Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection legislation and this privacy policy.

In general, you can use our website without providing personal data. Where personal data is collected on our pages, this is always done on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

We would like to point out that data transmission over the internet may be subject to security vulnerabilities. Complete protection of data against third-party access is not possible.

Controller

arocom GmbH Felix-Dahn Strasse 92 70597 Stuttgart

Phone: +49 711 633 77960 Email: info@arocom.de Managing Director: Axel Roth Registry Court: Amtsgericht Stuttgart Commercial Register: HRB 740215

Data Collection and Processing

We collect, store, and process your personal data only to the extent permitted by law or where you have consented to data collection.

Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits to us. These include IP address, date and time of the request, request type, HTTP protocol version, status code, page size, referring page, as well as browser and operating system information.

This data is deleted after 60 days. Analysis is performed exclusively for statistical purposes and in anonymized form. No cross-referencing with other data sources takes place. We reserve the right to review this data retroactively if specific indications of unlawful use come to our attention.

To protect our systems against attacks and abuse, we use automated attack detection (CrowdSec). It evaluates IP addresses and access patterns and temporarily blocks suspicious IP addresses. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in network and information security, Recital 49).

Hosting and delivery of the website are provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (processor). Email delivery of our form notifications is handled via a mail service of domainfactory GmbH (processor). Data processing agreements under Art. 28 GDPR exist with both providers; processing takes place in Germany.

Website Forms

When using forms and submitting inquiries, the transmitted information including contact data is stored for processing purposes and for potential follow-up questions. This data is not shared with third parties.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures at your request) and otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Contact inquiries are deleted after final processing, at the latest 12 months after the last contact, unless statutory retention obligations apply or the inquiry leads to a contractual relationship.

Voice Messages in the Contact Form

Optionally, instead of text you can record a voice message in the contact form. The audio recording is transmitted to our server, stored there only temporarily, delivered to us as an email attachment, and then deleted from the server. A voice recording is a particular type of personal data (your voice); recording only happens on your active initiative. The legal basis is Art. 6(1)(b) and (f) GDPR, as with other contact inquiries.

Download Offers (Lead Capture)

To access individual free download documents (e.g. guides) we ask for your name, email address, and optionally your company name. This information is used to provide the document and to contact you about our services if you are interested. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in reaching out to prospects). The IP address and browser identifier are not stored. Lead data is automatically deleted after 24 months at the latest.

Application Data

Personal data includes information that allows individual identification, including names, addresses, phone numbers, dates of birth, and employment history.

Data collected: First and last name, email address, phone number (optional), LinkedIn profile (optional), CV, cover letter (optional).

Your data will be stored for a period of 90 days after completion of the application process. After this period, the data will be deleted or anonymized. In the event of a successful application, the data will be stored for the duration of the employment relationship.

Legal basis: Section 26 BDSG (German Federal Data Protection Act) for the evaluation and execution of the application process. Additional processing for the defense or assertion of legal claims is based on Article 6(1)(f) GDPR.

Cookies and localStorage

This website sets no tracking cookies. We use local browser storage (localStorage and sessionStorage) in two categories:

Essential (stored without consent; legal bases: §25(2)(2) TDDDG, storage exemption for strictly necessary functions, in conjunction with Art. 6(1)(f) GDPR, legitimate interest in the technical functioning of the site):

  • `arocom-theme`, your light/dark mode preference. Persistent until cleared.
  • `arocom-consent`, your privacy choice itself (version, timestamp, category state). Persistent until cleared.
  • `arocom-vote-{article}`, prevents double-voting on article ratings. Persistent until cleared.
  • `arocom-topic-suggestions`, your own topic suggestions (max. 3), to prevent duplicate submissions from the same browser. Persistent until cleared, never leaves your browser.
  • `arocom-slidein-cta-dismissed` (sessionStorage), dismissed UI hints for the duration of the tab.
  • `arocom-pages` (sessionStorage), paths of the current browser session for contextual UI displays. Ends when the tab closes, never leaves your browser.

Personalisation (only stored with your explicit consent, Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG):

  • `arocom-visits`, number of visits, used to tailor call-to-action copy.
  • `arocom-audience`, audience filters you selected (e.g. expertise level, topic focus).
  • `arocom-service-interest`, result of the service finder you filled in voluntarily.
  • `arocom-geo-score`, result of the GEO score check you started voluntarily.
  • `arocom-audit-done`, `arocom-audit-score`, result of the mini-audit.
  • `arocom-neuro-test-v2`, your answers in the neurodiversity self-assessment.

When you submit a contact or application form, these personalisation values are additionally transmitted as a `personalization` field to our server (Hetzner Online GmbH, Germany). They are used solely to better contextualise your request, are stored alongside that request, and are deleted together with the request according to the retention periods stated above for contact/application data.

Local retention: personalisation entries expire automatically after 90 days of inactivity and are removed on next access. Upon withdrawal, all personalisation entries are deleted immediately.

Withdrawal: you can withdraw your consent at any time via the "Privacy settings" link in the page footer. Withdrawal deletes every personalisation entry in your browser and stops further transmission to our server. The lawfulness of processing carried out before withdrawal is unaffected.

Manual deletion: you can additionally delete localStorage entries at any time via your browser's developer tools. Deleting entries from the "Essential" category has no effect on the site's core functionality.

Web Analytics (Umami)

This website uses Umami, a privacy-friendly, open-source web analytics solution. Umami is self-hosted by us at analytics.arocom.de on a server operated by Hetzner Online GmbH in Nuremberg, Germany. All data remains within the EU.

Umami does not set cookies, does not use fingerprinting, and does not store IP addresses or personal data. Only aggregated, anonymous usage statistics are collected (e.g. page views, time on page, referrer, device type). Identifying individual visitors is neither possible nor intended.

Since Umami does not process personal data, no consent under GDPR or the ePrivacy Directive is required. Data processing is based on our legitimate interest in analyzing website usage (Article 6(1)(f) GDPR).

Appointment Booking (Calendly)

To schedule meetings we link to the Calendly service operated by Calendly LLC (USA). Only when you book an appointment do you transmit your details (e.g. name, email address, preferred time) directly to Calendly; this involves a data transfer to the USA. Calendly provides us with the booking data to conduct the meeting. From the booking confirmation we process the domain of your email address and origin/campaign parameters (UTM) as an anonymized event in our web analytics (Umami) to measure the effectiveness of our content. The legal basis is Art. 6(1)(b) GDPR (conducting the requested appointment) and (f) GDPR (reach measurement). Details on Calendly's data processing: https://calendly.com/privacy.

YouTube Videos (Two-Click Solution)

On individual pages we embed YouTube videos. When the page loads, no connection to Google/YouTube is established, initially only a preview image stored locally on our server is shown. Only when you actively click the video and consent to the embed is the video loaded via youtube-nocookie.com; this transmits data (including your IP address) to Google Ireland Ltd. or Google LLC (USA). The legal basis for this transfer is your consent (Art. 6(1)(a) GDPR, §25(1) TDDDG), which you grant with the click. Details: https://policies.google.com/privacy.

Social Media

LinkedIn and X serve as support channels. To contact us via social media, you must log in to these services. Image and video uploads may transfer rights to social media platforms. Please refer to the respective privacy and terms of use policies.

SSL Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL encryption. You can recognize an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock icon.

Data Subject Rights

Data subjects have the following rights:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)

For consent-based processing, the right of withdrawal exists pursuant to Article 7(3) GDPR.

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR). The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, Germany, www.baden-wuerttemberg.datenschutz.de. You may also contact the supervisory authority of your habitual residence.

To exercise your data subject rights, please contact the address stated in the imprint or email info@arocom.de.

Final Provisions

We reserve the right to amend this privacy policy at any time to comply with current legal requirements or to reflect changes in our processes. The updated policy applies to subsequent website visits and applications.

100 %