security measures are continuously being improved in line with technological developments. Subject to any disclosure in accordance with the conditions specified below and unless otherwise stated in this data protection policy, we generally store your data on servers in Germany or elsewhere within the EU. However, we cannot guarantee the security of the data transmitted by you as a user. Any data transmission originating from the user is therefore at the user's own risk.
Disclosure of data
(a) Internal
Your data will be treated as strictly confidential in accordance with the relevant legal provisions. Only those departments that need your data to fulfil our contractual and legal obligations and to carry out our internal processes will have access to it.
(b) Affiliated companies
If personal data is collected by an affiliated company, it is forwarded to ARBURG GmbH + Co KG in Lossburg. The data is transmitted to the server in Lossburg. In addition to the local affiliated company, ARBURG GmbH + Co KG is always also the data controller. Some of the companies affiliated with ARBURG are based in countries outside the EU or the EEA, which may not provide protection of personal data comparable to Germany. The companies affiliated with ARBURG observe the high level of data protection of the GDPR.
(c) Third parties
As part of the processing of personal data for the purposes mentioned in the specific section, selected external service providers may also be used in some cases. These service providers may occasionally have access to your personal data. The service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
Your personal data is only disclosed to other third parties to the extent expressly mentioned in this data protection policy or for one of the following purposes:
- You have granted your explicit consent in accordance with Article 6 (1) (1) a) GDPR.
- Disclosure is necessary to assert, exercise or defend legal rights and there is no reason to assume that you may have an overriding interest in not disclosing your information. The legal basis for data processing in these cases is Article 6 (1) f) GDPR.
- In the event that disclosure pursuant to Article 6 (1) (1) c) GDPR is a legal obligation.
- Disclosure is permitted by law and, pursuant to Article 6(1) (1) b) GDPR, is required for the settlement of contractual relationships with you.
We may forward personal data to service providers in countries outside the EU / EEA as follows: USA. The level of data protection in the USA is not comparable with that of the European Union (EU). We are committed to a high level of data protection within our corporate group. We will also only forward data to external service providers if it is sufficiently ensured that the data recipient complies with the high level of data protection of the GDPR. This is achieved in particular by concluding standard contractual clauses issued by the European Commission in accordance with Article 46 (2) c) GDPR (available at "https://eur-lex.europa.eu").
Duration of storage
We will only store your data for as long as it is required for the specific purposes. Accordingly, we will erase your data as soon as:
- The relevant legal basis for processing your data no longer exists.
- The purpose of processing your data no longer exists.
- You withdraw your consent to the processing of your data.
- A legal obligation makes the erasure of the data necessary.
- You object to the processing of your personal data.
Your personal data will not be erased immediately despite the occurrence of the above-mentioned circumstances if there are statutory retention periods or to preserve evidence within the statutory periods of limitation. For example, the German Fiscal Code (AO) or the German Commercial Code (HGB) stipulate certain retention periods. Personal data that would require a disproportionate effort to erase is exempt from erasure. In such a case, we have a legitimate interest in the storage of your data in accordance with Article 6 (1) f) GDPR.
Updating and changing the data protection policy
This data protection policy is currently valid and is dated July 2024. Due to the further development of our offers or as a result of changes in legal or regulatory requirements, it may be necessary to modify this data protection policy. You can view the latest iteration of the data protection policy at any time at www.arburg.com/en/data-protection/.
Privacy policy - Special part
- Please choose
- ARBURG Website
- Customer portal arburgXworld
- ARBURG trainee website
- ARBURG employees
- Business partner
- ARBURG guest WLAN
- ARBURG employee WLAN
- Trade fairs and other events
- Application - external
- Application - Training / study / internship
- Application - internal
ARBURG Website
This section of the data protection policy covers your use of our website. In the following, we explain how we collect your personal data when you call up the website, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Log data recorded when visiting our website
When you call up our website, the browser used on your device automatically sends information to us. Whenever you visit our website, the following data is collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status/HTTP status code
- the amount of data transferred
- the website where the request originates
- the browser used
- the language and version of the browser software
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth website connection
- to ensure the comfortable use of our website
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interest derives from the above-mentioned purposes for data collection. Under no circumstances will we use the aforementioned data to produce a profile of you.
(b) When using our contact form
When you contact us using a contact form, a chat function or by e-mail, the information you share with us (e.g. your e-mail address, name, telephone number, address and any other information you provide) is stored by us to help us answer your questions or process your inquiry.
The processing of data for contact purposes takes place in accordance with Article 6 (1) (1) a) GDPR on the basis of your voluntarily granted consent.
We delete the data produced in this context once storage is no longer necessary, or limit their processing where statutory retention requirements apply.
(c) When registering for our newsletter
If you give consent, you can subscribe to our newsletter(s), which will provide you with the latest information from the field of plastic injection moulding, additive manufacturing as well as new service developments and interesting offers from ARBURG GmbH + Co. KG.
Your e-mail address is the only mandatory data we require to send you the newsletter. Additional information is voluntary and will be used to help address you personally.
We use the so-called double opt-in procedure for subscriptions to our newsletter(s). This means that after you have registered, we will send an e-mail to the e-mail address you specified, asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 7 days, your information is automatically deleted. In addition, we also store your IP addresses and the logon and confirmation times. The purpose of the procedure is to verify your registration and, if necessary, to inform you about possible misuse of your personal data. After we receive your confirmation, we save your e-mail address as well as other information that you provide during the newsletter subscription, for the purpose of sending you the newsletter.
The legal basis for the above-mentioned data processing is Article 6 (1) (1) a) GDPR (voluntary consent).
You can withdraw your consent to receive the newsletter(s) and unsubscribe from the newsletter(s) at any time. You can withdraw your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to contact@arburg.com or by sending a message to the contact details given in the legal notice.
General note on the obligation to provide data
You are under no legal or contractual obligation to provide us with your personal data.
Use of service providers
To provide support and for administrative tasks in connection with our website, we use selected external service providers. These service providers may occasionally have access to your personal data. The service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
Cookies
We use cookies on our website. Cookies are small text files stored on your device that are associated with the browser you use and that provide us with certain information. However, this does not mean that we immediately gain knowledge of your identity.
On the one hand, the use of cookies helps us to make it more convenient for you to use our offering. For example, we use so-called session cookies to detect that you have already visited individual pages on our website. These are automatically deleted when you close your browser. Moreover, we also use temporary cookies to enhance user friendliness that are stored on your terminal device for a specified period. When visiting our website again to use our services, it will automatically recognise that you have visited us before and retrieve the inputs and settings you have made earlier on (e.g. selected language) so that you do not have to re-enter them.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests pursuant to Article 6 (1) (1) f) GDPR.
For another thing, with your consent, we use cookies to record the use of our website statistically and to evaluate it for the purpose of optimising our offering (see "Web analysis"). Your consent data (consent yes/no, time stamp, data volume, data attributes, controller ID, processor ID, consent ID) is stored for documentation purposes.
You can configure your browser settings as desired and, for instance, refuse to accept any third-party cookies or any cookies at all. Please note that you may not be able to use all features of our website and/or that the user experience may be considerably limited if you reject cookies.
The legal basis for the use of cookies is Article 6 (1) (1) a) GDPR (voluntary consent), provided that you have consented to this use, Article 6 (1) (1) c) GDPR (fulfilment of a legal obligation), if we are legally obliged to prove consent (Article 7 (1) GDPR) and Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Web analysis
We use the "Matomo" web analysis software from InnoCraft Ltd. which statistically evaluates data to analyse user behaviour patterns. By using this web analysis service, we want to ensure that our website is designed and optimised on an ongoing basis and to statistically track the use of our website in order to optimise our offering.
The "Matomo" web analysis service uses so-called "cookies", text files that are stored on your computer and that allow us to analyse your use of the website. On this website, we only use session cookies that will be deleted automatically when you close your browser. Pseudonymised usage profiles can be created from the collected data and evaluated for the above-mentioned purposes. The information on your use of this website generated by a cookie is forwarded to the provider, InnoCraft Ltd., for the purpose of storing it in the cloud.
"Matomo" cookies are only set with your expressly given consent. Once you have given your consent, you can revoke it free of charge at any time with effect for the future by clicking here.
The legal basis for the use of "Matomo" cookies and the data processing based on them is Article 6 (1) (1) a) GDPR.
This website uses Matomo with the "AnonymizeIP" extension. This means that IP addresses are processed in truncated form to exclude any direct personal reference. The IP address transmitted by Matomo from your browser will not be associated with other data collected by us.
Details of the third-party provider and privacy policy: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand; https://matomo.org/privacy-policy/.
Social media
On our website, we use links to the Facebook and LinkedIn social networks as well as to the YouTube video portal.
The social networks are included on our website simply as links to the corresponding services. No data is transmitted to the services unless you click on the relevant images. Once you click on the integrated images, you are redirected to the website of the respective provider. Only then is user information transmitted to the relevant provider.
Addresses of the respective providers and URL with their privacy policies:
(a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information relating to the gathering of data: https://www.facebook.com/help/186325668085084. Facebook invokes the EU standard contractual clause; https://www.facebook.com/about/privacy/legal_bases; https://www.facebook.com/policy.php.
(b) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://de.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com LinkedIn relies on standard contractual clauses approved by the European Commission as a legal instrument for data transfers from the European Union https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; https://www.google.de/intl/de/policies/privacy. Google, parent company of YouTube, LLC, also processes your personal data in the USA and invokes the EU standard contractual clauses, https://policies.google.com/privacy/frameworks?hl=de&gl=de; https://privacy.google.com/businesses/controllerterms/mccs/.
Customer portal arburgXworld
This section of the data protection policy covers your use of our online customer portal irrespective of the selected access method (web browser or ARBURG customer portal app, hereinafter referred to as "app"). In the following, we explain how we collect your personal data when you use arburgXworld, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Log data recorded when visiting the customer portal via our website
When you call up our website, the browser used on your device automatically sends information to us. Whenever you visit our website, the following data is collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status / HTTP status code
- the amount of data transferred
- the website where the request originates
- the browser used
- the language and version of the browser software
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth website connection
- to ensure the comfortable use of our website
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interest derives from the above-mentioned purposes for data collection. Under no circumstances will we use the aforementioned data to produce a profile of you.
(b) Log data recorded when using the app
When you use the app, information is automatically transferred to us. Whenever you use our app, the following data will be collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status / HTTP status code
- the amount of data transferred
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth app connection
- to ensure the comfortable use of our app
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR. Our legitimate interest derives from the above-mentioned purposes for data collection. Under no circumstances will we use the aforementioned data to produce a profile of you.
(c) When using the customer portal
When you want to use our customer portal, you have to create a free user account first. This requires you to provide your name, your e-mail address, your telephone number, your company and your company address. This data will be stored until you delete your user account. We use the provided data for the administration of customer data and, in the case of using chargeable services or ordering spare parts, also for contractual purposes.
The legal basis for data processing is Article 6 (1) (1) a) (voluntary consent) and/or b) GDPR (fulfilment of contractual obligations).
You can use DocuSign to sign the registration form. This service is provided by DocuSign International (EMEA) Limited, 5 Hanover Quay, Grand Canal Dock, Dublin D02 VX79 (Ireland). If you sign the registration form using DocuSign, you consent to the data being forwarded to DocuSign. Even if the data is only processed by DocuSign within the EEA, it cannot be ruled out that DocuSign, Inc., 221 Main Street, Suite 1550, San Francisco, CA 94105, USA, may have access to your personal data within the Group. The level of data protection in the USA is not comparable with that of the European Union (EU). However, DocuSign assures that it complies with the high level of data protection stipulated by the GDPR (https://www.docusign.de/de-de/datenschutzerklaerung/datenschutz/, https://www.docusign.com/trust/privacy/bcrp-privacy-code, https://www.docusign.com/trust/privacy/gdpr).
The legal basis for data processing is Article 6 (1) (1) a) (voluntary consent) and/or b) GDPR (fulfilment of contractual obligations).
In case of contract conclusions, spare parts orders or when using chargeable services, you may have to provide further information that is required to process your order or to provide the service. To process your order or to provide the service, we process the submitted data only to the extent necessary in each specific case. To process the payment, we may need to transmit your details to the payment service provider you have selected. For the shipment of the goods you ordered, it is necessary for us to send your name and address to a transport service provider.
The legal basis for data processing is Article 6 (1) (1) b) GDPR (fulfilment of contractual obligations).
For the proper provision of the content of our website, we use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany. A CDN is used to make the content of our online offering, in particular files such as graphical elements or scripts, available more quickly with the aid of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Cloudflare, transmitting your IP address and possibly browser data such as your user agent. This data is processed exclusively for the above-mentioned purposes and to ensure security and functionality. Even if the data is only processed by Cloudflare within the EEA, it cannot be ruled out that Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA, may have access to your personal data within the Group. The level of data protection in the USA is not comparable with that of the European Union (EU). However, Cloudflare assures that it complies with the high level of data protection stipulated by the GDPR (https://www.cloudflare.com/privacypolicy/).
The legal basis for data processing is Article 6 (1) f) GDPR (protection of the legitimate interests of the data controller).
We generally delete all personal data as soon as further processing for the purpose of contract performance is no longer necessary. However, we point out that we are obliged under commercial and tax regulations to store your address, payment and order data for a period of ten years. After expiration of the retention period, your data will be deleted, provided that continued storage is not necessary for the purpose of providing evidence or if you have expressly consented to a longer storage period.
When using the services in the customer portal, we may also store various data, especially machine data, which, in combination with other data, may allow conclusions to be drawn to individual employees. We store this data as long as the purpose of the respective service requires it. Afterwards, we delete or anonymise the data.
The legal basis for data processing is Article 6 (1) (1) a) (voluntary consent) and/or b) GDPR (fulfilment of contractual obligations).
We are entitled at any time to store, process, utilise and publish data, in particular machine data, resulting from your use of the customer portal anonymously and for internal purposes, in particular statistical and analytical purposes, to improve our products and services for an unlimited period of time.
(d) When using our contact form
When you contact us using a contact form, a chat function or by e-mail, the information you share with us (e.g. your e-mail address, name, telephone number, address and any other information you provide) is stored by us to help us answer your questions or process your inquiry.
The processing of data for contact purposes takes place in accordance with Article 6 (1) (1) a) GDPR on the basis of your voluntarily granted consent.
We store the data produced in this context until revoked, when the request can be assigned to a machine, especially in the event of technical issues. We delete or anonymise the data once storage is no longer necessary, or limit processing where statutory retention requirements apply.
(e) When registering for our newsletter
If you give consent, you can subscribe to our newsletter, which will provide you with the latest information from the field of plastic injection moulding, as well as new service developments and interesting offers from ARBURG GmbH + Co. KG.
We use the so-called double opt-in procedure for subscriptions to our newsletter. This means that after you have registered, we will send an e-mail to the e-mail address you specified, asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 7 days, your information is automatically deleted. In addition, we also store your IP addresses and the login and confirmation times. The purpose of the procedure is to verify your registration and, if necessary, to inform you about possible misuse of your personal data. After we receive your confirmation, we save your e-mail address as well as other information that you provide during the newsletter subscription, for the purpose of sending you the newsletter.
The legal basis for the above-mentioned data processing is Article 6 (1) (1) a) GDPR (voluntary consent).
You can withdraw your consent to receive the newsletter and unsubscribe from the newsletter at any time. You can withdraw your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to contact@arburg.com or by sending a message to the contact details given in the legal notice.
General note on the obligation to provide data
You are under no legal or contractual obligation to provide us with your personal data. However, the use of our customer portal may not be possible to some extent without the provision of personal data.
Use of service providers
We use selected external service providers to provide support and administration tasks for our website and our app. These service providers may occasionally have access to your personal data. The service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
Cookies
We use cookies on our website and in our app. Cookies are small text files stored on your device that are associated with the browser or the app you use and that provide us with certain information. However, this does not mean that we immediately gain knowledge of your identity.
(a) When using our customer portal via a web browser
On the one hand, the use of cookies helps us to make it more convenient for you to use our offering. For example, we use so-called session cookies to detect that you have already visited individual pages on our website. These are automatically deleted after you leave our website.
Moreover, we also use temporary cookies to enhance user friendliness that are stored on your terminal device for a specified period. If you visit our website again to use our services, it will automatically recognise that you have visited us before and retrieves the inputs and settings you have made earlier on so that you do not have to re-enter them.
Moreover, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offering to you. These cookies enable us to automatically recognise that you have already visited us previously when you re-visit our site. These cookies are automatically deleted after a defined period.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests as well as those of third parties pursuant to Article 6 (1) (1) f) GDPR. You can configure your browser settings as desired and, for instance, refuse to accept any third-party cookies or any cookies at all. Please note that you may not be able to use all features of our customer portal and/or that the usability may be significantly limited if you reject cookies.
The legal basis for the use of cookies is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
(b) When using our customer portal via the app
We use various cookies in order to be able to optimally design the app. This enables secure access, easier navigation and a high degree of usability of the app. Cookies are required in particular to enable authentication of the app and a protected logon as well as to distribute and forward incoming requests
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests as well as those of third parties pursuant to Article 6 (1) (1) f) GDPR. You can delete the cookies at any time by uninstalling the app. However, it is not possible to use the app without cookies.
The legal basis for the use of cookies is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
ARBURG trainee website
This section of the data protection policy covers your use of our "Trainee website" (hereinafter referred to as "website"). In the following, we explain how we collect your personal data when you call up the website, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Log data recorded when visiting our website
When you call up our website, the browser used on your device automatically sends information to us. Whenever you visit our website, the following data is collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status/HTTP status code
- the amount of data transferred
- the website where the request originates
- the browser used
- the language and version of the browser software
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth website connection
- to ensure the comfortable use of our website
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interest derives from the above-mentioned purposes for data collection. Under no circumstances will we use the aforementioned data to produce a profile of you.
(b) When using our contact form
When you contact us using a contact form, a chat function or by e-mail, the information you share with us (e.g. your e-mail address, name, telephone number, address and any other information you provide) is stored by us to help us answer your questions or process your inquiry.
The processing of data for contact purposes takes place in accordance with Article 6 (1) (1) a) GDPR on the basis of your voluntarily granted consent.
We delete the data produced in this context once storage is no longer necessary, or limit their processing where statutory retention requirements apply.
(c) Use of service providers
To provide support and for administrative tasks in connection with our website, we use selected external service providers. These service providers may occasionally have access to your personal data. The service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
Cookies
We use cookies on our website. Cookies are small text files stored on your device that are associated with the browser you use and that provide us with certain information. However, this does not mean that we immediately gain knowledge of your identity.
On the one hand, the use of cookies helps us to make it more convenient for you to use our offering. For example, we use so-called session cookies to detect that you have already visited individual pages on our website. These will be deleted automatically when you close your browser. Moreover, we also use temporary cookies to enhance user friendliness that are stored on your terminal device for a specified period. When visiting our website again to use our services, it will automatically recognise that you have visited us before and retrieve the inputs and settings you have made earlier on (e.g. selected language) so that you do not have to re-enter them.
The data processed by cookies is required for the purposes mentioned to protect our legitimate interests pursuant to Article 6 (1) (1) f) GDPR.
You can configure your browser settings as desired and, for instance, refuse to accept any third-party cookies or any cookies at all. Please note that you may not be able to use all features of our website and/or that the user experience may be considerably limited if you reject cookies.
The legal basis for the use of cookies is Article 6 (1) (1) a) GDPR (voluntary consent), provided that you have consented to this use and Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Web analysis
We use the "Matomo" web analysis software from InnoCraft Ltd. which statistically evaluates data to analyse user behaviour patterns. By using this web analysis service, we want to ensure that our website is designed and optimised on an ongoing basis and to statistically track the use of our website in order to optimise our offering.
The "Matomo" web analysis service uses so-called "cookies", text files that are stored on your computer and that allow us to analyse your use of the website. On this website, we only use session cookies that will be deleted automatically when you close your browser. Pseudonymised usage profiles can be created from the collected data and evaluated for the above-mentioned purposes. The information on your use of this website generated by a cookie is forwarded to the provider, InnoCraft Ltd., for the purpose of storing it in the cloud.
"Matomo" cookies are only set with your expressly given consent. Once you have given your consent, you can revoke it free of charge at any time with effect for the future by clicking here.
The legal basis for the use of "Matomo" cookies and the data processing based on them is Article 6 (1) (1) a) GDPR.
This website uses Matomo with the "AnonymizeIP" extension. This means that IP addresses are processed in truncated form to exclude any direct personal reference. The IP address transmitted by Matomo from your browser will not be associated with other data collected by us.
Details of the third-party provider and privacy policy: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand; https://matomo.org/privacy-policy/.
Social media
On our website, we use links to the Facebook and LinkedIn social networks as well as to the YouTube video portal.
The social networks are included on our website simply as links to the corresponding services. No data is transmitted to the services unless you click on the relevant images. Once you click on the integrated images, you are redirected to the website of the respective provider. Only then is user information transmitted to the relevant provider.
Addresses of the respective providers and URL with their privacy policies:
(a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information relating to the gathering of data: http://www.facebook.com/help/186325668085084. Facebook invokes the EU standard contractual clause. https://www.facebook.com/policy.php.
(b) YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; www.google.de/intl/de/policies/privacy. Google, parent company of YouTube, LLC, also processes your personal data in the USA and invokes the EU standard contractual clause. https://policies.google.com/privacy/frameworks?hl=de&gl=de; https://privacy.google.com/businesses/controllerterms/mccs/.
(c) Instagram: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://help.instagram.com/519522125107875. Under "V. What is our legal basis for processing your information?" Instagram refers to the GDPR and the legal basis at www.facebook.com/about/privacy/legal_bases.
ARBURG employees
This section of the data protection policy covers the processing of personal data from our employees. In the following, we explain how we collect your personal data, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Data in the employment context (establishment, implementation and termination of the employment relationship)
Your personal data is processed in particular in the context of establishing, implementing and terminating the employment relationship. Relevant personal data includes master data, contact details, bank details, social security and pension insurance number, tax identification number and data in connection with time tracking, leave periods, periods of incapacity for work, personal qualifications and work activities.
The legal basis for the processing of your personal data in the employment context is Article 6 (1) b) GDPR, Article 88 GDPR in conjunction with § 26 (1) BDSG (German Federal Data Protection Act) (fulfilment of contractual obligations) as well as Article 6 (1) c) GDPR (fulfilment of a legal obligation).
(b) Health data
In the context of the employment relationship, special categories of personal data pursuant to Article 9 (1) GDPR (in particular health data) may also be processed where necessary. This serves to exercise rights or fulfil legal obligations under labour law, social security law and social protection law. Examples of this include providing health data to the health insurance company, recording of severe disability with regard to additional leave in accordance with § 208 SGB IX (German Social Security Code) and determining the compensation for severely disabled employees in accordance with § 160 SGB IX (German Social Security Code). In addition, special categories of personal data may be processed for purposes such as preventive healthcare, occupational medicine and the assessment of an employee's ability to work.
The legal basis for the processing of special categories of personal data is Article 9 (2) b), Paragraph 4 GDPR in conjunction with § 26 (3) BDSG and Article 9 (2) h), Paragraph 4 GDPR in conjunction with § 22 (1) (1) b) BDSG (German Federal Data Protection Act).
In addition, special categories of personal data may be processed as part of occupational health management.
The legal basis for this data processing is Article 9 (2) a), Paragraph 4 GDPR in conjunction with § 26 (2) BDSG (German Federal Data Protection Act) and is subject to your personal consent.
(c) Occupational health and safety
We process special categories of your personal data for the documentation of accidents at work, for entries in the (digital) first-aid log book and for notifications to the responsible insurance company. This serves to ensure the statutory obligations and verification in connection with labour law and occupational health and safety as well as to assert claims against insurance companies or third parties. For this purpose, the software of Quentic GmbH of the software manufacturer AMCS HoldCo Limited is used.
For the documentation of accidents at work or entries in the (digital) first-aid log book, we may process the following special categories of personal data, among others:
- Surname and first name of the injured person
- E-mail address of the injured person
- Date and time of the accident
- Place (part of the company) where the accident occurred
- Details of how the accident occurred
- Type and extent of the injury or illness
- (Expected) days of incapacity for work
- Type and manner of first aid measures
- Name and contact details of first aiders, company paramedics and/or witnesses.
In order to report an incident / accident at work to the responsible insurance company, we process the following special categories of personal data:
- Surname, first name, date of birth, address and nationality of the injured person
- Date and time of the accident
- Details of how the accident occurred
- Place (part of the company) where the accident occurred
- Type and extent of the injury or illness
- Information on the specific employment of the injured person
- Name and contact details of first aiders, company paramedics and/or witnesses.
The legal basis for the processing of your data is Article 9 (2) (1) b) GDPR (fulfilment of obligations under labour law) and/or Article 9 (2) (1) a) GDPR (voluntary consent).
(d) Use of employee data in (internal) communication media
Your personal data (e.g. name, job data and professional contact data in the context of the employment relationship) will be used in relevant internal company software such as the ERP system or the Intranet and in internal communication media such as company magazines or other internal publications.
The legal basis for the internal processing of your personal data for these purposes is Article 6 (1) (1) a) GDPR (voluntary consent) and/or Article 6 (1) (1) b) GDPR, Article 88 GDPR in conjunction with § 26 BDSG (German Federal Data Protection Act) (fulfilment of a contractual obligation) as well as Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
(e) Publication of photos and video sequences in print media, on the website or other online formats
As part of our public relations work, photos or video sequences of employees may be published in company brochures, magazines or other print media as well as on our websites or other online formats.
The legal basis for data processing is Article 6 (1) a), Paragraph 4, Article 7 GDPR in conjunction with § 26 (2) BDSG (German Federal Data Protection Act) and is subject to your personal consent. If the legitimate interest of the employer in the processing of this personal data pursuant to Article 6 (1) f) GDPR prevails, such consent may be waived in exceptional cases (e.g. if the persons in the photo appear only in the background and are not clearly identifiable).
(f) Use of the "Learning module from SAP SuccessFactors"
We use the SAP SuccessFactors Learning module for the provision, administration and documentation of training courses and advanced training. This tool allows our employees to take part in advanced training that is flexible in terms of time and location.
As part of the registration and use of the learning platform, we store and process information. This includes in particular the master data provided by you during registration (name, e-mail address, etc.) as well as training data (courses attended, learning progress, results, evaluations, etc.). SAP SuccessFactors Learning allows us to create analyses and reports on training activities. We process this data for employment purposes and to continually improve our training offers and content.
The legal basis for the processing of your data is Article 6 (1) b) and/or Article 6 (1) (1) a), Paragraph 4 GDPR in conjunction with § 26 BDSG (German Federal Data Protection Act) (voluntary consent), insofar as the data processing is carried out for the purposes of the employment relationship, and/or Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller), insofar as the data processing serves to improve our training offers and content.
(g) Use of (online) conferencing tools (especially Zoom and Microsoft Teams) and Internet telephony or Teams telephony (Microsoft Teams)
Your personal data is processed as part of the use of (online) conferencing tools (e.g. Zoom and Microsoft Teams) or Internet telephony (Microsoft Teams).
Relevant personal data includes in particular:
- Contact and communication data (e.g. surname, first name, e-mail address, telephone number)
- Profile image (optional)
- Log files and log data
- Meta data (e.g. IP address, time of access)
- Profile data (e.g. user name).
The online conferencing tools are used to hold online meetings, video conferences and/or webinars.
Teams telephony allows calls to be made directly from the desktop or iOS client via the Internet.
Online meetings, video conferences, webinars and/or Internet telephone calls are usually not recorded.
If a recording is made in exceptional cases, the participants will be asked for their consent in advance.
The legal basis for the processing of the above-mentioned personal data is Article 6 (1) (1) b) GDPR in conjunction with § 26 BDSG (German Federal Data Protection Act) (fulfilment of contractual obligations). In cases where the processing of personal data is not required for the fulfilment of contractual obligations, the legal basis for data processing is Article (6) (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
The legal basis for recordings made with your consent is Article 6 (1) (1) a) GDPR (voluntary consent).
(h) Use of tools for communication and collaboration
Your personal data is processed when you use tools for communication and collaboration (e.g. non-anonymous surveys, appointment bookings). The data is processed for the planning, realisation and, if necessary, follow-up. This requires an assignment to your person and the establishment of contact (e.g. for queries, for sending confirmation messages, results, reminders or further information such as cancellation or postponement of appointments).
Relevant personal data includes, in particular, surname, first name, e-mail address, telephone number and personnel number. By submitting your data after accepting this data protection policy, you consent to the processing of your data.
The legal basis for the internal processing of your personal data for these purposes is Article 6 (1) (1) a) GDPR (voluntary consent).
(i) Use of the reporting system
ARBURG has set up a reporting system for reporting potential misconduct. Personal data is regularly processed when a report is made via the reporting system. A report generally contains details of the person reporting the misconduct and, if applicable, details of the accused and other persons concerned. Additional personal information may be contained in the description of the reported matter.
Relevant personal data includes in particular the surnames and first names of the persons involved as well as the telephone number and/or e-mail address of the reporting person.
The legal basis for the processing of the above-mentioned personal data is Article 6 (1) (1) c) GDPR in conjunction with § 10 HinSchG (German Whistleblower Protection Act) (fulfilment of a legal obligation).
Use of service providers
As part of the processing of personal data for the purposes specified under a) to i), selected external service providers may also be used in some cases. These service providers may occasionally have access to your personal data. The service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
(c) Occupational health and safety
As part of the processing of special categories of personal data, the data is stored on cloud servers of PlusServer GmbH, Welserstrasse 14, 51149 Cologne, in data centres in Germany. PlusServer GmbH acts as a processor for Quentic GmbH, Gürtelstrasse 30, 10247 Berlin, Germany.
(f) Use of the "Learning module from SAP SuccessFactors"
As part of the processing of personal data, the data is stored on cloud servers at SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany, specifically in the Sankt Leon-Rot data centre and in the Amsterdam mirror data centre. As a consequence, SAP SE and its subsidiary SuccessFactors, Inc., 1 Tower Place, Suite 1100, South San Francisco, CA 94080, USA, may have access to your personal data. The level of data protection in the USA is not comparable with that of the European Union (EU). However, SAP assures that it complies with the high level of data protection stipulated by the GDPR (https://www.sap.com/germany/about/legal/privacy.html#10). SAP SE and its subsidiaries will process your data exclusively on behalf of us and in accordance with our instructions.
(g) Use of (online) conferencing tools (especially Zoom and Microsoft Teams) and Internet telephony or Teams telephony (Microsoft Teams)
As part of the processing of personal data when using Zoom, Lionheart Squared Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin (Ireland) has access to your personal data. This may result in Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (USA) also having access to your personal data within the Group.
When you use Microsoft Teams, Microsoft Deutschland GmbH, Walter-Gropius-Strasse 5, 80807 Munich (Germany) has access to your personal data. Although Microsoft assures that the processing takes place in data centres in the EU, it cannot be ruled out that Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (USA) also has access to your personal data within the Group.
The level of data protection in the USA is not comparable with that of the European Union (EU). However, Zoom assures that data transfer is governed by the standard contractual clauses of the European Commission (https://explore.zoom.us/de/privacy/). Microsoft assures to comply with the applicable data protection requirements (https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/08/Microsoft-Statement_Datenschutzkonformitaet-von-Microsoft-365-und-Microsoft-Teams.pdf, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWRql1?culture=de-de&country=DE).
Duration of storage
Your personal data will be stored for at least the duration of your employment relationship.
Business partner
This section of the data protection policy covers the processing of personal data from our business partners. In the following, we explain how we collect your personal data, what we do with it, for what purpose and on what legal basis your data is processed.
Which specific data is processed and how it is used depends largely on the services provided and agreed.
Collection and storage of personal data as well as nature and purpose of its use
(a) In the context of the initial business contact or the ongoing business relationship
Your personal data is processed as part of the initial business contact or the ongoing business relationship. Where necessary, we also process personal data that we have received from third parties (e.g. credit agencies) or on the basis of your consent. Furthermore, personal data from publicly accessible sources (e.g. commercial register, media, press) is processed.
Relevant personal data includes, in particular, master data such as surname, first name, address and communication data (e.g. telephone number, mobile phone number, e-mail address). In addition, this may also include pre-contractual initiation data, contract and order data, delivery and supply data as well as credit history data.
Your personal data is processed in particular for the following purposes:
- Initiation and processing of orders
- Preparation of quotations
- Checking against sanction lists
- Other pre-contractual measures
- Contract execution
- Provision of services
- Invoicing
- Delivery of goods
- Communication
- Statistical purposes
- Ensuring IT security
- Provision of information on ARBURG products and services (advertising)
- Compliance with retention periods under commercial and tax law.
The legal basis for the processing of data for the above-mentioned purposes is Article 6 (1) (1) b) GDPR (fulfilment of contractual obligations); Article 6 (1) (1) c) GDPR (fulfilment of a legal obligation); Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
In addition to the purposes mentioned above, your personal data may be processed for other purposes if you have consented in accordance with Article 6 (1) (1) a) GDPR (e.g. receipt of a newsletter).
(b) Use of the ARBURG supplier portal
Your personal data is processed as part of the use of the supplier portal.
Relevant personal data includes, in particular, surname, first name and communication data (e.g. telephone number, mobile phone number, e-mail address).
Your personal data is processed in particular for the following purposes:
- Initiation and processing of orders and purchase orders
- Contact and communication.
The legal basis for the processing of data for the above-mentioned purposes is Article 6 (1) (1) a) GDPR (voluntary consent) and/or Article 6 (1) (1) b) GDPR (fulfilment of contractual obligations).
(c) Use of (online) conferencing tools (especially Zoom and Microsoft Teams) and Internet telephony or Teams telephony (Microsoft Teams)
Your personal data is processed as part of the use of (online) conferencing tools (e.g. Zoom and Microsoft Teams) or Internet telephony (Microsoft Teams).
Relevant personal data includes in particular:
- Contact and communication data (e.g. surname, first name, e-mail address, telephone number)
- Profile image (optional)
- Log files and log data
- Meta data (e.g. IP address, time of access)
- Profile data (e.g. user name).
The online conferencing tools are used to hold online meetings, video conferences and/or webinars.
Teams telephony allows calls to be made directly from the desktop or iOS client via the Internet.
Online meetings, video conferences, webinars and/or Internet telephone calls are usually not recorded.
If a recording is made in exceptional cases, the participants will be asked for their consent in advance.
The legal basis for the processing of the above-mentioned personal data is Article 6 (1) (1) b) GDPR (fulfilment of contractual obligations) and/or Article 6 (1) (1) a) GDPR (voluntary consent). In cases where the processing of personal data is not required for the fulfilment of contractual obligations, the legal basis for data processing is Article (6) (1) (1) f) GDPR (legitimate interest).
The legal basis for recordings made with your consent is Article 6 (1) (1) a) GDPR (voluntary consent).
(d) Use of DocuSign
For signing and administrative purposes, we use the DocuSign platform. This service is provided by DocuSign International (EMEA) Limited, 5 Hanover Quay, Grand Canal Dock, Dublin D02 VX79 (Ireland). If you sign using DocuSign, you consent to the data being forwarded to DocuSign. Even if the data is only processed within the EEA, it cannot be ruled out that DocuSign, Inc., 221 Main Street, Suite 1550, San Francisco, CA 94105, USA, may have access to your personal data within the Group. The level of data protection in the USA is not comparable with that of the European Union (EU). However, DocuSign assures that it complies with the high level of data protection stipulated by the GDPR (https://www.docusign.de/de-de/datenschutzerklaerung/datenschutz/, https://www.docusign.com/trust/privacy/bcrp-privacy-code, https://www.docusign.com/trust/privacy/gdpr).
The legal basis for data processing is Article 6 (1) (1) a) (voluntary consent) and/or b) GDPR (fulfilment of contractual obligations).
(e) Use of the reporting system
ARBURG has set up a reporting system for reporting potential misconduct. Personal data is regularly processed when a report is made via the reporting system. A report generally contains details of the person reporting the misconduct and, if applicable, details of the accused and other persons concerned. Additional personal information may be contained in the description of the reported matter.
Relevant personal data includes in particular the surnames and first names of the persons involved as well as the telephone number and/or e-mail address of the reporting person.
The legal basis for the processing of the above-mentioned personal data is Article 6 (1) (1) c) GDPR in conjunction with § 10 HinSchG (German Whistleblower Protection Act) (fulfilment of a legal obligation).
Use of service providers
For the processing of the personal data stated under b), the external service provider JAGGAER is used. JAGGAER Deutschland GmbH, Ottobrunner Strasse 41, 82008 Unterhaching (Germany) has access to the personal data you provide. It cannot be ruled out that JAGGAER, LLC, 3020 Carrington Mill Blvd, Suite 100, Morrisville, NC 27560 (USA) may also have access to your personal data within the Group. JAGGAER assures compliance with the data protection level of the GDPR (https://www.jaggaer.com/de/privacy-policy/).
As part of the processing of personal data for the purposes stated under c), Lionheart Squared Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin (Ireland) has access to your personal data when you use Zoom. This may result in Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (USA) also having access to your personal data within the Group.
When you use Microsoft Teams, Microsoft Deutschland GmbH, Walter-Gropius-Strasse 5, 80807 Munich (Germany) has access to your personal data. Although Microsoft assures that the processing takes place in data centres in the EU, it cannot be ruled out that Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (USA) also has access to your personal data within the Group.
The level of data protection in the USA is not comparable with that of the European Union (EU). However, Zoom assures that data transfer is governed by the standard contractual clauses of the European Commission (https://explore.zoom.us/de/privacy/). Microsoft assures to comply with the applicable data protection requirements (https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/08/Microsoft-Statement_Datenschutzkonformitaet-von-Microsoft-365-und-Microsoft-Teams.pdf, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWRql1?culture=de-de&country=DE).
ARBURG guest WLAN
This section of the data protection policy covers your use of our ARBURG guest WLAN. In the following, we explain how we collect your personal data when you use the guest WLAN, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
The guest WLAN can only be used with an account / ticket. The system must identify that you are authorised for access. To do this, it creates a ticket and assigns it a validity and various properties. You must log on with a user name and password. You can only log on again for as long as the ticket is valid. The MAC and/or IP address of the device you are using is stored as a unique identifier. In combination with the personal data you provided when logging on, this makes it possible to identify you personally.
The following data is stored in the log files before and after logon:
Before logon:
- IP address (DHCP) (pseudonymised)
- MAC address
- Device type (e.g. Windows, Macintosh, iPhone, Android).
After logon:
- IP address (DHCP) (pseudonymised)
- MAC address
- Device type (e.g. Windows, Macintosh, iPhone, Android)
- Manufacturer of device / WLAN chipset
- Host name of device
- User name
- First name
- Surname
- Company name
- Duration of ticket validity
- Firewall logs
- Time of logon
- Duration of use.
The logon data you enter is stored locally by the system.
However, the personal data is never sensitive data within the meaning of the GDPR, but merely identifiers necessary for the service provided to you.
The processing of data for the purpose of using the ARBURG guest WLAN takes place in accordance with Article 6 (1) (1) a) GDPR on the basis of your voluntarily granted consent.
Disclosure of data
The data will not be transferred to third parties within the meaning of the GDPR.
Cookies
Cookies are created by websites during your visit. Cookies are small text files stored on your device that are associated with the browser you use. However, this does not mean that we immediately gain knowledge of your identity.
Usually session cookies are used which enable, for example, the function of the forwards and backwards buttons of the browser. These are automatically deleted when you close your browser. In general, cookies of this system are technically necessary or essential for the service offered and do not contain any personal data.
For the logon page of the system, only technically necessary cookies are used which we only store for the duration of the session. On most mobile devices, these cookies are deleted immediately after successful logout. However, depending on the settings of your own mobile device, cookies may be stored on your mobile device for longer.
The legal basis for the use of cookies is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Protection against unauthorised access
In general, it is a closed system with a high security standard. It is not possible to run non-system processes on it, such as an app on a mobile phone or a programme on a laptop, so potential attackers are not offered the usual gateways.
The basic settings are data-efficient; the query of sensitive data is not provided for. Access to stored data is controlled by the system via user administration. Authorisation management ensures that the administrators are instructed in data protection law in order to proceed with due care in accordance with the GDPR. All access is password-protected; access is always encrypted and logged.
Duration of storage
Ticket data is only stored for as long as is necessary. After expiry of the validity, the configuration provides for a retention period of 30 days. The running system saves internal logs with IP and MAC addresses as well as other logon information to ensure error-free operation. These logs can also only be accessed by administrators and are usually deleted after 30 days.
ARBURG employee WLAN
This section of the data protection policy covers your use of our ARBURG employee WLAN. In the following, we explain how we collect your personal data when you use the employee WLAN, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
The ARBURG employee WLAN can only be used with valid access data. The system must identify that you are authorised for access. For this purpose, you have to agree to the terms of use. Once you have agreed to the terms of use, you can request a password via the Intranet. You can then log on using the password retrieved from the Intranet.
The following data is stored in the log files:
- IP address (DHCP) (pseudonymised)
- MAC address
- Device type (e.g. Windows, Macintosh, iPhone, Android)
- Manufacturer of device / WLAN chipset
- Host name of device
- Firewall logs
However, the personal data is never sensitive data within the meaning of the GDPR, but merely identifiers necessary for the service provided to you.
The processing of data for the purpose of using the ARBURG employee WLAN takes place in accordance with Article 6 (1) (1) a) GDPR on the basis of your voluntarily granted consent.
Disclosure of data
Disclosure of data to third parties within the meaning of the GDPR does not take place.
Protection against unauthorised access
In general, it is a closed system with a high security standard. The basic settings are data-efficient; the query of sensitive data is not provided for. Access to stored data is controlled by the system via user administration. Authorisation management ensures that the administrators are instructed in data protection law in order to proceed with due care in accordance with the GDPR. All access is password-protected; access is always encrypted and logged.
Duration of storage
The running system saves internal logs with IP and MAC addresses as well as other logon information to ensure error-free operation. However, these are only stored for as long as is necessary. These logs can also only be accessed by administrators. The logs are usually deleted after 30 days.
Trade fairs and other events
This section of the data protection policy covers the processing of personal data in connection with photo and video recordings and the downloading of brochures at trade fairs and other events. In the following, we explain how we collect your personal data, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Photography and video recording at trade fairs and other events
Photos and/or video recordings may be made at trade fairs and other ARBURG events. Visitors to the respective event may be identifiable on these photos / video recordings. Insofar as this is the case, the photos / videos contain personal data within the meaning of Article 4 (1) GDPR. We intend to store and publish individual photos and videos in accordance with the provisions of this data protection policy, e.g. in the ARBURG magazine "today", on the ARBURG Intranet, on the ARBURG website or as part of ARBURG press releases.
The photo and video recordings as well as their publication are intended for purposes of public relations, advertising and documentation.
The legal basis for data processing is Article 6 (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interests result from the aforementioned purposes of data processing (public relations, advertising, documentation).
(b) Use of the ScanCard
At trade fairs and other events, you can collect digital brochures or request to be contacted using a ScanCard at the terminals provided for this purpose. For this purpose, the ScanCard is linked to the contact details provided to us or given by you when registering (name, e-mail address, telephone number). In some cases, participation in certain trade fairs or events is subject to the consent to the use of this ScanCard. Consequently, you will not be able to participate in certain trade fairs or events if you do not consent to the use of the ScanCard. You will be informed of this before you give your consent. If you withdraw your consent before attending the trade fair or event in question, you will not (or no longer) be able to attend this trade fair or event and any access authorisations granted will become invalid.
The legal basis for data processing is Article 6 (1) a) GDPR (voluntary consent).
(c) Download of digital brochures
You can use the ScanCard to collect digital brochures at the terminals provided. Depending on the event, the digital brochures are either sent automatically at the end of the event or can be accessed via a link provided on the ScanCard. The download of digital brochures makes it possible to provide information on ARBURG products on demand.
The legal basis for the processing of your personal data is Article 6 (1) (1) a) GDPR (voluntary consent).
(d) "Request contact" ScanPoint
When you hold the ScanCard to a "Request contact" ScanPoint, you consent to us contacting you by e-mail or telephone using the contact details (name, e-mail address, telephone number) provided to us or given by you when registering for the event in order to provide you with further information on the respective product / content. The data is automatically transmitted to us so that we can offer you products that match your interests in the future.
The legal basis for data processing is Article 6 (1) a) GDPR (voluntary consent).
Disclosure of data
(a) Photography and video recording at trade fairs and other events
We may periodically publish photo and/or video recordings, e.g. in the ARBURG magazine "today", on the ARBURG Intranet, on the ARBURG website or as part of ARBURG press releases. We herewith point out that the publication of photos / videos on the Internet results in the photos / videos being accessible to an unlimited number of persons.
In some cases, the photos / videos may be created by external service providers or edited by external service providers prior to publication. Insofar as external service providers process personal data in this context, such processing takes place exclusively on our behalf and in accordance with our instructions.
(b) Download of digital brochures
We use ICT AG, Erscheckweg 1, 72664 Kohlberg, Germany, to provide the download of the information and brochures you have bookmarked.
ICT AG processes your personal data exclusively on behalf of and in accordance with our instructions in compliance with the data protection provisions and the applicable laws.
Your personal data will not be transferred to other third parties.
Storage period
(a) Photography and video recording at trade fairs and other events
Photos and videos that are not used for one of the purposes specified under "Collection and storage of personal data as well as nature and purpose of its use" will be deleted after suitable photos / videos have been selected. Selected photos and videos will be stored for an indefinite period of time, unless an objection is made by one of the people concerned.
(b) Download of digital brochures
The personal information you provide when registering to download brochures will be stored until you withdraw your consent or until it is automatically erased, 28 days after the end of the event.
(c) "Request contact" ScanPoint
We process the data produced in this context for the duration of the contact. We delete the data once storage is no longer necessary, or limit processing where statutory retention requirements apply.
Application - external
This section of the data protection policy covers your use of our careers website (https://jobs.arburg.com/). In the following, we explain how we collect your personal data when you call up the careers website, what we do with it, for what purpose and on what legal basis your data is processed.
Depending on the country, applications can be submitted either via the ARBURG recruiting management system (SuccessFactors) or by e-mail.
When using the ARBURG recruiting management system to apply for a job, the applicant must first create an account before an application can be submitted.
An account is created by means of a double opt-in procedure.
Collection and storage of personal data as well as nature and purpose of its use
(a) When visiting the careers website
When you call up our careers website, the browser used on your device automatically sends information to us. Whenever you visit our website, the following data is collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status / HTTP status code
- the amount of data transferred
- the website where the request originates
- the browser used
- the language and version of the browser software
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth website connection
- to ensure the comfortable use of our website
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interest derives from the above-mentioned purposes for data collection.
In addition, we also use cookies when you visit our website. Further information on cookies can be found below under the "Cookies" item of this data protection policy.
(b) When creating an account in the recruiting management system / in the talent community (SuccessFactors)
If you wish to submit an online application to us, you must first create an account in our recruiting management system / talent community (SuccessFactors) which is provided and stored by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany, specifically in the Sankt Leon-Rot data centre and in the Amsterdam mirror data centre. For this purpose, we will store and process your first and last name, your country of residence, your e-mail address, as well as any other data freely provided by you. In addition, you can agree to allow individual contact by a recruiter. You can update the information about you stored in your talent community account at any time and add more information on a voluntary basis.
To register in the recruiting management system / talent community, you must consent to the storage and processing of your aforementioned data by us. You can revoke this consent at any time with future effect. However, this will result in deletion of your talent community account.
In the talent community, you can use the job agent to receive e-mail notifications about new job opportunities that match your stated interests. For this purpose, you can enter various search criteria, which you can change at any time. The sending of information about job opportunities by e-mail requires your consent, which you can revoke at any time using the unsubscribe link contained in the e-mails sent to you or by changing your settings in the talent community.
Your data is processed within the talent community for the purpose of implementing an application process. The legal basis for the processing of your data is Article 6 (1) (1) a) GDPR.
In addition to the mandatory data and the other data you have voluntarily entered, the following data is also automatically collected and added to your account during registration: your IP address, the last website you visited and the location from which you connected to the Internet. This data will be collected to identify improper use of our talent community.
The legal basis for this is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Even if the data is only processed by SAP SuccessFactors within the EEA, it cannot be ruled out that SAP America Inc., 3809 West Chester Pike, Suite 200 in Newtown Square, PA 19073, USA may have access to your personal data within the Group. The level of data protection in the USA is not comparable with that of the European Union (EU). However, SAP assures that it complies with the high level of data protection stipulated by the GDPR (https://www.sap.com/germany/about/legal/privacy.html#10).
(c) When submitting an application
If you wish to apply for a specific position, you need to create an account in the recruiting management system. To help you manage your accounts, the talent community credentials and other data you have already entered in the talent community are automatically transferred to the recruiting management system.
Your personal data (such as e-mail address, name, place of residence) and attachments (such as CV, cover letter, certificates) that you submit in the recruiting management system will only be stored and processed for the purpose of managing an application process.
The legal basis for the processing of your data is Article 6 (1) (1) a) GDPR (voluntary consent).
- You can decide for yourself the extent to which your data may be used by us. For this purpose, the following options are available to you when you submit your application:
- Your data will only be used for the application process for the position to which you have specifically applied. If this vacancy is with one of ARBURG's affiliated companies, your data will be transmitted to this company. Your data will not be shared with other affiliated companies.
- Your data will be processed and possibly shared as part of the application process associated with job vacancies at ARBURG or companies affiliated with ARBURG within your country of residence.
- Your data will be made available to all affiliated companies of ARBURG worldwide to fill any vacancies.
Depending on the choice you make, the team responsible for Human Resources and the people involved in filling the position at the respective company will be able to access your data. In addition, selected employees will have access to your data for administrative purposes.
You have the option of changing your options and updating your personal information at any time. Likewise, you can also entirely delete your account in the recruiting management system at any time. In this case, your account in the talent community will also be deleted.
If you are offered employment, we will store and process as employee data the data you provided as part of the application process for at least the duration of the employment. If you cannot be considered for a position or if you withdraw your application, we will destroy / delete your application documents no later than 6 months after completion of the application process or after withdrawal of your application, unless you have expressly agreed to a longer storage period, for example to apply for similar positions in the future.
Unless you log in again using your recruiting management system account within 12 months, your account will be automatically deleted without further notice. If future amended legal requirements demand a change to the retention/deletion period, this will be changed without prior notice.
General note on the obligation to provide data
You are under no legal or contractual obligation to provide us with your personal data. An application to us is voluntary. Without the provision of personal data by you, it is naturally not possible to carry out any personnel selection or application procedure. Consequently, failure to provide personal data means that you cannot be considered as a candidate when filling a vacancy.
Use of service providers
To provide support and for administrative tasks for our careers website, we use selected external service providers in the EU and USA. Furthermore, we may commission external service providers to provide services in the selection and processing of applications. These service providers process your personal data exclusively on behalf of and in accordance with our instructions in compliance with these data protection provisions and the applicable laws.
Disclosure of data
Your data will be treated as strictly confidential in accordance with the relevant legal provisions. Access to your data is restricted to persons who are responsible for processing your application. This includes, in particular, employees from Human Resources, the superiors for the position for which you are applying as well as the affiliated company (e.g. subsidiary also abroad) where the vacancy you are applying for is to be filled. Please refer to the job advertisement to find out which company is involved. Personal data will also only be shared with other affiliated companies if there is a legal basis for this and if it is necessary for one of the above-mentioned purposes. Your personal data will not be transferred to other third parties, i.e. outside the group.
Cookies
We use cookies on our website. Cookies are small text files stored on your hard drive that are associated with the browser you use and that provide us with certain information. However, this does not mean that we immediately gain knowledge of your identity.
On the one hand, the use of cookies helps us to make it more convenient for you to use our offering. For example, we use so-called session cookies to detect that you have already visited individual pages on our website. These are automatically deleted after you leave our website.
For another thing, we also use temporary cookies to enhance user friendliness that are stored on your terminal device for a specified period. If you visit our website again to use our services, it will automatically recognise that you have already visited us before and retrieves the inputs and settings you have made earlier on so that you do not have to re-enter them.
Moreover, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offering to you. Your consent data (consent yes/no, time stamp, data volume, data attributes, controller ID, processor ID, consent ID) is stored for documentation purposes.
You can configure your browser settings as desired and, for instance, refuse to accept any third-party cookies or any cookies at all. Please note that you may not be able to use all the functions of this website if you do not accept cookies.
The legal basis for the use of cookies is Article 6 (1) (1) a) GDPR (voluntary consent), provided that you have consented to this use, Article 6 (1) (1) c) GDPR (fulfilment of a legal obligation), if we are legally obliged to prove consent (Article 7 (1) GDPR) and Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Application - Training / study / internship
This section of the data protection policy covers your use of our application portal for trainees, students, master's degree students and interns (https://www5.arburg.com/ausbildung/jobboard/). In the following, we explain how we collect your personal data when you use this portal, what we do with it, for what purpose and on what legal basis your data is processed.
Collection and storage of personal data as well as nature and purpose of its use
(a) Log data recorded when visiting the application portal
When you call up the application portal, the browser used on your device automatically sends information to us. Whenever you visit our application portal, the following data is collected without any action on your part:
- the IP address
- the date and time of the request
- the content of the request (actual page)
- the access status / HTTP status code
- the amount of data transferred
- the website where the request originates
- the browser used
- the language and version of the browser software
- the operating system and its interface.
The above-mentioned data will be processed by us for the following purposes:
- to ensure establishment of a smooth connection of the application portal
- to ensure the comfortable use of the application portal
- to evaluate system security and stability
- for other administrative purposes.
The legal basis for data processing is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller). Our legitimate interest derives from the above-mentioned purposes for data collection. Under no circumstances will we use the aforementioned data to produce a profile of you.
(b) Submitting the application
The collection of your personal data is required for participation in our selection procedure. The required data is transmitted exclusively in encrypted form. Your data will only be used in the context of the selection procedure.
Your personal data (such as e-mail address, name, address, date of birth, mobile phone number) and attachments (such as CV, cover letter, certificates) will only be stored and processed for the purpose of managing an application process.
The legal basis for the processing of your data is Article 6 (1) (1) a) GDPR (voluntary consent).
In the course of this application process, you will be asked to take vocational aptitude tests. When submitting your application data, you also consent to the processing of internet-based personnel selection procedures (psychological test procedures) and expressly agree to the use of your test results for the decision-making process regarding the further consideration of your application in the application process.
The legal basis for the processing of your data is Article 6 (1) (1) a) GDPR (voluntary consent).
Supplementary to the information in the general section of this data protection policy, we point out that the data collected will be deleted after one year at the latest, unless it is required to establish an apprenticeship contract. If you are offered employment, we will store and process as employee data the data you provided as part of the application process for at least the duration of the employment. If you cannot be considered for a position or if you withdraw your application, we will destroy / delete your application documents no later than 6 months after completion of the application process or after withdrawal of your application, unless you have expressly agreed to a longer storage period, for example to apply for similar positions in the future. After this period, the results of the test procedures will only be used in anonymised form and exclusively for the standardisation of the selection procedures.
General note on the obligation to provide data
An application to us is voluntary. Without the provision of personal data by you, it is not possible to carry out any personnel selection or application procedure. Consequently, failure to provide personal data means that you cannot be considered as a candidate when filling a vacancy.
Disclosure of data
Your data will be treated as strictly confidential in accordance with the relevant legal provisions. Access to your data is restricted to persons who are responsible for processing your application. This includes, in particular, employees from Human Resources, the superiors for the position for which you are applying as well as the affiliated company (e.g. subsidiary also abroad) where the vacancy you are applying for is to be filled. Please refer to the job advertisement to find out which company is involved. Personal data will also only be shared with other affiliated companies if there is a legal basis for this and if it is necessary for one of the above-mentioned purposes. Your personal data will not be transferred to other third parties, i.e. outside the group.
Application - internal
This section of the data protection policy covers your use of the ARBURG recruiting management system (SuccessFactors) as part of an internal application. In the following, we explain how we collect your personal data when you use the ARBURG recruiting management system, what we do with it, for what purpose and on what legal basis your data is processed.
When using the ARBURG recruiting management system to apply for a job, the applicant must first create an account, if one does not already exist, before an application can be submitted.
An account is created by means of a double opt-in procedure.
Collection and storage of personal data as well as nature and purpose of its use
In order to process your application, we collect and process your personal data, in particular the data you provide when creating an account (e.g. e-mail address, name, place of residence) in the ARBURG recruiting management system, the application documents you submit and any other relevant data from your personnel file if required. We will use your submitted application documents exclusively for the purpose of conducting the application process and initiating employment relationships.
If you wish to submit an online application to us, you must first create an account in our recruiting management system (SuccessFactors) which is provided and stored by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany, specifically in the Sankt Leon-Rot data centre and in the Amsterdam mirror data centre. For this purpose, you need to enter your e-mail address and set a password. You can then log on by entering your e-mail address and password. Please keep your password confidential and do not disclose it to third parties. You can update the information stored about you in your account at any time and add more information on a voluntary basis.
To register in the recruiting management system, you must consent to the storage and processing of your aforementioned data by us. You can revoke this consent at any time with future effect. However, this will result in deletion of your account.
In the recruiting management system, you can use the job agent to receive e-mail notifications about new job opportunities that match your stated interests. For this purpose, you can enter various search criteria, which you can change at any time. The sending of information about job opportunities by e-mail requires your consent, which you can revoke at any time using the unsubscribe link contained in the e-mails sent to you or by changing your settings in the recruiting management system.
Your data is processed within the recruiting management system for the purpose of implementing an application process.
The legal basis for the processing of your data is Article 6 (1) (1) a) GDPR (voluntary consent), where you have consented to data processing Article 6 (1) (1) b) GDPR (fulfilment of contractual obligations), and otherwise § 26 BDSG (German Federal Data Protection Act).
In addition to the mandatory data and the other data you have voluntarily entered, the following data is also automatically collected and added to your account during registration: your IP address, the last website you visited and the location from which you connected to the Internet. This data will be collected to identify improper use of our recruiting management system.
The legal basis for this is Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).
Even if the data is only processed by SAP SuccessFactors within the EEA, it cannot be ruled out that SAP America Inc., 3809 West Chester Pike, Suite 200 in Newtown Square, PA 19073, USA may have access to your personal data within the Group. The level of data protection in the USA is not comparable with that of the European Union (EU). However, SAP assures that it complies with the high level of data protection stipulated by the GDPR (https://www.sap.com/germany/about/legal/privacy.html#10).
If you are offered employment, we will store and process as employee data the data you provided as part of the application process for at least the duration of the employment. If you cannot be considered for a position or if you withdraw your application, we will destroy / delete your application documents no later than 6 months after completion of the application process or after withdrawal of your application, unless you have expressly agreed to a longer storage period, for example to apply for similar positions in the future.
General note on the obligation to provide data
An application to us is voluntary. Without the provision of personal data by you, it is naturally not possible to carry out any personnel selection or application procedure. Consequently, failure to provide personal data means that you cannot be considered as a candidate when filling a vacancy.
Disclosure of data
Your data will be treated as strictly confidential in accordance with the relevant legal provisions. Access to your data is restricted to persons who are responsible for processing your application. This includes, in particular, employees from Human Resources, the superiors for the position for which you are applying as well as the affiliated company (e.g. subsidiary also abroad) where the vacancy you are applying for is to be filled. Please refer to the job advertisement to find out which company is involved. Personal data will also only be shared with other affiliated companies if there is a legal basis for this and if it is necessary for one of the above-mentioned purposes. Your personal data will not be transferred to other third parties, i.e. outside the group.
Cookies
We use cookies on our website. Cookies are small text files stored on your hard drive that are associated with the browser you use and that provide us with certain information. However, this does not mean that we immediately gain knowledge of your identity.
On the one hand, the use of cookies helps us to make it more convenient for you to use our offering. For example, we use so-called session cookies to detect that you have already visited individual pages on our website. These are automatically deleted after you leave our website.
For another thing, we also use temporary cookies to enhance user friendliness that are stored on your terminal device for a specified period. If you visit our website again to use our services, it will automatically recognise that you have already visited us before and retrieves the inputs and settings you have made earlier on so that you do not have to re-enter them.
Moreover, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offering to you. Your consent data (consent yes/no, time stamp, data volume, data attributes, controller ID, processor ID, consent ID) is stored for documentation purposes.
You can configure your browser settings as desired and, for instance, refuse to accept any third-party cookies or any cookies at all. Please note that you may not be able to use all the functions of this website if you do not accept cookies.
The legal basis for the use of cookies is Article 6 (1) (1) a) GDPR (voluntary consent), provided that you have consented to this use, Article 6 (1) (1) c) GDPR (fulfilment of a legal obligation), if we are legally obliged to prove consent (Article 7 (1) GDPR) and Article 6 (1) (1) f) GDPR (protection of the legitimate interests of the data controller).