Arcwide B.V. and its subsidiaries , the Arcwide Group, are part of the BearingPoint Group of associated companies for which this Privacy Statement applies. Arcwide is a joint venture between BearingPoint and IFS.
Website Privacy and Cookie Statement
This Privacy Statement was last updated on 5 May 2022.
It sets out the data protection practices carried out through the use of the Internet and any other electronic communications networks by BearingPoint Holding BV and its associated companies (all together “BearingPoint”; “we”, “us”) and with respect to bearingpoint.com, hcube.io, ministerialkongress.de, ps.bearingpoint.com, bearingpointbill.com, bearingpoint.services, survey.bearingpoint.com, arcwide.com and other BearingPoint websites, applications and online services that link to this website privacy statement (together referred to as the “Site”).
We may provide a separate privacy statement in connection with certain websites and applications that we offer, and where we do so, such privacy statement will apply to our collection and use of personal information collected through such websites and applications.
A full list of our main offices can be found at www.arcwide.com/en/contact/ whereas we are not responsible for our member firms in Portugal and in Russia; they are allowed to use “BearingPoint” in the name under limited license but from a data protection perspective both member firms are Controllers themselves for their processing activities.
1. Personal Information Collected
1.1 BearingPoint collects personal information from you that you provide, such as your email address, job title or company name through the use of registration forms, for instance every time you sign up for an electronic newsletter, when you choose to send us an application to be considered for employment, when you register for an event or conference organized by BearingPoint, when you submit a request for proposal or for information, when you request the authorization of downloading a document, when you enter an online competition or when you send us a message via an email reply mechanism provided on the BearingPoint sites or when you choose to provide your information for surveys, quizzes or benchmarking surveys.
We use a customer relation management system (the BearingPoint CRM) to store personal information about our business contacts. We collect and use business contact details for individuals associated with existing and potential BearingPoint clients to manage and maintain our relationship with those individuals.
BearingPoint also uses Microsoft Bookings. Microsoft Bookings is a Microsoft 365 app supporting the scheduling and the managing of appointments; it includes a web-based booking calendar. The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR; we want to give you the opportunity to easily schedule an appointment with us.
The personal data required for an appointment via Microsoft Bookings (name and email address) as well as your additional, voluntary information (address, telephone number, notes) are processed and stored by us only to the extent that this is necessary for the processing of the appointment, but no longer than 120 days. Since Microsoft Bookings is a Microsoft 365 service, Microsoft (One Microsoft Way, Redmond, WA 98052-6399, USA) also receives access to the data you provide in the form.
Further information on the handling and use of data by Microsoft can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
2. Use of Personal Information
2.1 We process personal information collected via the BearingPoint sites for the purposes of:
- Providing our services
- Dealing with your enquiries and requests Recruitment
- Proposing/inviting access to BearingPoint’s social media accounts
- Proposing/inviting to informational events and conferences
- Providing you with information about products and services
- Managing and maintaining our relationship with business contacts
- Participating in surveys, quizzes, or benchmarking surveys
- Replying to your data subject access requests
3. Information We Gather Automatically and How We Use It
3.1 When you visit one of the BearingPoint sites, we collect information automatically about those visits.
3.2 In particular, your browser automatically sends us certain Internet-related information, such as the Internet Protocol (IP) address of the computer you are using.
3.3 We also collect information through the use of cookies to better understand how visitors use the BearingPoint sites, to identify problems with our servers, prepare aggregate demographic information and other information regarding the use of the BearingPoint sites, and to improve the functions of the BearingPoint sites. Cookies do not collect any information that enables you to be identified as an individual.
3.4 BearingPoint uses “Google reCAPTCHA” (hereafter “reCAPTCHA”) on its websites. Provider is Google LLC 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). With reCAPTCHA we want to check if the data entry on our websites (for example in a contact form) is done by a human or by an automated program. For this, reCAPTCHA analyzes the behavior of the site visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (for example, the IP address, the time a site visitor spends on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyzes are completely in the background. Site visitors are not advised that an analysis is taking place. Data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. BearingPoint has a legitimate interest in protecting its websites from abusive automated spying and SPAM. For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links:
https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/about/.
3.5 When you visit or use our social media websites such as Facebook, we use Facebook Pixel, which allows us to display interest-based advertisements ("Facebook Ads") to users of the website when they visit the social network or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad ("conversion").
The processing of this data by Facebook takes place within the framework of Facebook's data policy: https://www.facebook.com/policy.php.
Special information and details about the Facebook pixel, the Conversions API and its functionality can also be found in the Facebook help area: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
We also use lead ads on Facebook, e.g. for recruiting purposes. If you, as a platform user, click on an add, you will be prompted to fill out a lead ad forms. After submitting it, your leads data will be stored on Facebook’s servers for no more than 90 days, and we may download your leads data from it. The downloaded data will be further stored in our recruitment system for no longer than 6 months. Facebook will use the information submitted by users through the lead ad, subject to its data policy: https://www.facebook.com/policy. Further details about how Lead ads work on Facebook can be found here: https://www.facebook.com/business/help/1481110642181372?id=735435806665862.
When operating with lead ads, BearingPoint together with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) are Joint Controllers for the collection and transfer of data in this process. The following processes are therefore not covered by joint controllership:
- The process that takes place after the collection and transmission is within the sole responsibility of Facebook.
- The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility.
We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR. Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.
3.6 Google Analytics 4.
BearingPoint also uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on its websites. In order to protect your data as best as possible, the version “Google Analytics 4” (GA4, anonymized tracking, cookieless tracking) is used. Thus, only anonymized aggregated data is transmitted to us, which we evaluate for web statistics and therefore want to improve our offer. No individual profiles are created, but rather user groups. A personal reference can no longer be established.
GA4 uses IP address anonymization by default, which cannot be deactivated. Lawful cookies have a duration of 2 months.
The legal basis for the use of GA4 and the resulting coverage measurement is the legitimate interest (Art. 6 (1) lit. f GDPR).
The collected data may be transmitted to Google in Europe, or also to Google servers in the USA. BearingPoint has no influence on the data transfer to Google. Furthermore, BearingPoint has no influence on whether Google can draw conclusions about your person.
We are reviewing relevant rulings of the European Data Protection Agencies and/or other authorities which might impact the use of Google Analytics.
Further information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=de.
3.7 CleanTalk anti-spam check
We use the "CleanTalk" service, which protects the Site from spam when a data entry on a Site is done (for example in a contact form). The legal basis is the legitimate interest (Art. 6 (1) lit. f GDPR.
For security reasons and as protection against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 45 days. After expiry of the aforementioned period, this data will be completely deleted. CleanTalk may use information about spam activity from IP or email addresses to provide appropriate anti-spam protection to all websites connected to its service.
Further information on the handling and use of data by CleanTalk can be found in CleanTalk Inc’s privacy policy: https://cleantalk.org/publicoffer#privacy.
4. Cookie list
4.1 A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
4.2 Microsoft Dynamics 365
We use cookies or tracking pixels from Microsoft Dynamics 365, which is provided by Microsoft Ireland Operations Limited, Ireland. Microsoft Dynamics uses the following cookies:
- Long-term behavioral-analysis cookie: This cookie is set and/or read on any webpage where we have placed a Dynamics 365 Marketing website behavioral-analysis script. It enables Dynamics 365 Marketing to score leads based on their level of interaction with a given website. The cookie contains no personal information but does uniquely identify a specific browser on a specific machine, and Dynamics 365 Marketing can use it to correlate this ID with an actual contact in our Dynamics 365 CRM. The cookie remains active for two years.
- Short-term, single-visit cookie: This cookie is also set and/or read on any webpage where we have placed a Dynamics 365 Marketing website behavioral-analysis script. By default, it expires after just 30 minutes. Dynamics 365 Marketing uses it to group all page loads by a given user that are recorded by the same behavioral-analysis script and that occur within the configured timeframe. It will consider all of these as part of a single "visit" to the website.
4.3 This website uses Hotjar, an analysis software from der Hotjar Ltd. („Hotjar“) (https://www.hotjar.com/, Hotjar Ltd Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta, Europe). Hotjar makes it possible to measure and analyse user behaviour (clicks, mouse movements, scrolling, etc.) on our website. The tracking code and cookie generate data about your visit to our website, which is then transmitted to the Hotjar server in Ireland and stored there. The tracking code collects the following data:
Device-dependent data
- The IP address of your device (collected and stored in anonymised format)
- Your email address, including your first and last name, if you have provided this information via our website
- Your device’s screen size
- Type of device and browser information
- Geographic location (country only)
- Your preferred language for using our website
- Log data
- Linking domain
- Pages visited
- Geographic location (country only)
- Your preferred language for using our website
- Date and time of website visit
Hotjar will use this information to analyse your use of our website, compile reports on usage, and provide further services connected with use of the website and the internet. To this end, Hotjar also uses the services of third parties such as Google Optimize and Optimizely. These third parties may store data that is sent by your browser when you visit the website, such as cookies or IP requests. Please consult the data privacy statement of Optimizely for more information about how data is stored and used: https://www.optimizely.com/legal/privacy-policy/.
By using this website, you declare your consent to the above-mentioned processing of the data collected by Hotjar and its third-party service providers as specified in their data privacy statements.
The cookies used by Hotjar have different lifetimes. Some may remain valid for up to 365 days while others expire after the current visit.
If you do not wish data to be collected by Hotjar, please click here and follow the instructions: https://www.hotjar.com/policies/do-not-track/
4.4 Furthermore, when browsing the BearingPoint website you may get access to embedded media and other external sources which may store cookies. As cookies from externally embedded media may be used or modified without BearingPoint’s knowledge or consent, you are invited to consult the following links for further information.
Media - Link to their privacy statement:
Twitter - https://twitter.com/en/privacy
YouTube - https://policies.google.com/privacy
Linkedin - https://www.linkedin.com/legal/privacy-policy
Facebook - https://www.facebook.com/policy.php
Xing - https://privacy.xing.com/en/privacy-policy
4.5 You have the right to choose whether or not to accept cookies. You can exercise this right by amending or setting the controls on your browser to reflect your cookie preferences. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of the BearingPoint sites.
4.6 The "help" portion of the toolbar on most Internet browsers will tell you how to change your browser cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. For further information about cookies and how to control their use, please visit the following third-party educational resources: https://www.allaboutcookies.org/ and https://www.youronlinechoices.eu/
5. Information We Share
5.1 We will only disclose personal information to other companies within our group of companies, business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf. In these circumstances we will share your personal information for purposes such as our legitimate business purposes and to comply with legal obligations.
6. Links to Other Sites
6.1 This Privacy Statement applies only to information collected by a BearingPoint site.
6.2 BearingPoint sites contain links to other sites that are not owned or administered by BearingPoint. Please be aware that BearingPoint is not responsible for the privacy practices of such other third party sites. We encourage you to read the privacy statements of every Website you visit.
7. Security
7.1 We maintain safeguards to protect against unauthorized disclosure, use, alteration, or destruction of the personal information you provide to us through the BearingPoint sites. Please note, however, that perfect security does not exist on the Internet. Therefore, while we endeavor to protect your personal data, when data is transferred over the Internet it may potentially be accessed and used by unauthorized parties.
8. Your rights relating to your personal data/Access, Deletion, Restriction and Objection
8.1 We want to make sure that any information we hold on you is up to date and correct. You can request from BearingPoint information in particular pursuant to Art. 15 to 18, 21 GDPR, as to your personal data held by us as a controller, the purpose of the storage and obtain certain other information about how and why we process your personal data. Furthermore, and within the legal framework, you have the right to request for your personal data to be amended or rectified where it is inaccurate, the right to restrict our processing of your personal data and the right to object or to obtain deletion of your personal data. If you have any requests concerning your personal information BearingPoint holds about you, to obtain a copy or any queries with regard to these practices please contact us at the contact listed below:
BearingPoint Data Protection Department
Group Compliance Officer
BearingPoint Berlin
Invalidenstraße 73
10557 Berlin
Fax: +49 30- 880041040
E-Mail (for requests that do not have confidential or sensitive content):
datasubject-request@bearingpoint.com
8.2. We use the Zendesk ticketing system, a customer service platform provided by Zendesk Inc, 989 Market Street, San Francisco, CA 94103, to process your requests submitted by email.
We use Zendesk to be able to process your requests quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. We have concluded a Data Processing Agreement (DPA) with Zendesk, which contains the Standard Contractual Clauses ("Model Clauses") approved by the European Commission.
A request sent to us remains with us until you make a request to delete it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
For more information about Zendesk, please see the Zendesk privacy policy: https://www.zendesk.com/company/agreements-and-terms/privacy-policy-2021-06-01/
9. Hosting:
Design and maintenance of our websites by RYZE Digital GmbH, Mombacher Str. 4, 55122 Mainz, Germany. The webserver is hosted by aiticon GmbH Stephanstraße 1, 60313 Frankfurt, Germany.
10. Internet-based Transfers
10.1 Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing the BearingPoint sites and communicating electronically with us, you acknowledge our processing of personal data in this way. However, we will endeavor to protect all personal information collected through the BearingPoint sites in accordance with strict data protection standards.
11. Changes to the Privacy Statement
We reserve the right to amend this Statement at any time without advance notice in order to address future developments of BearingPoint, the Website or changes in industry or legal trends. We will post the revised Statement on the Website or announce the change on the home page of the Website. You can determine when the Statement was revised by referring to the "Last Updated" date on the top of this Statement. Any changes will become effective upon the posting of the revised Statement on the Website. By continuing to use the Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Statement, in whole or part, you can choose to not continue to use the Website.
12. Contact Us
If you have any general questions or concerns about how we process personal information please contact us at privacy@bearingpoint.com