Privacy Policy

Arvien (hereinafter referred to as “Arvien,” “we,” or “us”) appreciates your interest in our website. Protecting your personal data in compliance with applicable data protection laws is very important to us.
This Privacy Policy informs you (also referred to as “User,” “Customer,” or “Data Subject”) about how we safeguard your personal data, what kind of data we collect, and for which purposes it is processed.

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other applicable data protection regulations is:

Anastasios Stilianidis
Arvien
Stafflenbergstraße 72
70184 Stuttgart
Germany
E-Mail: contact@arvien.co

The Data Protection Officer is:
Anastasios Stilianidis (same contact details as above)

2. Terms and Definitions
The terminology used in this Privacy Policy follows the definitions set out in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other relevant data protection provisions. In particular, the definitions provided in Articles 4 and 9 GDPR apply.

3. General Principles and Rights of Data Subjects

3.1 Scope of Processing of Personal Data
We process personal data only to the extent necessary for providing our web and online services, as well as for the operation of functional websites. This may include processing activities relating to the following groups of individuals and use cases:

Visitors and users of our website
Customers and prospective clients
Applicants and candidates
Participants in (online) events such as conferences, workshops, or symposia
Individuals downloading publications, subscribing to newsletters, submitting contact requests, or taking part in studies and assessments
Members, participants in other events, or users placing online orders

3.2 Legal Bases
The processing of personal data is carried out in accordance with the GDPR, the BDSG, and other applicable data protection laws. In particular:

Where processing is based on the consent of the data subject, Article 6(1)(a) GDPR serves as the legal basis.
Where processing is necessary for the performance of a contract to which the data subject is a party, or for steps taken at the request of the data subject prior to entering into a contract, Article 6(1)(b) GDPR applies.
Where processing is required for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.
If processing is necessary in order to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR applies.
If processing is carried out to safeguard our legitimate interests or those of a third party, provided that such interests are not overridden by the interests, fundamental rights, or freedoms of the data subject, Article 6(1)(f) GDPR constitutes the legal basis.

3.3 Possible Recipients of Personal Data
In order to provide our website, online offerings, and general services, we may engage external service providers such as IT providers, software developers, consultants, cloud service operators, or archiving services. These entities may act as processors within the meaning of Article 28 GDPR and, in the course of providing their services, may gain access to personal data.

In such cases, we ensure that these providers have implemented appropriate technical and organizational security measures, and that data processing is carried out in full compliance with data protection requirements to safeguard the rights of data subjects.

Within Arvien, personal data may be shared between departments where necessary for the performance of business processes. Where legally permissible, we may also process data for marketing purposes beyond the scope of contract execution.

Additionally, we may be legally required to disclose personal data to public authorities (e.g., tax offices, law enforcement agencies, social security institutions). Where permitted by law, personal data may also be processed jointly with cooperation partners, sponsors, or participants in business events.

3.4 Processing of Personal Data in Third Countries
As a rule, your personal data is processed within the European Union (EU) or the European Economic Area (EEA). Transfers of personal data to so-called third countries — i.e., countries outside the EU/EEA where an equivalent level of data protection cannot automatically be assumed — only take place in exceptional circumstances (for example, when engaging certain service providers for web analytics or when data is shared in connection with Arvien’s services).

If personal data is transferred to a third country and such data is not anonymized or pseudonymized, we take appropriate precautions to ensure that an adequate level of protection is in place. This may result either from a formal adequacy decision of the European Commission or, where necessary, from the use of standard contractual clauses adopted by the European Commission.

3.5. Data Erasure and Storage Period
We erase personal data once it is no longer required for the purposes for which it was collected or if the legal basis for its storage no longer applies. Where erasure is not possible due to legal obligations, the data will be stored with restricted processing.
This may apply in particular:

to comply with statutory retention requirements (e.g., German Fiscal Code, Sec. 147 AO, or German Commercial Code, Sec. 257 HGB), or
to safeguard legitimate interests, such as during statutory limitation periods for potential legal claims (German Civil Code, Secs. 195 et seq. BGB).

At the latest, data will be erased once the applicable statutory retention or limitation period has expired, unless continued storage is required and justified by another legal basis.

3.6 Categories of Data
We mainly process the following categories of personal data:

a) Master data – Information you provide about yourself or your company, such as company name, first and last name, e-mail address, and telephone number.

b) Event and marketing data – Data collected in the context of webinars, (online) events, trade fairs, studies, conferences, or similar activities. This may include meta and log files, IP addresses, and session IDs.

c) Meta and log files – Technical information such as IP addresses, session IDs, browser type, operating system, and time of access.

3.7 Rights of Data Subjects
As a data subject, you are entitled to the following rights under Articles 12–22 GDPR. To exercise these rights, you may contact us at any time.

a) Right of access (Art. 15 GDPR)
You may request confirmation as to whether and to what extent we process your personal data.

b) Right to rectification (Art. 16 GDPR)
You may request the correction or completion of inaccurate or incomplete personal data without undue delay.

c) Right to erasure (Art. 17 GDPR)
You may request the deletion of your personal data without undue delay, unless statutory retention obligations or other legal grounds require continued storage.

d) Right to restriction of processing (Art. 18 GDPR)
You may request that the processing of your personal data be restricted under the conditions set out in the GDPR.

e) Right to data portability (Art. 20 GDPR)
You may request to receive personal data you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller, where technically feasible and legally permissible.

f) Right to object (Art. 21 GDPR)
You may object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out under Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
If your personal data are processed for direct marketing, you may object at any time to such processing, including related profiling.

g) Right to withdraw consent (Art. 7(3) GDPR)
You may withdraw any consent you have given for data processing at any time. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

h) Right to lodge a complaint (Art. 77 GDPR)
You may lodge a complaint with a supervisory authority if you believe that your personal data has been processed in violation of data protection regulations. This right exists in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

3.8 No Obligation to Provide Personal Data
The use of our online offerings or the conclusion of contracts with us does not generally require you to provide personal data. As a customer, prospective client, website visitor, applicant, or participant, you are not subject to any statutory or contractual obligation to share personal data with us. However, certain services may only be available to a limited extent — or not at all — if the necessary data is not provided.

4. Data Collection through Informational Use of Our Website

4.1 Description and Scope of Data Processing
When you access our website, certain technical information is automatically collected by our systems. The following log file data may be processed:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing device
Date and time of the server request
IP addresses (e.g., for backend logs, IP blocking, or server provider logs)

For information on the processing of additional metadata and log files in connection with tools such as Google Analytics, YouTube, Google Maps, or our social media channels, please refer to Section 8 and the following.
These log data are not combined with other data sources.

4.2 Purpose and Legal Basis of Processing
The temporary storage of IP addresses and other log data is technically necessary to provide the website and enable communication between your device and our systems. The legal basis for this processing during your visit is Article 6(1)(b) or (f) GDPR in conjunction with Section 169 German Telecommunications Act (TKG).
Beyond the communication process, storage may also take place to ensure system functionality, optimize our online services, and safeguard IT security. The legal basis in these cases is Article 6(1)(f) GDPR or Section 109 TKG.

4.3 Storage Period
Log data are stored only as long as required for the stated purposes. Data collected for website provision are erased once the session ends. Log files, including IP addresses, may be retained for system security and optimization for up to seven days after access.

4.4 Option to Reject
The collection and temporary storage of log data is essential for website operation and cannot be rejected by users. The situation differs for log data used for analytics, where the right to object depends on the tool and type of processing (personal, pseudonymous, or anonymous) – see Section 7(f).

5. E-Mail Contact and Contact Form

5.1 Description and Scope of Processing
You may contact us via the e-mail addresses provided on our website or through a contact form. In doing so, personal data such as your name and e-mail address are processed for the purpose of handling your inquiry. Data will not be shared with third parties without your consent.

5.2 Purpose and Legal Basis of Processing
The processing of contact inquiries is based on Article 6(1)(b) GDPR (performance of a contract or pre-contractual steps) and/or our legitimate interests under Article 6(1)(f) GDPR. Where applicable, consent (Article 6(1)(a) GDPR) serves as the legal basis.

5.3 Storage Period
Personal data are erased once they are no longer required for the purpose of processing the inquiry. Further retention may occur if necessary to fulfill contractual or statutory obligations, or to preserve evidence during statutory limitation periods.

6. Registrations, Downloads, and Event Participation

6.1 Description and Scope of Processing
Certain services on our website (e.g., downloads of studies or white papers, registration for online or in-person events) require prior registration. In this context, we may process:

Salutation, first and last name
Company name, address or P.O. Box
E-mail address

6.2 Purpose and Legal Basis of Processing
The processing is based on your consent (Article 6(1)(a) GDPR), contract performance (Article 6(1)(b) GDPR), and/or our legitimate interests (Article 6(1)(f) GDPR). Consent can be withdrawn at any time.

6.3 Storage Period
Following registration, personal data are stored in our Customer Relationship Management (CRM) system. Data remain stored until you withdraw consent or until we update or remove the relevant master data.

7. Data Processing for Newsletters, Advertising, Marketing, and Press Relations

In addition to informational website use, we may process personal data for marketing purposes such as newsletters, customer surveys, or press and public relations work.

7.1 Newsletter
Our website offers the option to subscribe to a free newsletter. To manage this process, we process the following data:

Valid e-mail address
Date and time of registration and confirmation
IP address used at registration and confirmation
Anonymized performance metrics (e.g., open and click rates)

We use a double opt-in procedure: following registration, a confirmation e-mail is sent. The subscription becomes active only when the link in this e-mail is confirmed. If confirmation is not received within 48 hours, the data are blocked and erased after one week.

The sole purpose of processing is to deliver the newsletter. The legal basis is consent under Article 6(1)(a) GDPR and Section 7 UWG. Data are stored for as long as the subscription is active; evidence of consent and unsubscription is retained for two years.

Consent can be withdrawn at any time by using the unsubscribe link in each newsletter e-mail, by e-mailing contact@arvien.co, or via the contact details in our imprint.

7.2 Advertising, Marketing, and Customer Surveys
Use of your personal data for advertising, marketing, or surveys requires consent or another valid legal basis. Where legally permitted, we may also use publicly available data or third-party address data from publicly accessible sources.
The following data may be processed:

Salutation, first and last name
Company name, address or P.O. Box
E-mail address and telephone number
Position

a) The legal basis for advertising and marketing activities relying on explicit consent is Article 6(1)(a) GDPR; the consent provisions in section IV.7.g) apply accordingly.

b) The legal basis for direct marketing via conventional mail is Article 6(1)(f) GDPR (legitimate interests), with the legitimate interest being to approach potential customers regarding our products and services.

c) The legal basis for marketing calls is Section 7(2) no. 2 UWG; express consent is required for consumers and presumed consent applies to other market participants; see also section IV.7.g) regarding consent requirements.

d) The legal basis for e-mail marketing of similar products or services is Section 7(3) UWG, provided that: (i) your e-mail address was collected in connection with a service, (ii) you have not objected to its use for direct marketing, and (iii) you were informed at collection and at each use that you may object at any time (see section IV.7.f for objection rights).

Depending on the legal basis (consent or legitimate interests), personal data may be stored and used for marketing until you object or withdraw consent.

You may withdraw your consent at any time for future processing without giving reasons, via telephone, written communication, or e-mail (e.g., to contact@arvien.co).

You may object at any time to processing based on legitimate interests, including profiling, as per Article 21 GDPR.

If you withdraw consent or object, the data will no longer be used for those purposes; this does not affect data processing necessary for contract performance (Art. 6(1)(b) GDPR), statutory retention, or legitimate interests (Art. 6(1)(f) GDPR), e.g., storing data in a suppression list to prevent future marketing.
Upon request, we will provide further details on marketing data processing and sources; please contact our Data Protection Officer as listed above.

8. Embedded YouTube Videos

8.1 Description and Scope of Processing
Our website contains embedded YouTube videos, which are hosted on www.youtube.com and can be viewed directly on our site. All videos are integrated in “enhanced privacy mode,” meaning that no data about you are transmitted to YouTube unless you actively play a video.
When a video is played, YouTube may receive information that you have accessed the corresponding webpage. This happens regardless of whether you have a YouTube account and are logged in. If you are logged into Google, the data may be linked directly to your account. To avoid this, you should log out of your Google account before playing the video.
YouTube may use the data for purposes such as advertising, market research, and the optimization of its services, including providing interest-based advertising and sharing activity with other users on the platform. You have the right to object to the creation of such user profiles; to exercise this right, please contact YouTube directly.

8.2 Purpose and Legal Basis of Processing
The processing of data is based on your consent under Article 6(1)(a) GDPR.

8.3 Storage Period
Further information on the scope, purpose, and storage period of data collected by YouTube, as well as your privacy rights and available settings, can be found in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy.

9. Cookies

9.1 Description and Scope of Processing
We use cookies on our websites. Cookies are small text files stored by your browser on your device, which transmit certain information to the entity that placed the cookie. Their purpose is to optimize our website and services.

Most cookies are session cookies, which are deleted when you leave the site. Some cookies may enable automatic recognition of your device; this is based on the IP address stored in the cookie, but does not directly identify you.

We also use performance cookies for web analytics to collect usage data (e.g., number of visits, user behavior) and improve our online services. Advertising or targeting cookies are used to deliver personalized offers or advertisements and to evaluate their effectiveness. Sharing cookies enable interaction with third-party services, such as social networks.

Cookies that are not strictly necessary for technical operation require your explicit consent under Article 6(1)(a) GDPR. Personal data processed via such cookies are only shared with third parties if you have provided consent. You may refuse cookies via your browser settings; however, some website functions may then be limited.

9.2 Storage Period

Session cookies are automatically deleted when you close your browser. They store a session ID to associate multiple requests with a single session.
Persistent cookies are automatically deleted after a defined period, depending on the specific cookie. You may delete cookies manually via your browser settings.
Third-party analytics cookies (e.g., Google Analytics with anonymization) are used solely for improving website quality and content. Analytics cookies require user consent (Article 6(1)(a) GDPR) and may be withdrawn at any time by rejecting or deleting cookies.

Detailed information about the cookies we use — including provider, purpose, technology, data collected, legal basis, storage period, recipients, and transfers to third countries — is available in our cookie settings.

10. Further Information
Your trust is important to us. If you have questions regarding the processing of your personal data or would like further information on any topic, you may contact us at any time via e-mail at: contact@arvien.co.
We reserve the right to update this Privacy Policy periodically in response to legal, technological, or organizational changes. Any significant changes affecting the processing of personal data will be communicated appropriately.
This Privacy Policy is current as of September 2025.

ARVIEN.

Privacy Policy