top of page

Privacy Policy

Procedure directory according to § 4g paragraph 2 BDSG

Arex GmbH
Managing director: Harald Gloning
Street: Dieselstrasse 4
ZIP / City: 89231 Neu-Ulm
Telephone: 0731/378 46 57 0
Fax: 0731/378 46 57 9


1. Purpose of data collection, processing or use
1.1. Processing and implementation of contracts in connection with services in the hotel / apartment / gastronomy sector.
1.2. Secondary purposes are accompanying or supporting functions, such as essentially
1.2.1. Customer data management

Customers

  • Name data

  • Address and communication data

  • Business and contract data

  • Billing Information

  • Account details

1.2.2. Personal data management
Employees, trainees, interns, retirees, former employees

  • Name data

  • Address and communication data

  • Contract, master and accounting data: date of birth, marital status, nationality, denomination, area of ​​activity, salary payments, name and age of relatives as far as relevant for social benefits, income tax data, social data, bank details

  • Data for personnel administration and control: access control data, access control data, data for communication as well as for the processing and control of transactions as well as the technical systems, emergency contact data for persons selected by the employee who should be contacted in an emergency

1.2.3. Applicant data management

Applicants

  • Name data

  • Address and communication data

  • Application-relevant data: date of birth, marital status, nationality, education, details of professional career, certificates and qualifications

1.2.4. Supplier and service provider data management
Suppliers and service providers

  • Name data

  • Address and communication data

  • Business and contract data

  • Billing Information

  • Account details

The storage and data processing of personal data is carried out for our own purposes and for the purpose of executing the contract.

2. Description of the affected groups of people and the related data or data categories
Essentially, the personal data or data categories listed below are collected, processed and used for the groups of people concerned in order to fulfill the purposes stated in the intended purpose:
Customers

  • Name data

  • Address and communication data

  • Business and contract data

  • Billing Information

  • Account details

  • Video recordings (if applicable)

Employees, trainees, interns, retirees, former employees

  • Name data

  • Address and communication data

  • Contract, master and accounting data: date of birth, marital status, nationality, denomination, area of ​​activity, salary payments, name and age of relatives as far as relevant for social benefits, income tax data, social data, bank details

  • Data for personnel administration and control: access control data, access control data, data for communication as well as for the processing and control of transactions as well as the technical systems, emergency contact data for persons selected by the employee who should be contacted in an emergency

  • Video recordings (if applicable)

Applicants

  • Name data

  • Address and communication data

  • Application-relevant data: date of birth, marital status, nationality, education, details of professional career, certificates and qualifications

  • Video recordings (if applicable)

Suppliers and service providers

  • Name data

  • Address and communication data

  • Business and contract data

  • Billing Information

  • Account details

  • Video recordings (if applicable)


3. Recipients or categories of recipients to whom the data can be communicated
The personal data on the groups of people concerned are essentially passed on to the following recipients in order to fulfill the purposes mentioned under 1:
Customers

  • Internal departments that are involved in the execution of the respective business processes (e.g. bookkeeping, accounting, purchasing, marketing, sales)

  • Public bodies that receive data due to legal regulations (e.g. social security agencies, tax authorities)

  • External bodies, such as affiliated companies and external contractors, e.g. billing center with the health insurance companies, logistics partners or data centers

Employee

  • Internal departments that are involved in the execution of the respective business processes (e.g. bookkeeping, accounting, purchasing, marketing, sales)

  • Public bodies that receive data due to legal regulations (e.g. social security agencies, tax authorities)

  • External bodies, such as affiliated companies and external contractors, e.g. billing center with the health insurance companies, logistics partners or data centers

Applicants

  • Internal departments that are involved in the execution of the respective business processes (e.g. bookkeeping, accounting, purchasing, marketing, sales)

Suppliers and service providers

  • Internal departments that are involved in the execution of the respective business processes (e.g. bookkeeping, accounting, purchasing, marketing, sales)


4. Standard deadlines for the deletion of data
Customers: after 10 years
Applicants: after 6 months


5. No transfer to third countries

6. Art. 32 GDPR security of processing
1. Taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, the person responsible and the processor take suitable technical and organizational measures Measures to ensure a level of protection appropriate to the risk; these measures may include, but are not limited to:
1.1. the pseudonymization and encryption of personal data;
1.2. the ability to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing in the long term;
1.3. the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident;
1.4. a procedure for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing.

2. When assessing the appropriate level of protection, particular attention must be paid to the risks associated with the processing - in particular due to destruction, loss or modification, whether unintentional or unlawful, or unauthorized disclosure of or unauthorized access to personal data that is transmitted, stored or on processed other way - are connected.
3. Compliance with an approved code of conduct in accordance with Article 40 or an approved certification process in accordance with Article 42 can be used as a factor to demonstrate compliance with the requirements referred to in paragraph 1 of this Article.
4. The controller and the processor take steps to ensure that subordinate natural persons who have access to personal data only process them on the instructions of the controller, unless they are subject to processing under the law of the Union or of the member states Committed.

7. Video surveillance: Purpose: Video surveillance is used to exercise house rules, to avoid criminal offenses and to preserve evidence in the event of criminal offenses. The legal basis for video surveillance is Article 6 (1) (f) GDPR, whereby our interests arise from the aforementioned purposes.
Video recordings are deleted after 48 hours. Unless these image data are used, for example, to secure evidence in specific incidents. If such specific circumstances exist, the storage is extended to a maximum of 72 hours; longer in justified exceptional cases.

8. Data protection officer: IITR Datenschutz GmbH, Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich

Specific information about the website
Use of a newsletter
When you register for our newsletter, you provide us with your e-mail address and other optional data. We use this information exclusively to send you the newsletter. The data you entered when registering for the newsletter will be stored by us until you unsubscribe from our newsletter. You can unsubscribe at any time using the link provided in the newsletter or by sending us a corresponding message. By unsubscribing, you object to the use of your email address.

 

Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install.

Google AdWords Conversion Tracking
This website uses Google AdWords Conversion Tracking, a web analysis service from Google Inc. ("Google"). Google AdWords Conversion Tracking also uses "cookies" which are stored on your computer and which enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services relating to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate the data with other Google data. You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser.

Use of own "cookies"
This website uses its own "cookies" to increase user-friendliness ("cookies" are data sets that are sent by the web server to the user's browser and are stored there for later retrieval). No personal data is stored in our own "cookies". You can generally prevent the use of "cookies" if you prohibit the storage of "cookies" in your browser.

bottom of page