1. PERSONAL DATA
If you use the website purely for information purposes, i.e. if you do not log on to, register, or provide us with any other information to use the website, we do not collect any personal data, apart from data which your browser sends to enable you to visit the website. The purpose of this data collection is to enable you to visit the website and to ensure that the website functions properly. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. This is:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request(specific page)
- Access status/HTTP status code
- Data volume transmitted
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested website content. The legal basis is the balancing of interests(point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the website content requested by the user, ensuring the security of the IT infrastructure used to provide the website, in particular identifying, eliminating and preserving evidence of disruptions.
If you use a registration form, arago will collect the information you provide to arago, which may consist of your first and last name, email addresses, telephone numbers, location (country, state/province, city), company name, job title/role, department and function.
In the course of processing personal data we use subcontractors and conclude contracts with these processors in accordance with the requirements of Art. 28 GDPR. The provider which is used to host the website is Amazon Web Services (AWS), headquartered Seattle, Washington, United States. In case of data transfer to AWS in Seattle, Washington, United States, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. AWS in the USA is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. Further information on data protection at AWS can be found on the following website https://aws.amazon.com/compliance/data-privacy/
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller for arago and arago’s website is: arago GmbH, Frankfurt, Spaces The Docks, Lindleystrasse 8a, 60314 Frankfurt am Main, Germany. Our data protection officer can be reached at dpo (at) arago.co, +49(0)69 405680
All requests for information, corrections and deletions, objections or revocations of consent, the assertion of the right to limit the processing or the right to data portability, as well as comments or questions by the user relating to data protection are to be sent to this address. If you send your request to our postal address please use the addition “data privacy”.
3. COLLECTION AND PROCESSING OF PERSONAL DATA ON REQUEST
Your personal data will be collected, processed and used in accordance with the provisions of the German Telemedia Act (Telemediengesetz, TMG) and data protection law, in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the General Data Protection Regulation (GDPR). By means of this data protection declaration we inform about the collection of personal data on and via our website in accordance with Art. 13 GDPR.
Unless otherwise described in section 4 et seq. your personal data is apart from these cases only collected and processed if you voluntarily provide it.
4. DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE
We collect your personal data where necessary to enable your use of this website (usage data), to give you access to special information, or to otherwise communicate with you. This includes your IP address as well as data about the beginning and end of sessions and the telemedia used, it may also include data used to identify you. These data serve the purposes of delivering the service and designing it in a needs-based manner on the basis of Art. 6 (1) sentence 1 lit f GDPR.
5. DURATION OF PROCESSING OF PERSONAL DATA
Where arago is processing and using your personal data as permitted by law or under your consent, arago will store your personal data (i) only for as long as is required to fulfil the purposes set out herein or (ii) until you object to arago’s use of your personal data (where arago has a legitimate interest in using your personal data), or (iii) until you withdraw your consent (where you consented to arago using your personal data). However, where arago is required by mandatory law to retain your personal data longer or where your personal data is required for arago to assert or defend against legal claims, arago will retain your personal data until the end of the relevant retention period or until the claims in question have been settled.
When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are transferred between a web server and your browser and are stored on your computer’s disk. This enables us to recognize you when you re-visit the website and we can offer you better functionality of our website and, for example, avoid that you have to log in repeatedly, or allow us to carry out web analysis.
Most browsers are configured to automatically accept cookies. You may deactivate that cookies are stored by your browser and erase cookies at any time. Please note that without cookies, the use and experience of our services via this website may be impeded or impossible. Via your browser settings, you can also prevent certain cookies (such as third-party-cookies) from being stored, e.g. if you want to prevent web tracking. You will find further information in your browser’s help section.
- Session (transient) cookies: These cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.
- Persistent (permanent or stored) cookies: These cookies are stored on your hard drive until they expire (at a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site
Types of Cookies
6.1 Required cookies
These cookies are required to enable core site functionality.
6.2 Functional cookies
These cookies allow us to analyze site usage so we can measure and improve performance.
Used to distinguish users. Expiration time – 2 years
Used to distinguish users. Expiration time – 24 hours
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. Expiration time – 1 minute
This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. It may be placed on your visitors’ devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features.
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
This cookie tracks viewing of Youtube videos on the website.
6.3 Advertising Cookies
Used through Google Ads to understand user interaction with the site and advertising
LinkedIn Ads ID syncing. (Duration = 30 days)
Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries. (Duration = 30 days)
Used to identify LinkedIn Members off LinkedIn for advertising and analytics outside the Designated Countries and, for a limited time, advertising in the Designated Countries (Duration = 30 days)
Used to identify LinkedIn Members off LinkedIn in the Designated Countries for advertising (Duration = 30 days)
Used to identify LinkedIn Members in the Designated Countries for analytics (Duration = 30 days)
Member indirect identifier for Members for conversion tracking, retargeting, analytics (Duration = 30 days)
Used to make a probabilistic match of a user’s identity outside the Designated Countries (Duration = 90 days)
Browser Identifier for users outside the Designated Countries (Duration = 3 months)
Used to identify a LinkedIn Member for advertising through Google Ads (Duration = 90 days)
Determine opt-out status for 3rd party tracking (Duration = 10 years)
7. WEB TRACKING & COOKIES
In order to optimize the user experience of our website, we use web tracking technology such as Google Analytics, LinkedIn etc. Respective data is stored in pseudonymous usage profiles (your IP addresses is stored in anonymized form). Pseudonymous usage profiles will not be (re-)combined with personal data.
When you visit our website for the first time or if necessary again, we will ask whether you agree that we
- process usage data in pseudonymous usage profiles (tracking) for advertising, market research, web analysis and website improvement purposes, and
When visiting our websites, you will be asked in a cookie layer whether you consent to our using of any advertising cookies or function cookies (tracking mechanisms), respectively.
You can restrict your consent to the setting of cookies in whole or in part by configuring your browser settings accordingly and deactivating the setting of cookies in whole or in part. In addition, you can install a plugin in your browser to protect your privacy, which offers the possibility to prevent web analysis – e.g. AdBlock, Ghostery or NoScript (please note the data protection information of the respective plugin provider). In addition, some web analytics providers are members of industry associations whose websites allow you to centrally prevent the use of online advertising and web analytics by their members. Below you find the websites of these associations for a comfortable provider-spanning prevention of web analysis. In this way you can also prevent the creation of pseudonymous user profiles
- „European Interactive Digital Advertising Alliance“ (EDAA): www.youronlinechoices.com/de/praferenzmanagement
- „Digital Advertising Alliance“ (DAA): aboutads.info/choices
- „Network Advertising Initiative“ (NAI): www.networkadvertising.org/choices
7.1 GOOGLE ANALYTICS
You may refuse to have cookies stored on your device by appropriately configuring your browser (see section 6) or by using a privacy plugin (see section 7). Further, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Further information on the data processing in the context of Google Analytics is available under: https://www.google.de/intl/de/policies/.
7.3 GOOGLE ADs
Our websites use Google Ads Conversion Tracking, a web analytics service that uses advertising cookies. Google Ads Conversion Tracking also creates a Remarketing Tag to retarget a user via Google Ads, which is an advertising cookie. The information generated by the cookie about your use of this website is transmitted to a Google server in the U.S. and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or in so far as third parties process this data on behalf of Google. Google will in no case connect the data with other data from Google.
8. TRANSFER TO THIRD PARTIES
We will only transfer your personal data to third parties where allowed or required by law or if you have given prior consent. If you have given consent, you can withdraw it at any time with effect for the future. We only transfer data to public authorities if required by law, administrative order or court order.
9. TRANSFER OF DATA TO NON-EU COUNTRIES
If necessary for our purposes, we transfer your data to recipients outside of the EU if it is guaranteed that the recipient maintains an adequate level of data protection and there are no legitimate interests excluding the transfer. To guarantee an adequate level of data protection at the recipient’s end, we in particular use the EU Commission’s model clauses for data transfers to third countries.
10. DATA SECURITY AND CONFIDENTIALITY
We have taken the necessary technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in the data processing are obliged to observe data protection law. and to keep personal data confidential. To protect your personal data, we use a secure online transmission protocol called “Secure Socket Layer” (SSL). You can recognize this where an “s” is added to the URL part “http://” (making it “https://”) or by a green, closed lock icon shown in your browser. By clicking the lock icon, you will get information on the SSL certificate used. The appearance of the icon depends on the type and version of your browser. SSL-encryption ensures an encrypted and complete transmission of your data.
The technical and organizational security measures implemented by our hosting provider AWS are described here: https://aws.amazon.com/compliance/data-privacy/
11. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
The user and other data subjects may demand from us the following rights in respect of their personal data:
- Right of access by the data subject (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to revoke consent given at any time without affecting the legality of the processing carried out on the basis of the consent until revocation, if the data processing is based on consent pursuant to Art. 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR.
With respect to Art. 21 GDPR you may object
- on grounds relating to your particular situation
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e (public interest) or lit. f (legitimate interests) of Article 6 para. 1, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- relating to direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data is no longer be processed for such purposes.
12. YOUR CONTACT TO EXERCISE YOUR RIGHTS
In these matters and in case of questions relating to data protection, please contact our data protection officer Dr. Bernd Schmidt at dpo (at) arago.co or write to: arago GmbH, Eschersheimer Landstr. 526-532, 60433 Frankfurt am Main, Germany. For a swift processing of your request, we recommend stating your name, surname, date of birth and, where existing, your e-mail address and in case of an opt-out after receiving advertisements attaching a copy of the advertisement.
13. Right to lodge a complaint with a supervisory authority
If you believe that arago is not processing your personal data in accordance with the requirements set out herein or applicable data protection laws, you can at any time lodge a complaint with the competent data protection authority (Art. 77 GDPR).
14. NO AUTOMATED DECISION MAKING
We do not use your personal data for automated decision making under Art. 22 (1) GDPR.
15. CHANGES TO THIS DATA PROTECTION DECLARATION
New legal requirements, business decisions or technical developments may require changes to our data protection declaration. This data protection declaration will then be updated. The most current version is always available on our website.
Last Update: January 5th 2021