Data protection declaration

  1. General information 1.1 Objective and responsibility

  1. This data protection declaration provides information about the nature, scope and purpose of the processing of personal data in relation to our online offer “https://www.arealgroup.net/” and its associated websites, functions and content (hereafter collectively referred to as “online offer” or “website”).
  2. The provider of the online offer and party responsible under data protection law is Areal Group Wealth Management GmbH (Leipziger Platz 8, 10117 Berlin, Germany) – hereafter referred to as “provider”, “we” or “us”.
  3. Hosting is conducted by TELTA Citynetz GmbH (Bergerstr. 105, 16225 Eberswalde, Germany). Data management is conducted using the CMS system WordPress.
  4. Our data protection officer can be reached via email at info@arealgroup.net.
  5. The term “user” includes all customers and visitors to our online offer.

1.2 Legal basis

The collection and processing of personal data has the following legal basis:

  1. Consent as per Article 6(1)(a) General Data Protection Regulation (GDPR). Consent is any voluntary, informed and unambiguous statement of intent for the case in question in the form of a declaration or other explicit act of confirmation with which the affected party intimates that they agree to the processing of the personal data relating to them.
  2. Necessity for contract fulfilment or implementation of preparatory measures as per Article 6(1)(b) GDPR, i.e. the data are required for us to be able to fulfil our contractual duties to you or we require the data to prepare the conclusion of a contract with you.
  3. Processing to fulfil a legal obligation as per Article 6(1)(c) GDPR, i.e. processing of the data is required due to a law or other provision.
  4. Processing to safeguard legitimate interests as per Article(6)(1)(f) GDPR, i.e. processing is required to protect our legitimate interests or those of third parties, providing your interests or fundamental rights and freedoms that require the protection of personal data do not prevail.

1.3 Rights of affected parties

You have the following rights with regard to data processing by us:

  1. Right to lodge a complaint with a supervisory authority as per Article 13(2)(d) GDPR, as well as Article 14(2)(e) GDPR
  2. Right of access as per Article 15 GDPR
  3. Right to rectification as per Article 16 GDPR
  4. Right to erasure (“right to be forgotten”) as per Article 17 GDPR
  5. Right to restriction of processing as per Article 18 GDPR
  6. Right to data portability as per Article 20 GDPR
  7. Right to object in accordance with Article 21 GDPR

Note: Users may object to the processing of their personal data in line with legal provisions at any time with future effect. In particular, the objection can relate to processing for the purposes of direct advertising. Without prejudice to any other legislative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the member state in which you are resident, in which you work or in which the suspected breach took place, if you believe that processing of the personal data related to you breaches the GDPR.

1.4 Deletion of data and duration of storage

The personal data relating to the affected party will be deleted or restricted as soon as the storage purpose no longer applies. Storage can also take place if this is provided for by European or national lawmakers in European Union regulations, laws or other provisions to which the responsible party is subject. Restriction or deletion of the data also occurs if a storage period prescribed by the above-stated regulations expires unless there exists a requirement to continue to store the data for the conclusion of a contract or to fulfil a contract.

1.5 Security of processing

  1. We have implemented appropriate, state-of-the-art technical and organizational security measures (TOMs). The data we process are therefore protected against accidental or wilful manipulation, loss and destruction, as well as unauthorized access.
  2. In particular, these security measures include the encrypted transfer of data between your browser and our server.

1.6 Transfer of data to third parties, subcontractors and third-party providers

  1. A transfer of personal data to third parties only takes place within the scope of legal provisions. We only transfer user data to third parties if this is required e.g. for billing purposes or for other purposes if the transfer is required to fulfil contractual obligations vis-à-vis the users.
  2. If we employ subcontractors for our online offer, we have agreed contractual provisions with these companies, as well as arranging the appropriate technical and organizational measures.
  3. If we use content, tools or other material from other companies (hereafter collectively referred to as"third-party-providers") and their registered headquarters are located in a third country, it is understood that a data transfer to the domicile of the third party takes place. We only transfer personal data to third countries if a sufficient level of data protection, the consent of the user or legal permission is present.

2 Specific data processing

2.1 Collection of information to use the online offer

  1. When using the online offer, information is automatically transferred to us by the user’s browser; this includes the name of the accessed website, file, date and time of access, volume of transferred data, report on successful access, browser type and version, the user’s operating system, referrer URL (the site visited beforehand), IP address, and the requesting provider.
  2. These data are processed for reasons of legitimate interest as per Article 6(1)(f) GDPR (e.g. optimization of the online offer), as well as to guarantee processing security as per Article 5(1)(f) GDPR (e.g. defence against and resolution of cyberattacks).
  3. This information is deleted automatically seven days after the connection ends – i.e. use of the online offer – as long as no further retention periods prevent this.
  4. The collection of data and storage of data in log files is critical for the provision of the online offer. For this reason, the user does not have the option of deletion, objection or correction.

2.2 Contact form and email contact

  1. When contacting us (using an online form or by email), the data provided by the user is only used to process the query and to execute it.
  2. Additional use of the data only takes place with the user’s consent.

2.3 Links to other websites

  1. You may be automatically transferred to other websites when using some of our services.
  2. Please note that this data protection declaration does not apply there. The data protection declaration of the linked website may differ considerably from this one.

2.4 Google Analytics

  1. 1. With your consent, we use Google Analytics to analyze and optimize our online offer, as well as to facilitate its commercial operation, as per Article 6(1)(a) GDPR. Google Analytics is a Web analysis service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – hereafter “Google”. Google uses cookies and additional technology. Information generated by the service resulting from the use of the online offer by users is transferred to a Google server in the USA and processed there.
  2. Google operates for us in an order processing capacity as per Article 28 GDPR. We have concluded a data protection agreement with Google that contains the standard EU data protection clauses.
  3. We use Google Analytics with activated IP anonymization.
  4. Google Analytics stores cookies on your Web browser for two years following your last visit. These cookies contain a randomly generated user ID that means you can be recognized during subsequent website visits. Users can prevent the storage of cookies with the corresponding setting in their browser software.
  5. The recorded data are stored with the randomly generated user ID, facilitating the evaluation of pseudonym user profiles. These user-related data are deleted automatically after 26 months. Other data remain stored in an aggregate form.
  6. You can find additional information on data usage by Google, as well as setting and revocation options, on Google’s websites:

https://policies.google.com/technologies/partner-sites?hl=de ("Data usage by Google when you use our partners' websites or apps")

https://policies.google.com/technologies/ads ("Data usage for advertising purposes")

https://adssettings.google.com/authenticated ("Control information that Google uses to show you ads").

2.5 Google Tag Manager

  1. This website uses Google Tag Manager. This service facilitates the use of website tags via a user interface. Google Tool Manager only applies tags. This means that no cookies are deployed and no personal data are collected. Google Tool Manager triggers other tags that may in turn collect data. However, Google Tag Manager does not access these data.
  2. If deactivation has been performed at a domain or cookie level, this remains the case for all tracking tags provided that these have been applied by Google Tag Manager.

2.6 Google Fonts

  1. Our website uses Google Fonts from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA).
  2. The use of Google Fonts takes place without authentication and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data will be transmitted to Google while you are using Google Fonts. Google only records the use of CSS and the fonts used and stores this data securely.
  3. You can find more about these and other questions at https://developers.google.com/fonts/faq.
  4. Information on the type of data recorded by Google and the purpose for which they are used can be found at https://www.google.com/intl/de/policies/privacy/

2.7 Consent Management

  1. Our website uses cookie consent technology from “Complianz GDPR/CCPA Cookie Consent” in order to obtain your consent to the storage of specific cookies on your browser and to document this in a manner that complies with data protection regulations. The company providing this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereafter “Complianz”)."in order to obtain your consent to the storage of certain cookies in your browser and to document them in compliance with data protection regulations. The provider of this technology is Complianz BV, Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter Complianz).
  2. If you visit our website, a Complianz cookie is saved on your browser and stores the consent you have provided or your revocation of this consent.
  3. The recorded data are stored until you request that we delete them or you delete the Complianz cookie yourself or the purposes for storing the data expires. Mandatory legal retention periods remain unaffected.

You can find details on data processing by Complianz at https://complianz.io/privacy-statement.

  1. Complianz cookie consent technology is used to obtain statutory consent for the use of cookies. The legal basis for this is Article 6(1)(1)(c) GDPR.

2.8 Application process

To ensure improved legibility, gender-neutral language will be employed within the context of the following explanations. All personal designations apply to all genders: m/f/x.

2.8.1 Connectoor platform

  1. We use the recruitment tool Connectoor for the receipt and management of applications and therefore for the purpose of the (potential) establishment of an employment relationship. The application provider is jobEconomy GmbH (Meinekestr. 26, 10719 Berlin, Germany).
  2. The privacy policy of this provider can be found here: https://www.connectoor.com/datenschutz/. Please note that, despite our incorporation of Connectoor, we remain responsible for processing.
  3. If you apply to us via Connectoor, the following takes place: the provider collects the following data from you on our behalf:

Your title, first and last name, availability dates, and other data from your application.

  1. We are then able to access this recruitment tool internally and view your application data. We then have the following possibilities: production of notes associated with your application data; internal communication regarding your application (where relevant, with the department in question); documentation of the decision regarding the subsequent processing of the application: invitation to one or several interviews, invitation to one or several trial working days, transmission of an employment contract document, production of a rejection, or implementation of onboarding activities. You can find further information on possible application areas here: https://www.connectoor.com/funktionen/
  2. The legal basis for this is Article 88(1) GDPR in conjunction with Section 26(1) German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), whereby processing of application data is permitted even without the applicant’s consent if this is required to make a decision regarding the establishment of an employment relationship. In addition, the assertion of this legal basis does not prevent our use of an external service provider for this purpose, specifically the provider of Connectoor. We have carefully selected this provider, have lawfully established a binding contract with it and inspect it regularly. These processes are always in accordance with Article 28 GDPR, which governs so-called order processing.
  3. 6. In the event that an employment relationship is established between us, we store your application data until the statutory retention period expires; this is generally ten years following the termination of the employment relationship at the latest. In the event that an employment relationship is unfortunately not established, the following applies: it is of course never enjoyable to reject someone and we do not like to receive rejections ourselves. In the unfortunate event that this happens, we store your application data for six months following receipt of the respective rejection. Here we invoke Article 6(1)(f) GDPR. Under this provision, processing is permitted to safeguard the responsible party’s legitimate interests or those of a third party, providing the interests or basic rights and freedoms of the affected party requiring the protection of personal data do not prevail. Our legitimate interest is derived from Section 15(4) of the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG). Under this provision, a compensation claim for discrimination must be made in writing within a period of two months. This period begins with receipt of the rejection within the application process. In our opinion, if we are unaware of any complaint six months after rejection, it is safe to assume that such a complaint does not exist, and we are permitted to store the data to that point for the assertion of our legitimate interests (defending ourselves against a compensation claim). If you assert a breach of the rules that prevent discrimination, we are permitted to store data until the process is closed; this is also for the assertion of our legitimate interests (defending ourselves against a compensation claim). We exercise our right of instruction vis-à-vis the provider of Connectoor here in particular.
  4. There is no legal duty to collect this data during the application phase. It is nonetheless possible that the absence of some or all data could lead to queries. If this absence continues, recruitment may become impossible.

2.8.2 Direct applications

  1. We offer you the possibility of applying to us (e.g. by email, by post or via an online application form). Below, we provide information about the scope, purpose and use of your data collected within the context of the application process. We ensure that the collection, processing and use of your data comply with the applicable data protection law and all additional legal provisions, and that your data are handled in the strictest confidence.
  2. Scope and purpose of the data collection

If you send us an application, we process the personal data associated with it (e.g. contact and communication data, application documents, notes taken during interviews, etc.), providing that this is required to make a decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 BDSG (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation) and – if you have provided your consent – Article 6(1)(a) GDPR. Consent may be revoked at any time. Your personal data are only transferred within our company to people who are involved in the processing of your application.

  1. If your application is successful, the data you have submitted will be stored in our data processing systems based on Section 26 BDSG and Article 6(1)(b) GDPR for the purposes of implementing the employment relationship.
  2. Data retention period

If we are unable to make you an employment offer, you reject an employment offer or you withdraw your application, we reserve the right to store the data you have transferred to us based on our legitimate interests (Article 6(1)(f) GDPR) for up to six months following termination of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. Retention primarily serves the purpose of verification in the event of a legal dispute. If it is evident that the data will be required after the six-month retention period has expired (e.g. due to threatened or impending litigation), deletion only takes place if the purpose for continued retention lapses.

  1. A longer retention period may however be applied if you have provided the appropriate consent (Article 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

2.8.3 Inclusion in the applicant pool

  1. If we do not make you an employment offer, there exists the possibility of being included in our applicant pool. If included, all documents and information from your application will be transferred to the applicant pool to allow us to contact you if an appropriate vacancy opens.
  2. Inclusion in the applicant pool only takes place with your express consent (Article 6(1)(a) GDPR). Giving your consent is voluntary and does not affect the application process in progress. The affected party may revoke their consent at any time. In this case, the data will be irreversibly deleted from the applicant pool, providing no legal reason for retention exists.
  3. The data in the applicant pool will be irreversibly deleted two years after your consent has been given at the latest.

3 Cookie Policy

3.1 General information

  1. Cookies are information that is transferred from our Web servers or the Web servers of third parties to the user’s Web browser and stored there for subsequent retrieval. Cookies may be small files or other forms of information storage.
  2. If the user does not wish to have cookies stored to their computer, they are asked to deactivate the relevant option in their browser system settings. Stored cookies can be deleted in the browser system settings. Excluding cookies may impair the functionality of this online offer.

3.2 Cookie overview

Surnameproviderspurposerunning time
displayCookieConsentwww.arealgroup.netCookie Consent, this cookie stores your cookie settings365 days
pll_languagewww.arealgroup.netMultilingualism of the website, this cookie stores the language selected by the user.365 days
wordpress_ [hash]WordPressWhen logging in, WordPress uses this cookie to store your authentication data. Use is restricted to the administration screen area, /wp-admin/Browser session
wordpress_logged_in_ [hash]WordPressAfter logging in, WordPress sets the WordPress_logged_in_ [hash] cookie, which indicates that the user is logged in - and who the user is. The latter information is relevant for some interface applications.Browser session
wordpress_test_cookieWordPressThis cookie is set when you navigate to the login page. This can be used to check whether the browser is set to allow cookies.Browser session
wp-settings- [UID] & wp-settings- {time} - [UID]WordPressWordPress sets several wp-settings- {time} - [UID] cookies. The number at the end is the individual user ID from the "users" database table. This is used to customize your view of the admin interface and possibly the main page interface as well.365 days

3.3 Objection possibilities

You may object to the use of cookies for measuring reach and for advertising purposes using:

  1. The deactivation page of the network advertising initiative: http://optout.networkadvertising.org/
  2. US website http://www.aboutads.info/choices
  3. European website http://www.youronlinechoices.com/uk/your-ad-choices/

4 Changes to the data protection declaration

  1. We reserve the right to change this data protection declaration in relation to data processing in order to adapt to a change in legislation, to the online offer or to data processing.
  2. If the consent of the user is required or if elements of the data protection declaration contain rules on contractual relationships with users, changes only take place with the users’ consent.
  3. Users are asked to check the content of this data protection declaration regularly.

Status: May 2021