LEGAL NOTICE & PRIVACY POLICY

I. Legal Notice (Impressum)

Information pursuant to § 5 DDG

ARIREC
GmbH

Hardtweg 10A
35287 Amöneburg
Germany

Represented by:
Managing Director
Eric Philipp Lemmer

Contact:
Email: kontakt@arirec.com
Website: arirec.com/arirec.de

Commercial Register:
Registry Court: Amtsgericht Marburg
Commercial Register Number: HRB 8981

VAT Identification Number according to § 27a UStG: (pending)

Responsible for the content according to § 18 paragraph 2 MStV:
Eric Philipp Lemmer

We are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

II. Privacy Policy

1. Name and contact details of the data controller

This privacy notice applies to data processing by:

Data controller:
ARIREC GmbH
Hardtweg 10A
35287 Amöneburg

Responsible for all data protection matters:
Eric Philipp Lemmer
Email: kontakt@arirec.com

2. Data Protection Officer

No company data protection officer has been appointed, as there is no legal obligation to do so. For data protection enquiries, please use the contact details provided in section 1.

3. General information on data processing / Legal bases

We process personal data in particular on the following legal bases:

• Art. 6(1)(a) GDPR (consent): e.g. for optional cookies/tracking, provided you give your consent.
• Art. 6(1)(b) GDPR (contract / pre-contractual measures): e.g. for placement enquiries and placement activities.
• Art. 6(1)(c) GDPR (legal obligation): e.g. professional and tax law obligations.
• Art. 6(1)(f) GDPR (legitimate interest): e.g. IT security, analysis of misuse/errors, functional provision of the website.

Where special categories of personal data (Art. 9 GDPR) are affected (e.g. health data within the framework of a contractual relationship), processing takes place – where necessary – in particular for the establishment, exercise or defence of legal claims (Art. 9(2)(f) GDPR) in the performance of the existing contractual relationship.

4. Collection and storage of personal data, and the nature and purpose of its use

a) When visiting the website

When you access our website, your browser automatically sends information to our website server. This information is temporarily stored in server log files. The following are recorded in particular:

• IP address of the requesting terminal device,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Browser used and, if applicable, operating system and the name of your access provider.

Purposes of processing:

• Ensuring a smooth connection setup,
• Ensuring comfortable use,
• Evaluation of system security and stability,
• Misuse/error analysis and administrative purposes.

The legal basis is Art. 6(1)(f) GDPR. We do not use this data to draw conclusions about your person.

Hosting / Data processing agreement:
Our website is operated by a technical service provider (hosting/IT). Insofar as this provider processes personal data on our behalf, this is done on the basis of a data processing agreement (Art. 28 GDPR).
This website is operated on servers of Amazon Web Services (AWS) within the European Union. Data processing takes place in the Frankfurt region (eu-central-1).
When visiting this website, information is automatically collected by the hosting provider and stored in so-called server log files.
In particular, the following data may be processed:

• IP address
• Date and time of access
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Pages visited

Processing takes place to ensure the stability, security and functionality of the website.

b) Contact (email, telephone, contact form)

For questions or placement enquiries, you can contact us. Depending on the contact method, we process in particular:

• Name, contact details (e.g. email, telephone number),
• Content of your message,
• Document attachments sent and metadata, if applicable.

Purposes of processing:

• Processing and answering your enquiry,
• Checking and initiating a contractual relationship,
• Communication within the framework of an existing contractual relationship.

Legal basis:

• Art. 6(1)(b) GDPR, if the contact serves to initiate or perform a contract,
• otherwise Art. 6(1)(f) GDPR (legitimate interest in efficient communication and processing of enquiries).

Consent (Art. 6(1)(a) GDPR) is only a legal basis if we explicitly request it (e.g. for optional fields or separate processing purposes).

Retention period:
We delete enquiries as soon as they have been conclusively processed, unless statutory retention obligations or legitimate interests (e.g. verification/defence of claims) prevent this.

c) Contract performance

If a contractual relationship is established, we process the data required for contract processing. Depending on the order, this includes in particular master data, communication data, contract/case and procedure data, payment data as well as, if applicable, special categories of personal data (Art. 9 GDPR) and data on criminal convictions/offences (Art. 10 GDPR), insofar as this is necessary for contract performance.
In particular:

• Address
• Telephone number
• Email address
• Date of birth
• Nationality
• CV
• Application documents
• Training and qualification certificates
• Language skills
• Driving license and identity documents
• Work references
• Professional experience
• Other relevant information for placement

Purposes of processing:

• Conclusion, performance and billing of contracts,
• Establishment, exercise or defence of legal claims,
• Fulfillment of contractual and legal obligations.

Processing takes place in particular for the following purposes:

• Review of applications and qualifications
• Execution of placement procedures
• Contacting candidates and employers
• Organisation of job interviews
• Support in hiring and placement processes
• Implementation of pre-contractual measures

Legal bases:

• Art. 6(1)(b) GDPR,
• Art. 6(1)(c) GDPR,
• Art. 6(1)(f) GDPR,
• where applicable, Art. 9(2)(f) GDPR.

5. Disclosure of data / Recipients

A transfer of your data to third parties only takes place insofar as this is necessary and a legal basis exists, in particular:

• to courts, authorities and other public bodies, insofar as this is necessary for contract performance or a legal obligation exists,
• to potential employers and their representatives, insofar as this is necessary for contract performance,
• to service providers (e.g. IT/hosting, communication service providers) acting as processors,
• to other third parties, provided you have consented.

The legal bases are, depending on the case, Art. 6(1)(a), (b), (c) or (f) GDPR; for special data, where applicable, Art. 9(2)(f) GDPR.

6. Transfer to third countries

Insofar as we use services in which processing outside the EU/EEA cannot be excluded (e.g. US providers), a transfer only takes place if the requirements of Art. 44 et seq. GDPR are met, in particular on the basis of:

• adequacy decisions (insofar as applicable),
• EU Standard Contractual Clauses,
• supplementary protective measures (insofar as necessary).

7. Cookies and consent management

We use cookies and similar technologies. Cookies are small files that your browser stores on your device.

a) Essential cookies

Essential cookies are technically necessary to provide the website and enable basic functions.

Legal basis:

• Art. 6(1)(f) GDPR (legitimate interest in secure, functional operation),
• and Section 25(2) TDDDG, insofar as storing/reading is strictly necessary.

b) Optional cookies (analytics/marketing)

We only set optional cookies (e.g. analysis or marketing cookies) if you have previously consented.

Legal basis:

• Art. 6(1)(a) GDPR,
• Section 25(1) TDDDG.

Withdrawal:
You can withdraw your consent at any time with effect for the future via the cookie settings on the website.

8. Analytics and marketing tools

We only use the tools mentioned below if you have consented to this via the consent management system.

a) Google Analytics 4

Purpose:
Reach measurement, analysis of website use, optimisation of our website.

Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Processed data (typically):
Usage/interaction data (e.g. page views, events), device/browser information, approximate location data (derived), technical identifiers (cookies/IDs) if applicable.

Legal basis:
Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Third-country transfer:
A transfer to Google servers outside the EU/EEA (in particular the USA) cannot be ruled out. In these cases, Google relies, according to the provider's information, on appropriate safeguards (e.g. Standard Contractual Clauses) and, if necessary, other mechanisms.

Objection/Withdrawal:

• via the cookie settings on the website,
• via the browser add-on to disable Google Analytics:
  https://tools.google.com/dlpage/gaoptout?hl=en

b) Google Ads Conversion Tracking

Purpose:
Measuring the effectiveness of advertisements (conversion measurement), optimising campaigns.

Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

How it works:
If you reach our website via a Google ad, a cookie or a comparable identifier may be set. This makes it possible to understand that you clicked on an ad and accessed certain pages. The cookies lose their validity after a certain period of time and are not used for direct personal identification.

Legal basis:
Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Objection/Withdrawal:

• via the cookie settings on the website,
• through corresponding browser settings (e.g. blocking cookies from the domain "googleadservices.com"),
• via Google settings for advertising:
  https://adssettings.google.com

9. Social Media

If we integrate social media buttons/plugins (e.g. Facebook/Instagram, X/Twitter) on our website, data may be transmitted to the respective provider upon activation. We recommend a privacy-friendly integration (e.g. two-click solution) where a transmission only takes place after your active decision.

When you visit our social media profiles, the providers process personal data on their own responsibility. Information on this can be found in the privacy notices of the respective providers.

10. Data subject rights

You have the right:

• in accordance with Art. 15 GDPR, to request information about your personal data processed by us,
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or the completion of your data,
• in accordance with Art. 17 GDPR, to request the deletion of your data, unless statutory retention obligations or other overriding reasons prevent this,
• in accordance with Art. 18 GDPR, to request the restriction of processing,
• in accordance with Art. 20 GDPR, to request data portability,
• in accordance with Art. 7(3) GDPR, to withdraw consent at any time with effect for the future,
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority.

Competent supervisory authority:
Hessian State Office for Data Protection
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Roßnagel
P.O. Box 31 63
65021 Wiesbaden
Wilhelmstraße 7
65185 Wiesbaden

11. Right to object

If we process your data on the basis of Art. 6(1)(f) GDPR, you can object in accordance with Art. 21 GDPR, provided that there are reasons arising from your particular situation. You can object to direct advertising at any time without giving reasons.

To exercise your right of withdrawal or objection, a simple notification to the contact details mentioned in section 1 is sufficient, in particular by email to: kontakt@arirec.com.

12. Storage period / retention periods

We store personal data only as long as this is necessary for the respective purposes or statutory retention periods exist. For legal activities, the following apply in particular:

• tax and commercial documents: depending on the type of document, 6, 8 or 10 years.

After these periods have expired, we regularly delete or anonymise data, unless there are continuing reasons (e.g. running limitation periods, legal disputes) to prevent this.

13. Data security

We use appropriate technical and organisational measures to protect your data against loss, manipulation, unauthorised access and other inadmissible processing. Our website uses TLS encryption (SSL). You can recognise an encrypted connection in particular by the "https://" address and the padlock symbol in the browser.

14. Validity and amendments to this privacy policy

This privacy policy is current as of 06 May 2026. We will adapt it as soon as this becomes necessary due to technical changes, the further development of our website or due to changed legal requirements.