1. Introduction
This Privacy Policy describes how Arvato Supply Chain Solutions ("Arvato," "we," "us," or "our") collects, uses, and protects your information when you use the ArvatoGoogleWebApp application ("the Application" or "Service").
ArvatoGoogleWebApp is a vendor compliance violation investigation and management system designed for supply chain compliance operations. By using this Application, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information from Google Sign-In
When you authenticate using Google Sign-In, we collect:
- Basic Profile Information: Your name and email address
- Google Account ID: A unique identifier for your Google account
2.2 Information You Provide
Through your use of the Application, we may collect:
- Compliance violation investigation data and notes
- Documents and evidence you upload
- Communications within the Application
2.3 Automatically Collected Information
- Log data (IP address, browser type, access times)
- Usage patterns and feature interactions
- Device information
3. Google API Services Usage
Google User Data Disclosure
ArvatoGoogleWebApp's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
3.1 Google Services We Access
| Service | Data Accessed | Purpose |
|---|---|---|
| Google Sign-In | Name, Email, Account ID | User authentication and identification |
| Google Drive (if enabled) | Files you explicitly select | Evidence document storage and retrieval |
3.2 Limited Use Disclosure
Our use of Google user data is limited to the following:
- Providing and improving the Application's functionality
- Authenticating users and maintaining session security
- Storing and retrieving evidence documents (with your explicit consent)
We do NOT: Sell your Google data, use it for advertising purposes, or share it with third parties except as necessary to provide the Service.
4. How We Use Your Information
We use the collected information to:
- Authenticate and identify you within the Application
- Provide vendor compliance investigation management services
- Enable collaboration between team members
- Store and manage compliance violation evidence
- Generate reports and analytics for compliance operations
- Improve and maintain the Application
- Communicate with you about the Service
- Ensure security and prevent unauthorized access
5. Data Sharing and Disclosure
We may share your information only in the following circumstances:
- With your organization: Data is shared within your company's Arvato compliance management team
- Service providers: Third-party vendors who assist in operating our Service (under strict confidentiality agreements)
- Legal requirements: When required by law, regulation, or legal process
- Business transfers: In connection with a merger, acquisition, or sale of assets
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6. Data Security
We implement appropriate technical and organizational security measures to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Role-based access controls
- Regular security assessments and audits
- Secure authentication via Google Sign-In
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Compliance violation data may be retained for longer periods as required by legal or regulatory obligations.
Upon account termination, we will delete or anonymize your personal information within 90 days, except where retention is required by law.
8. Your Rights and Choices
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Revoke Access: Revoke Google access at any time via your Google Account Settings
- Data Portability: Request a portable copy of your data
To exercise these rights, please contact us at privacy@arvato.com.
9. Children's Privacy
The Application is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Arvato Supply Chain Solutions
Email: privacy@arvato.com
Website: https://arvato.com
For Arvato's corporate privacy policy, visit: Arvato US Privacy Policy