1. General information on the collection of personal data and information

a) The protection of your privacy when using our websites is very important to us. Accordingly, we use your personal data in accordance with the statutory provisions on data protection and privacy. Personal data is all data that can be related to you personally, e.g. name, address, e-mail address, user behavior. Below we inform you about how we handle your personal data.

b) The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and other national data protection and privacy laws of the member states as well as other data protection and privacy provisions is:

ARVOS Holding GmbH
Managing Director:
Ludger Heuberg
Am Taubenfeld 21/1

D – 69123 Heidelberg

Tel.: +49 (0)6221 532 0
Fax: + 49 (0)6221 532 189

Data Protection Officer according to Art. 37 of the EU General Data Protection Regulation (GDPR) and § 5 BDSG (German Federal Data Protection and Privacy Act) is:

bpc GmbH
Bockenheimer Anlage 46
60322 Frankfurt am Main

Phone: +49 69 6649-6923
Internet: www.b-p-c.eu

You can reach our data protection officer by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it. or by mail at ARVOS Holding GmbH using the subject line "data protection officer".

c) If you are under the age of 16, please obtain permission from a parent or guardian before providing any personal information to us.

2. Collection of personal data when visiting our website

a) In principle, you can visit our website without telling us who you are. Usually with almost all websites, the server on which our website is located (hereinafter referred to as "web server") automatically collects information from you when you visit us on the Internet. This data is technically necessary for us and guarantees the stability and security of the website.

The web server automatically recognizes certain personal data such as your IP address, the date and time you are on our site, the pages you visit on our site, the site you were on before visiting our site, the browser you use (e.g. Internet Explorer, Firefox, Safari), the operating system you use (e.g. Windows, Linux, MAC OS) and the domain name and address of your Internet service provider (e.g. 1&1, Telekom, Unitymedia). If our website uses cookies (as explained below), the web server also stores this information (permissible pursuant to Art. 6 (1)(f) DGPR).

Your personal data will only be stored on our server for the duration of your visit.

b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. On the whole, they serve to make the Internet offer more user-friendly and effective.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Name: Joomla Session Cookie
ExpireDescription: session
Purpose: Maintains the status of the user for all page requests (e.g. language selection, font size etc.)
Source: Joomla CMS

Name: joomla_user_state
ExpireDescription: session
Purpose: This session cookie is only set after a successful login. It stores whether the user is logged into the website.
Source: Joomla CMS

This session cookie is only set after a successful login. It saves whether the user is logged into the website and is deleted when the website is closed.

(c) Contact by e-mail

(1) When you contact us by e-mail, the data you provide us with (your e-mail address and your name) will be stored by us in order to contact you and answer your questions.

This may be the case for the following purposes:

•     Initiation, execution and administration of your contractual relationship (or the contractual relationship of your organization) with us, e.g. through the execution of transactions and orders of products or services, in the context of all procurement processes, the associated processing of payment transactions, accounting, auditing, billing and debt collection activities, the initiation of shipments and deliveries, repairs and the provision of support services or other services which you or your organization may have commissioned or requested or which we have commissioned or requested with you.

•     Information and advice within an existing business relationship on similar or related products or services, to the extent permitted by applicable law.

•     Maintain and protect the security of our products, services and websites or other systems, prevent and detect security risks, fraud or other criminal or illegal activity.

•     To comply with our legal or regulatory obligations. These obligations may include, for example, the retention of sales records for tax purposes or the dispatch of legally required notices and other notifications, compliance screenings or recording obligations (e.g. under competition law, export regulations, trade sanctions and embargo regulations or to prevent white-collar crime or money laundering). In this context, we may be required to cross-check your contact information or identity with relevant sanctions lists and confirm your identity in the event of a possible match, record information about our cooperation with you where relevant under antitrust law, and report to or assist with investigations by relevant regulatory, law enforcement, or other competent government authorities.

•     Settle disputes, enforce our contractual agreements and establish, enforce, or defend legal claims.
•     Invitations to corporate events such as trade shows or other marketing activities.

We delete the data arising herewith in our Outlook or CMS system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or are no longer employed by the company for which they have registered), or we restrict processing if there are statutory limitations for retention periods.

(2) Data transmitted upon the dispatch of an e-mail may be processed pursuant to Art. 6 (1)(f) DGPR.

d) Registration via the Creditors Relation Form

When you register using the Creditors Relation Form, the information you provide (your email address and name) will be stored by us to contact you and answer your questions. We delete the attendant data in our Outlook system after storage is no longer necessary (e.g. if the registered persons do not receive any data from us or no longer work for the company for which they have registered), or restrict processing if there are statutory limitations for retention periods.


We use the map service of OpenStreetMap (OSM). Provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
To ensure the privacy of our website, OpenStreetMap is disabled when you first enter our website. A direct connection to the servers of OpenStreetMap is only established when you activate OpenStreetMaps independently (consent in accordance with Art. 6 para. 1 lit. a DSGVO). This prevents your data from being transferred to OpenStreetMap the very first time you enter the site.
After activating OpenStreetMap, your IP address and other information about your behaviour on this website will be forwarded to OSMF. OpenStreetMap may store cookies in your browser for this purpose. These are text files that are stored on your computer and enable an analysis of your use of the website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
Furthermore, your location can be recorded if you have permitted this in your device settings - e.g. on your mobile phone. The provider of this site has no influence on this data transfer. For details, please refer to the OpenStreetMap privacy policy at the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy
OpenStreetMap is used in the interest of an appealing presentation of our online offers and easy findability of the locations we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

3. Online meetings with Microsoft Teams

We use “Microsoft Teams” to hold online meetings. Microsoft Teams is a software product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”) which is available as a desktop, web and mobile app.

The legal basis for data processing when holding meetings with Microsoft Teams is our legitimate interest in the effective holding of business meetings according to Art. 6 Para. 1, Sentence 1 lit. f of the GDPR. Insofar as the meetings are held with you as part of an existing contractual relationship, the legal basis is Article 6 Paragraph 1 Sentence 1 lit. b of the GDPR. We are not responsible for further data processing on the Microsoft product websites from which the desktop software can be downloaded and the web app can be used.
The following data may be processed during a meeting:
•     Information about the participant: display name, first name, last name, telephone number, e-mail address, password (encrypted for authentication), profile picture,
•     Metadata: topic and description of the meeting, IP address, telephone number of the participant, type of device / software (Windows / Mac / Linux / Web / iOS / Android Phone / Windows Phone), time of the last activity of the participant, number of Chat and channel messages, number of meetings attended, length of time for audio, video and screen sharing,
•     When using chat or channel messages: text data for display and, if necessary, logging,
•     When using audio: recording data of the microphone,
•     When using video: recording data of the camera,
•     When using a telephone: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data such as the IP address of the device, and
•     For recordings: audio, video and screen shares for storage in the cloud.
The data is stored at Microsoft Teams for the duration in accordance with our retention guidelines.
You can register for a meeting via e-mail. Your login data will be processed by us. You will be given a calendar appointment before the meeting. To participate in a meeting, you must at least provide us with your name or - if you are using a telephone - your telephone number. If we enable anonymous participation in meetings, we will inform you of this option during the invitation.
You can deactivate your microphone (audio) and your camera (video) at any time via the corresponding settings. We will only record meetings with your consent. Microsoft uses the metadata to generate aggregated reports on the use of Microsoft Teams.
Microsoft use the above data during the meetings in order to enable the meetings to be carried out on our behalf. All data traffic is encrypted (MTLS, TLS or SRTP) and data is generally stored on servers in the European Economic Area (EEA). If data is still processed in the USA, we have concluded EU standard contractual clauses with Microsoft in addition to the above-mentioned measures to protect your privacy.
You can find more information in Microsoft's privacy policy, available at: https://privacy.microsoft.com/de-de/privacystatement

4. Legal basis for data processing on our Creditors Relation Form

In order to safeguard our legitimate interest (cf. Art. 6 (1)(f). DGPR), we process your personal data when you contact us by e-mail or register using the Creditors Relation Form.

The provision of your personal data is not a legal obligation. This means that you are not obliged to provide us with your personal data. If you decide not to provide us with your personal data, it will not be possible to contact us or be included in our vendor list.

There is no automatic decision-making based exclusively on automated processing, including profiling, resulting in any legal or similar obligation affecting you.

5. Your rights

According to the provisions of DGPR you can assert the following rights against us:

  •   Right to information
  •   Right to rectification
  •   Right to limit processing
  •   Right to erasure / right to be forgotten
  •   Right to data portability
  •   Right to object

If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time effective into the future. This shall not affect the legal validity of any processing taking place up until you have revoked such consent.

If you are of the opinion that we process your personal data in an impermissible manner, please contact us by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it. or via a letter addressed to ARVOS Holding GmbH using the subject line "Data Protection Officer". You also have the right to contact the data protection supervisory authority. The responsible supervisory authority is "Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstrasse 10 a, 70173 Stuttgart".

6. Place of data processing

Your data will mainly be processed in Germany. Under certain circumstances, however, it may also be possible for the data to be accessed by foreign Group companies, for example by contacting them via e-mail.

7. Disclosure of your personal data

We only collect data from you (except within the framework of the web server protocols) if you yourself communicate this to us in order to use one of our offered services (e.g. sending enquiries via the contact e-mail addresses, registering with Creditors Relations). This data is then processed and/or used exclusively for the performance of the respective service. For this purpose, it may be necessary for service providers to support us. Furthermore, it may also be necessary for your data to be passed on to other units of our group of companies. In doing so, we observe data protection and privacy regulations. Furthermore courts, law enforcement agencies, or other statutory commissioned authorities may upon observance of legal provisions retrieve data or request information. In particular, your personal data may be passed on to the following recipients:

•    Our parent company Arvos Bidco S.à.r.l. Luxembourg or other Group companies,
•     IT service providers, waste disposal service providers,
•     Government authorities, offices, and banks.

If individual service providers or affiliates are located outside of the EU, there may not be an adequate level of data protection there compared to the level of data protection and privacy within the European Union. This means that the data protection and privacy laws in the country to which your data may be transferred do not provide the same level of protection as in Germany. We have therefore taken appropriate protective measures to ensure data protection: standard contracts for order processing or standard contract clauses within the Group and with external service providers. Agreements for data processing by independent contractors have been executed in accordance with Art. 28 DGPR, the standard contract clauses in accordance with EU regulations ( https://eurlex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=DE ).

You can obtain a copy of these protective measures at This email address is being protected from spambots. You need JavaScript enabled to view it. .

8. Security measures

Insofar as we forward data and information to our service providers within the scope of the services described herein, these service providers are obligated under contract with us with respect to provisions on the subject of data protection and privacy in addition to mandatory statutory provisions.

We use security measures, which we continuously optimize in accordance with technical and legal developments in order to protect your data and privacy as best as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized third parties.

9. Links to other websites

Our online offers contain links to other websites. This data protection and privacy policy does not extend to other providers.

We have no influence on whether these operators comply with data protection and privacy regulations and therefore accept no responsibility for the accuracy, timeliness, and sufficiency of the information provided there.

Our website may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own data protection and privacy policies, and most likely also use cookies. We recommend that you review them. The policies of these websites govern the use of personal information that you provide when you visit the website and that may also be collected through cookies. We assume no liability for such third-party websites, and your use of such websites is at your own risk.
10. Contacting us

If you have any questions or comments about our policies on data protection and privacy and cookies, please contact our authorized representative using the contact details provided in this policy statement (cf. Section 1).

The rapid development of the Internet makes it necessary for us to amend our data protection and privacy policies from time to time. Information about changes will be posted here.