Privacy Policy

Last updated: 15 January, 2024

We take the confidentiality and the protection of your personal data very seriously. Therefore, we process your personal data only to the extent permissible under statutory provisions, in particular under the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

With this Privacy Policy we would like to inform you in accordance with Art. 13 GDPR about the nature of the processing of your personal data via our website “brandback.de” (hereinafter “Website”) and in providing our services, the purposes of such data processing and about the rights to which you are entitled. Personal data is any information relating to an identified or identifiable natural person.

‍I.           General Information

1.           Controller
‍Arbor Technologies GmbH, Hagenauer Straße 2, 10435 Berlin (hereinafter “we”), is responsible for processing your personal data pursuant to Art. 4 (7) GDPR.

‍2.          Transfer to third parties
‍We may transfer your personal data to third parties where necessary to provide our Website or services. If we use external service providers, these have been carefully selected by us and commissioned in writing and only process your personal data on our behalf. If necessary, we have concluded a processing agreement pursuant to Art. 28 GDPR with them. The categories of recipients we transfer your data to are cloud service providers, management tool providers, marketing tool providers and technical service providers.

‍3.          Transfer to third countries
‍We may transfer your personal data to non-EU/EEA countries. Insofar as there is no adequacy decision for these countries according to Art. 45 GDPR, we transfer your personal data subject to appropriate safeguards according to Art. 46 GDPR.

‍4.          Blocking and deletion
‍Your personal data will be deleted or blocked as soon as the purpose for processing no longer applies. We will further retain your data if we are legally obliged to do so, especially for tax and accounting purposes. Blocking or deletion of your personal data will also take place if a retention period prescribed by the standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

‍II.          Our Processing Activities
‍In the following we would like to provide an overview of the personal data we process, the purposes we process them for as well as the legal basis for such processing activity.

‍1.           When you visit our Website
‍Each time you access our Website the following personal data is automatically processed:
·       IP address of your requesting computer
·       browser type, browser version and language used
·       your operating system
·       date and time of access of your visit
·       name of your access provider
·       name of the specific page or file accessed, and the amount of data transferred (access status/http status code)
·       website from which your system accesses our Website (“referrer URL”)

The legal basis for this processing is our legitimate interest (Art. 6 (1) (f) GDPR). We weighed our interest in providing as well as operating and securing this website against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, the provision of the Website is technically impossible. This also applies to its operation and security. In this context, the security of the website also serves your interests.

The log files are deleted after the end of the respective browser session, at the latest after 7 days. Personal data, which must be stored for further evidentiary purposes, is excluded from deletion until the respective incident has been finally clarified.

‍2.          When you contact us
‍When you contact us, using our contact for on the website we process the following information:
·       name
·       email address
·       voluntary additional information (e.g. position)

The legal basis for this processing of your personal data is principally Art. 6 (1) (b) GDPR. Insofar as the correspondence is neither necessary for the performance of a contract with us or in order to take steps prior to entering into a contract, the legal basis for the processing is Art. 6 (1) (f) GDPR. In such a case, it is our legitimate interest to communicate with you and to manage and document the communication.

Your personal data will be deleted after final answering, as far as there are no legal or other obligations to store.

‍III.        Data Subject Rights
‍In accordance with the GDPR, you have the following rights regarding your personal data:
·       right of access
·       right to rectification
·       right to erasure (“right to be forgotten”)
·       right to restriction of processing
·       right to object to the processing
·       right to withdraw consent
·       right to data portability

If we process your personal data based on our legitimate interests (Art. 6 (1) (f) GDPR), you can object to the processing by contacting us (see “Controller” for contact details). The same applies if we process your data based on your consent, you have the right to revoke your consent at any time with effect for the future.

Furthermore, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your personal data.