Data Privacy Statement for Arrive relocation & work permits

This data protection privacy statement will inform you on the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and contents as well as external online presences, e.g. our social media profile (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


Sabine Maus

Arrive relocation & work permits

Stitzenburgstraße 1

70182 Stuttgart


Type of data processed:

- inventory data (e.g. names, addresses).

- contact data (e.g. e-mail, telephone numbers).

- usage data (e.g. websites visited, interest in contents, access times).

- meta/communication data (e.g. device information, IP addresses).


Categories of data subjects

Visitors and users of the online offer (in the following we will also refer to data subjects collectively as "users").


Purpose of processing

- Provision of the online offer, its functions and contents.

- Responding to contact requests and communicating with users.



"personal data" means any information relating to an identified or identifiable natural person (in the following referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. This term is used in a very broad sense and covers practically any handling of data;

"'pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

"profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

"controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

"processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


Applicable legal basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis of our data processing. Where the legal basis is not specified in the data privacy statement, the following shall apply: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis where processing is necessary for the purpose of rendering our services and performing a contract as well as answering inquiries is Art. 6 (1)(b) GDPR, the legal basis where processing is necessary for compliance with our legal obligations is Art. 6 (1)(c) GDPR, and the legal basis where processing is necessary for purposes of the legitimate interests pursued by us is Art. 6 (1)(f) GDPR. Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1)(d) GDPR is the legal basis.


Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in line with Art. 32 GDPR.

These measures in particular include ensuring confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, ensuring availability and their separation with relation to these data. Furthermore, we have established procedures to ensure the exercise of rights of data subjects, erasure of data and reaction to data exposure. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with processors and third parties

Where we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit data to them or otherwise grant them access to data, this will only take place on the basis of a legal authorisation (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 (1)(b) GDPR is necessary for the performance of a contract), if you have consented, if a statutory requirement provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

Where we engage third parties to process data on the basis of a so-called "order processing contract" this shall only take place on the basis of Art. 28 GDPR.


Rights of data subjects

You have the right to request a confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data as well as further information and a copy of that data under Art. 15 GDPR.

Under Art. 16 GDPR you have the right to have your personal data completed or to have the inaccurate personal data concerning you rectified.

Under Art. 17 GDPR you have the right to have data concerning you erased without undue delay or alternatively to demand a restriction of the processing of these data under Art. 18 GDPR.

You have the right to receive the personal data concerning you, which you have provided, under Art. 20 GDPR and to have them transmitted to another controller.

Under Art. 77 GDPR you also have the right to lodge a complaint with the competent supervisory authority.


Right to withdraw consent

Under Art. 7(3) GDPR you have the right to withdraw consents already granted with effect for the future.

Right to object

You have the right to object at any time to processing of personal data concerning you under Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.


Erasing data

The data processed by us will be erased or their processing will be restricted under Arts. 17 and 18 GDPR. Unless expressly stated in this data privacy statement, the data stored by us will be deleted as soon as they are no longer required for the intended purpose and the erasure does not conflict with any statutory storage requirements. Unless the data are not erased because they are necessary for other and legally permissible purposes, their processing will be restricted, i.e. the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the data are stored in particular for 10 years in accordance with sec. 147 (1) AO [Tax Code], sec. 257 (1)(1) and sec.4 (4) HGB [Commercial Code] (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and for 6 years in accordance with sec. 257 (1), nos. (2) and (3), (4) HGB (commercial letters).


Broker services

We process data of our customers, clients and prospective customers (collectively referred to as "customers") in accordance with Art. 6 (1)(b) GDPR, in order to provide our contractual or pre-contractual services. The data processed in this context, their nature, scope and purpose as well as the necessity of processing are determined by the underlying order. As a rule, this includes inventory and master data of customers (name, address, etc.) as well as contact data (e-mail address, telephone number, etc.), contract data (content of the commissioning, charges, terms, information on the companies/insurers/services brokered) and payment data (commissions, payment history etc.). Furthermore, we may process the information on the characteristics and circumstances of persons or items belonging to them if this is part of the subject of our order. This may include, for example, information on personal living circumstances, mobile or immovable property.

In the scope of our commissioning we may also have to process special categories of personal data under Art. 9(1) GDPR, in particular data on the health of a person. For this purpose we will obtain, if applicable, the explicit consent of our customers under Art. 6 (1)(a), Art. 7, Art. 9(2)(a) GDPR.

To the extent necessary for the fulfilment of the contract or as required by law, we will disclose or transmit the data of customers in the context of requests for coverage, conclusion and execution of contracts to providers of brokered services / items, insurers, reinsurers, broker pools, technical service providers, other service providers, such as cooperating associations, as well as financial service providers, credit institutions and capital investment companies as well as social security funds, tax authorities, tax consultants, legal advisers, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). Furthermore, we may commission subcontractors, e.g. sub-brokers. We will obtain the consent of the customer if this consent is required for disclosure/transmission (which may be the case, for example, in the case of special categories of data in accordance with Art. 9 GDPR).

The data will be erased upon expiry of statutory warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; in all other respects, statutory retention obligations shall apply.

Insofar as statutory archiving obligations apply, erasure will take place after the expiry of such obligations. Under German law, in the insurance and finance sector there is a particular obligation to keep minutes of consultations for 5 years, contract notes of brokers for 7 years, brokerage contracts for 5 years and generally documents relevant under commercial law for 6 years and documents relevant under tax law for 10 years.


Methods of contact

When contacting us (e.g. via contact form, e-mail, telephone or social media), the user's details will be stored for processing and managing the contact inquiry pursuant to Art. 6(1)(b) (in the context of contractual/pre-contractual relationships), Art. 6 (1)(f) (other requests) GDPR. User information may be stored in a customer relationship management system ("CRM system") or comparable inquiry system.

We will delete requests if they are no longer needed. We will review the necessity every two years. Furthermore, statutory archiving obligations apply.


Collection of access data and log files

We, or our hosting provider, will collect data on the basis of our legitimate interests within the meaning of Art. 6 (1)(f) GDPR about each access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information will be stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then erased. Data which must be retained for evidence purposes are excluded from erasure until the respective incident has been finally resolved.

Created with by RA Dr. Thomas Schwenke.

Reservation of amendments

We reserve the right to modify this privacy policy to keep it in line with applicable regulations, as well as our offers on the website.

As at May 2018