Privacy Policy

Adjust cookie settings


Who we are

(as of September 2025)

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Arrow Global Germany GmbH
Europaring 60
40878 Ratingen
Germany

+49 (0) 2102 – 91 94-0
info@arrow-deutschland.net

 

Contacting the data protection officer

The data protection officer of the controller is:

DataCo GmbH
Sandstrasse 33
80335 Munich
Germany

+49 (0) 89 7400 45840
www.dataguard.de

 

General information on data processing

On this page, we provide information about the processing of your personal data on the website.
How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use or share your personal data if we have a legitimate purpose and legal basis for doing so.

What do we mean by legal basis?

Consent (Art. 6(1)(a) GDPR) – You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the subsections entitled ‘Exercising your rights’ in the following sections of this privacy policy.

Contract (Art. 6(1)(b) GDPR) – We need to use your data to fulfil a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract.

Legal obligation (Art. 6(1)(c) GDPR) – We need to use your data to comply with the law.

Vital interests (Art. 6(1)(d) GDPR) – The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.

Public task (Art. 6(1)(e) GDPR) – The processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, e.g. for a statutory function.

Legitimate interests (Art. 6(1)(f) GDPR) – The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not outweigh this.

Please note that we may not be able to provide you with our website services if your data is processed for the performance of a contract or a legal obligation and you do not provide the requested data.

Disclosure of your personal data and transfer to third countries

As explained in this privacy policy, we use various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to disclose your personal data to them.

We have entered into agreements with all service providers to whom we disclose your data, obliging them to protect your data.

If your personal data is disclosed outside the EU, we ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an ‘adequate’ data protection standard according to the European Commission, or by applying another protective measure, such as an enhanced contractual agreement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission.

For example, when we use US service providers, we rely on either the SCCs or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have concluded with our service providers by sending an email to the email address provided in this privacy policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. The right to information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain access to this data and the following information:

  • Purposes of processing
  • Categories of personal data
  • Recipients or categories of recipients
  • Planned storage period or criteria for determining this period
  • The existence of rights to rectification, erasure or restriction or objection
  • Right to lodge a complaint with the competent supervisory authority
  • Where applicable, the origin of the data (if collected from a third party)
  • Where applicable, the existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope and the expected effects
  • Where applicable, the transfer of personal data to a third country or international organisation

2. Right to rectification (Art. 16 GDPR)
If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or supplemented without delay.

3. Right to restriction of processing (Art. 18 GDPR)
If one of the following conditions is met, you have the right to request a restriction on the processing of your personal data:

  • You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
  • In the context of unlawful processing, you refuse to have the personal data deleted and instead request the restriction of the use of the personal data.
  • We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal claims or
  • after you have objected to the processing, for the duration of the review of whether our legitimate reasons outweigh your reasons.

4. Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)
If one of the following reasons applies, you have the right to request the immediate erasure of your personal data:

  • Your data is no longer necessary for the processing purposes for which it was originally collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing, or you object in accordance with Article 21(2) of the GDPR.
  • Your personal data is being processed unlawfully.
  • The erasure is necessary to comply with a legal obligation under Union law or the law of the Member State to which we are subject.
  • The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

Please note that the above reasons do not apply if processing is necessary:

  • To exercise the right of freedom of expression and information;
  • To comply with a legal obligation or to perform a task carried out in the public interest and to which we are subject.
  • For reasons of public interest in the area of public health.
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • For the establishment, exercise or defence of legal claims.

5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request its transfer to another controller.

6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

7. Right to revoke the declaration of consent under data protection law (Art. 7(3) GDPR)
If you have consented to processing by the controller by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until revocation is not affected by the revocation of consent.

8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

The data protection authority responsible for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia:

Postfach 20 04 44
40102 Düsseldorf
Telephone: +49 (0) 211 - 384 24-0
Email: poststelle@ldi.nrw.de
Homepage: www.ldi.nrw.de

 

Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website
  • This data is stored in our system's log files.

This does not affect the user's IP addresses or other data that enables the data to be assigned to a user. This data is not stored together with other personal data of the user.

2. Purpose of data processing
The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Exercising your rights
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. The user may object to this. Whether the objection is successful must be determined by weighing up the interests involved.

 

Use of cookies

1. Description and scope of data processing
When you visit our website, we use technical tools for various functions, in particular cookies, which may be stored on your device. When you visit our website and at any time thereafter, you have the choice of whether to generally allow cookies to be set or which individual additional functions you wish to select. You can make changes on our data protection page.

Cookies are text files or pieces of information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can be sent to the entity that sets the cookie. Below, we describe the types of cookies we use:

We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.

The following data is stored and transmitted by technically necessary cookies:

  • Frequency of page views
  • Use of website functions

We use cookies on our website that are not technically necessary. Text files that do not solely serve the functionality of the website but also collect other data are considered technically unnecessary cookies.

The following data is processed by setting technically non-essential cookies:

  • Location of internet users
  • Date and time of the website visit
  • Tracking of surfing behaviour

2. Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The use of technically unnecessary cookies is for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus continuously optimise our offering. In addition, they serve in particular to measure the success of advertising measures.

3. Legal basis for data processing
The legal basis for the processing of personal data using technically unnecessary cookies is Section 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Section 25 (2) TDDDG in conjunction with Art. 6 (1) lit. f GDPR. Our legitimate interest here lies in the purposes of data processing mentioned under 2.

4. Exercising your rights
You can revoke your consent to the use of cookies at any time and manage your cookie settings at the following link: www.arrow-deutschland.net/datenschutz.

 

Email contact

1. Description and scope of data processing
You can contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

2. Purpose of data processing
The purpose of processing your personal data is to deal with the matter raised in your communication and, if necessary, to contact you.

3. Legal basis for data processing
The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. Our legitimate interest is to respond to your enquiry sent by e-mail in the best possible way. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Exercising your rights
If the user contacts us by e-mail, they can object to the storage of their personal data at any time by sending an e-mail to datenschutz@arrow-deutschland.net. In such a case, the conversation cannot be continued.

All personal data stored in the course of establishing contact will be deleted in this case.

 

Hosting

The website is hosted on servers by a service provider commissioned by us.

Our service provider is:

  • Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany

Further information about the processing of personal data by HostEurope can be found at: www.hosteurope.de/AGB/Datenschutzerklaerung/

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Web pages accessed by the user's system via our website

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimise its functions.

The website server is located in Germany.