Privacy Policy ARNO
We would like to thank you for visiting our website and for your interest in our company, our products and our website.
Data protection is a matter of trust and your trust is important to us. The protection and lawful processing of your personal data is an important concern for us.
At this point, we would like to inform you about the processing of personal data carried out by us.
Table of contents:
1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Karl-Heinz Arnold GmbH
Karlsbader Straße 4
73760 Ostfildern
E-mail: info@arno.de
Phone: 0711 34802 0
2. Data Protection Officer
If you have any questions about data protection, you can also contact our data protection officer at any time.
To do so, please contact:
Karl-Heinz Arnold GmbH
Karlsbader Straße 4
73760 Ostfildern
E-mail: datenschutzbeauftragter@arno.de
Phone: 0711 34802 0
3. General information on data processing
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and for our content and services.
a) Personal data
Personal data within the meaning of the GDPR and the BDSG is any information relating to an identified or identifiable natural person (hereinafter: "data subject"). The personal data of users processed in the context of this online offer include, in particular:
b) Purposes of processing
As a matter of principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users is usually only carried out with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
We process personal data when you visit our website (section 4), when you use our contact form (section 5), when you set up a customer account (section 6) and when you order from us (section 7). In addition, we process personal data when you apply for a job with us (section 9) and for advertising purposes (section 8).
The collection and use of personal data of our users is always carried out in accordance with the GDPR and the applicable country-specific data protection rules. If the processing of personal data is necessary and such processing is not permitted by law, we always obtain the consent of the data subject. If we ask you to provide certain personal data, you can of course refuse to do so. You have a choice about what information you give us. However, there is a possibility that we will not be able to offer you certain products and services.
c) Legal basis
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") serves as the legal basis.
In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and our interests, the fundamental rights and freedoms of the data subject prevail, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
d) Disclosure of your data
Personal data will be passed on to third parties in the following cases and on the basis of the legal basis mentioned in each case:
Service providers who work for us on our behalf have been carefully selected and commissioned by us and are bound by our instructions. Furthermore, we are contractually entitled to monitor the compliance of the service providers with the relevant contractual and legal rules. External service providers can be assigned to the following categories:
If we transfer personal data to recipients in so-called "third countries", i.e. countries outside the European Union ("EU") or the European Economic Area ("EEA"), in which a level of data protection comparable to that in the EU cannot be assumed without further ado and we are not authorised to transfer it on the basis of a legal obligation, we ensure that the necessary data protection is provided in the respective third country or with the recipient in the third country adequate level of data protection is ensured. This may result in particular from a so-called "adequacy decision" of the European Commission, which determines an adequate level of data protection for a particular third country as a whole. In addition, we may also base the transfer of data on the so-called "EU Standard Contractual Clauses" agreed with a recipient. The contract texts of the EU Standard Contractual Clauses can be found at the European Commission. This also applies to adequacy decisions. Further information can be obtained from the Data Protection Officer at datenschutzbeauftragter@arno.de.
e) Storage period and deletion
As a matter of principle, we only store your data for as long as is necessary for the respective purpose of the processing. We store the personal data collected for the purpose of processing the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we will retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period (usually 10 years from the conclusion of the contract), the data will be processed again solely in the event of a review by the tax authorities.
We will delete the data collected and stored in connection with the customer account at the latest when the purpose for which it was stored no longer applies or when you inform us that your customer account should be deleted. However, it is not possible to delete your personal data prematurely if and to the extent that the data is still required for the execution of the contract or if we are obliged by law to store it further.
4. Information on data processing when visiting our website
When you visit our website www.arno.de, information is automatically transmitted to the server of our website by the browser you use.
The following information is collected and stored until it is automatically deleted:
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest in the processing lies in the technical facilitation of the access to the website, the optimised presentation of the content by the user and the further improvement/optimisation of the website in the future.
You have the right to object to the processing of your personal data on the basis of a legitimate interest. All you need to do is send an e-mail, e.g. to datenschutzbeauftragter@arno.de or marketing@arno.de. However, failure to do so may result in you not being able to use our website or not being able to use it to its full extent.
5. Information on data processing for enquiries via contact form
To get in touch, you can also use the contact form provided on our website. If you send us enquiries via the contact form, the following details from the contact form will be stored by us for the purpose of processing the enquiry and in the event of any questions.
Alternatively, you can anfrage@arno.de or contact bestellung@arno.de via the email address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
The legal basis for processing if you have given your consent is Art. 6 (1) (a) GDPR.
The legal basis for data processing may also be Art. 6 (1) (f) GDPR. The legitimate interest in the processing lies in contacting you as a customer and in order to improve the quality of our advice. If the purpose of contacting us via the contact form is to conclude a contract, the legal basis also results from Art. 6 (1) (b) GDPR.
You have the right to withdraw your consent to the processing of your personal data at any time. All you need to do is send an e-mail, e.g. to datenschutzbeauftragter@arno.de or marketing@arno.de.
The data you enter in the contact form will remain with us until you request us to delete it or the purpose for which the data is stored no longer applies (e.g. after your enquiry has been processed). An exception to this may arise from statutory retention obligations.
6. Information on data processing for setting up a customer account
You can register in our online shop and create a customer account in order to take full advantage of the site's features. We only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered.
The legal basis for the processing is Art. 6 (1) (b) GDPR. The processing of personal data serves the purpose of executing or initiating a contract between you and Karl-Heinz Arnold GmbH.
The personal data collected during registration will be stored by us as long as you are registered in our online shop; They will then be deleted. This does not affect statutory retention obligations.
You have the right to withdraw your consent to the processing of your personal data at any time. All you need to do is send an e-mail, e.g. to datenschutzbeauftragter@arno.de or marketing@arno.de. In this case, your account will expire and we will no longer be able to provide you with our services in full.
7. Information on data processing for the processing of your order
If you buy products in our online shop, you must be logged in via your customer account. In order to process and process your order, we need the details of the company, your first and last name, your title, the address data, your e-mail address and a telephone number. We use this data to fulfil our obligations under the purchase contract with you, for receivables management, as well as for the processing of possible reversals and warranty claims. In addition, we and our logistics service providers use this data to inform you about the status of your delivery and delivery times. The legal basis for this is Art. 6 (1) (b) or (f) GDPR.
8. Information on data processing for advertising purposes
We also use your information to use it to advertise about your orders, recommend certain products or services that may be of interest to you.
You can object to the use of your data for advertising purposes at any time. All you need to do is send an e-mail, e.g. to datenschutzbeauftragter@arno.de or marketing@arno.de.
a) Newsletter
You can sign up to receive our newsletter on our website. Our newsletter contains news, offers and further information about ARNO's products and services.
The newsletter is sent on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. To receive the newsletter, you must enter your e-mail address in the field provided on our website. You will then receive an e-mail from us in which we ask you to confirm that you would like to receive our newsletter by clicking on a link (double opt-in). We will therefore only send you a newsletter if you have previously expressly confirmed that you would like to receive one.
We use Pardot's services to send newsletters. For more information, see Section 12.
You can revoke your consent to the processing of your data for the purpose of sending the newsletter at any time with effect for the future. All you need to do is send an e-mail, e.g. to datenschutzbeauftragter@arno.de or marketing@arno.de. You will also find an unsubscribe link in each newsletter.
b) Product recommendations via e-mail
If you have entered into a contract with us, we will process your e-mail address outside of the existence of a specific consent in order to send you product recommendations by e-mail on a regular basis. In this way, we want to send you information about products from our offer that may be of interest to you based on your recent purchases from us.
The legal basis for the above-mentioned processing is Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG, as contacting existing customers and processing existing customer data constitutes a legitimate interest.
To send product recommendations, we use Pardot's offering. For more information, see Section 12.
You can object to the processing of your data for the purpose of sending product recommendations, e.g. by e-mail to datenschutzbeauftragter@arno.de or marketing@arno.de.
You will also find an unsubscribe link in each email.
9. Information on data processing for job applications
If you apply for a job with us, we process the information you provide, in particular your first and last name, your e-mail address, your postal address, your telephone number and the information contained in any application documents such as cover letter, CV and certificates ("Application Data").
The data you provide to us as part of your application will be processed exclusively for the purpose of processing this application. We always treat your application data confidentially.
The legal basis for the described processing of your application data is Art. 6 para. 1 sentence 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG.
If your application is successful and leads to an employment relationship, the data will be transferred to your personnel file. The data will be stored for as long as this is necessary for the employment relationship and insofar as legal regulations justify an obligation to retain it. The legal basis for this processing is also Art. 6 para. 1 sentence 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG.
If your application is unsuccessful, we will store your application data for a maximum of 6 months after completion of the relevant application process in order to be able to defend ourselves against possible legal claims. The legal basis for this storage is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in this context stems from the burden of proof in proceedings.
The documents you submit as part of the application may contain personal data that fall under "special categories of personal data" within the meaning of Article 9 of the GDPR ("sensitive data"). It is personal data that may reveal a natural person's racial or ethnic origin, political opinion, religion or belief, trade union membership, genetic or biometric data, state of health or information about a natural person's sex life or sexual orientation.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We therefore ask you not to send us any such information in the first place. If, in exceptional circumstances, such information is relevant, we will inform you accordingly.
In the event that your application nevertheless contains sensitive data, we ask for your explicit consent to the processing of this data for the purpose of processing the application. You are free to decide whether you want to give this consent. Consent can be revoked at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before the withdrawal. In this regard, however, we would like to point out that in the event that your application has led to employment, the further processing of the sensitive data (also) contained in the application may be necessary in order to be able to exercise rights arising from labour law and social security and social protection law and to be able to comply with obligations in this regard, which may therefore be justified in accordance with Art. 9 (2) (b) GDPR even without your consent.
The legal basis for the processing of sensitive data in the event of your consent is Art. 9 (2) (a) GDPR; in the case of employment, the relevant processing is carried out on the basis of Art. 9 (2) (b) GDPR and § 26 (3) BDSG.
Please note that your application cannot be considered if your application documents contain sensitive data and you do not consent to their processing or withdraw your consent.
10. Cookies
We use cookies on our website. Cookies are text files that are transferred to the browser of the requesting user when a website is accessed. Cookies can store unique identifiers consisting of a string of characters that allow the browser to be identified when the website is visited again. Cookies can store various pieces of information, such as browser type, operating system used, language settings or other personal page settings, as well as user behavior, such as subpages accessed or links clicked. This does not mean that this gives us direct knowledge of your identity.
On the one hand, the use of cookies serves to make the use of our services more pleasant for you. In addition, we use cookies to optimize the user-friendliness and our offer and for statistical collection.
The use of cookies for the statistical recording and evaluation of our offer is described in more detail in sections 11 et seq. These cookies allow us to automatically recognise that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is necessary for the purposes mentioned in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in providing a functional and user-friendly website. If you give your consent, your data will be processed in accordance with Art. 6 (1) (a) GDPR.
You can configure your browser so that cookies are not stored on your computer or that they are deleted. Please use the help option in your internet browser. However, disabling cookies completely may prevent you from using all the features of our website.
11. Use of Cookiebot
On our website, we use functions of the provider "Cookiebot", Cybot A/S, Havnegade 39, 1058 Copenhagen, DK. Among other things, Cookiebot offers us the opportunity to provide you with a comprehensive cookie notice (also known as a cookie banner or cookie notice). Cookiebot is a software product that automatically creates a GDPR-compliant cookie notice for our website visitors. In addition, Cookiebot scans, controls and evaluates all cookies and tracking measures on our website. Cookiebot shows you a list of cookies divided by function groups, explains the purpose of the cookie function groups and the individual cookies as well as their storage period.
By using this feature, data from you can be sent, stored and processed by Cookiebot. For the use of Cookiebot, the storage of a cookie is technically necessary.
If you have consented to the setting of cookies when visiting this website, you can revoke your consent by calling up Cookiebot and deselecting the cookie category in question.
The legal basis for data processing is Art. 6 (1) (f) GDPR. The legitimate interest consists in the error-free functioning of the website. If you give your consent, your data will be processed in accordance with Art. 6 (1) (a) GDPR.
For more information on the scope of personal data provided by Cookiebot, please see https://www.cookiebot.com/de/privacy-policy/.
12. Use of Pardot
On our website, we use the Pardot Marketing Automation System (hereinafter referred to as "Pardot MAS") from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (hereinafter: "Pardot"), a special software for recording and evaluating the use of a website by website visitors and for sending newsletters and product recommendations via e-mail.
When you visit our website, the Pardot MAS records your click path and creates an individual user profile using a pseudonym. For this purpose, cookies are used to enable your browser to be recognized. If you use our website for the first time, you can agree to the use of Pardot cookies by confirming the so-called cookie acceptance banner.
You can also deactivate the creation of pseudonymised user profiles at any time by configuring your Internet browser so that cookies from the domain "pardot.com" are not accepted. However, this may lead to certain limitations in the functions and usability of our offering.
Emails and newsletters sent using Pardot use tracking technologies. We use this data to find out which topics are of interest to you by tracking whether our emails are opened and which links you click on. We then use this information to improve the emails we send you and the services we provide.
In order to provide you with the most interesting offer or product information possible - and if you actively consent to this - it is possible to combine your personal data with the data of a pseudonymised user profile via the cookies set, provided that you provide personal data - for example by ordering a newsletter or filling out a form. You can object to this use of your personal data, such as name and address information, at any time in writing or by sending an e-mail to datenschutzbeauftragter@arno.de.
We use Pardot on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR for the needs-based design and continuous optimization of our website and offers. If you give your consent, your data will be processed in accordance with Art. 6 (1) (a) GDPR.
For up-to-date information on Pardot's handling of personal data from the European Union, please visit https://www.salesforce.com/content/dam/web/de_de/www/documents/legal/german-privacy-shield-notice.pdf.
13. Use of analysis services (Google Analytics)
For the purpose of tailoring and continuously optimising our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/ intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/intl/de/about/) (hereinafter referred to as "Google").
We use Google Analytics on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. In this way, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. Those interests are to be regarded as legitimate within the meaning of the aforementioned provision.
In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as
browser type/version,
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on their behalf. Under no circumstances will your IP address be merged with any other data held by Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by selecting the appropriate settings in your browser software; in this case, it may not be possible to use all the functions of this website to their full extent.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https:// tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
For more information on data protection in connection with Google Analytics, please refer to the Google Analytics Help Center (https://support.google.com/analytics/answer/ 6004245?hl=en).
14. Social Media
We use videos from YouTube and YouTube plug-ins on our website. YouTube is a service provided by YouTube LLC ("YouTube"), 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The integration of YouTube takes place by embedding the service on our website by means of a so-called "iFrame". When loading this iFrame, YouTube or Google may collect and process information (including personal data). It cannot be ruled out that YouTube or Google may also transmit the information to a server in a third country.
Through the integration of YouTube, we pursue the purpose of being able to present you with various videos on our website so that you can watch them directly on our website.
The legal basis for the processing of personal data described here is Art. 6 (1) (f) GDPR. Our legitimate interest, which is required for this, lies in the great benefit that YouTube offers. By integrating external videos, we also relieve our servers and can use corresponding resources elsewhere. Among other things, this can increase the stability of our servers. YouTube and Google also have a legitimate interest in the collected (personal) data in order to improve their own services.
The provision of personal data is neither required by law nor by contract and is not necessary for the conclusion of a contract. You are also under no obligation to provide the personal data. However, failure to do so may result in you not being able to use our website or not being able to use it to its full extent.
Further information can be found in the privacy policy of YouTube and Google, which you can access here: www.google.com/policies/privacy/.
For information on Google's privacy settings, see https://privacy.google.com/take-control.html?categories_activeEl=sign-in.
15. Your rights
As a data subject, you have the following rights vis-à-vis the controller. If you wish to make use of any of these rights, please contact the controller using the contact details given in section 1.
a) Right of access (Art. 15 GDPR)
You have the right to request information from us as to whether and, if so, in what manner we process personal data concerning you. Upon request, we will provide you with a digital copy of this data.
The aforementioned right of access may be limited or excluded under certain legal conditions. In particular, according to § 29 para. 1 sentence 2 BDSG, there is no right to information insofar as the information would reveal information that must be kept secret according to a legal provision or its nature, in particular because of the overriding legitimate interests of a third party.
b) Right to rectification (Art. 16 GDPR)
You have the right to have your personal data corrected and/or completed without undue delay vis-à-vis the Controller if the personal data processed concerning you is inaccurate or incomplete.
c) Right to erasure (Art. 17 GDPR)
You can request the deletion of your data stored by us,
This right to erasure does not apply to the extent that the processing is necessary for the exercise of the right to freedom of expression and information; to comply with a legal obligation; for reasons of public interest; or is necessary for the establishment, exercise or defence of legal claims.
d) Right to restriction of processing (Art. 18 GDPR)
You may request the restriction of the processing of your personal data if:
If the processing of your personal data has been restricted, these data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, with the exception of their storage.
If the restriction of processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
e) Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
f) Right to object (Art. 21 GDPR)
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so that arise from your particular situation. If the objection is directed against direct marketing, you have a general right to object, which will be implemented by us without specifying a particular situation.
g) Right to withdraw consent (Art. 7 para. 3 GDPR)
You have the right to revoke your consent to us at any time, with the consequence that we may no longer continue the data processing based on this consent in the future.
h) Right to lodge a complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of your place of residence or place of work or the supervisory authority responsible for us.
16. Data security
Your personal data is transmitted securely by encryption. This applies to your visit to our website, your customer login and your order. For this purpose, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
17. Up-to-dateness and changes to the privacy policy
This privacy policy is currently valid as of September 2020. Due to the further development of our website and offers or due to changes in legal requirements, a change to this declaration may become necessary.