Name and Address of the Responsible Party

The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

Xentral ERP Software GmbH
Fuggerstraße 11
86150 Augsburg
Germany
contact@xentral.com
https://xentral.com/en 

Contact Data of the Data Protection Officer

The data protection officer of the responsible party is:

DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840
https://www.dataguard.de/en-de/ 

General Information on Data Processing

Scope of Processing Personal Data

We fundamentally process personal data of our users only to the extent necessary for providing a functioning website as well as our content and services. The processing of personal data of our users is based on consent, unless obtaining such consent for actual reasons is not possible and the processing of the data is permitted by legal regulations.

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Abs. 1 lit. a GDPR serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 Abs. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

If processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 Abs. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Abs. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 Abs. 1 lit. f GDPR serves as the legal basis for processing.

Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also take place if provided for by European or national lawmakers in union regulations, laws, or other provisions to which the responsible party is subject.

The person in charge decides on a blocking or deletion of the data. Blocking or deletion of data also takes place when a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for the conclusion of a contract or the fulfillment of the contract.

Rights of the Data Subject

If your personal data is processed, you are the data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the data controller:

Right to Access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to the following information:

  • Purpose of processing

  • Categories of personal data being processed

  • Recipients or categories of recipients to whom the data has been disclosed or will be disclosed

  • Planned storage duration or criteria for determining this duration

  • The existence of the right to rectification or deletion or limitation of processing or a right to object to this processing

  • The right to lodge a complaint with a supervisory authority

  • If the data is not collected from the data subject (i.e., you), any available information about the data source

  • The existence of automated decision-making, including profiling and, where appropriate, meaningful information about its details

  • Possible transfer of personal data to a third country or an international organization

Right to Rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to ask for it to be corrected and/or completed.

Right to Limit Processing (Art. 18 GDPR)

Under the following conditions, you can request the restriction of the processing of your personal data:

  • If you contest the accuracy of your personal data for a period that allows us to verify the accuracy of the personal data.

  • The processing is unlawful, and you oppose the deletion of the personal data and request the restriction of its use instead.

  • We no longer need the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims.

  • If you have objected to processing and it has yet to be determined whether our legitimate grounds override yours.

Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

If one of the following reasons applies, you have the right to immediate deletion of your personal data:

  • The personal data is no longer necessary for the purposes for which they were collected or otherwise processed.

  • You revoke your consent on which the processing is based and there is no other legal basis for the processing.

  • You object to the processing and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 Abs. 2 GDPR.

  • Your personal data was processed unlawfully.

  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

  • The personal data was collected in relation to offered services of the information society pursuant to Art. 8 Abs. 1 GDPR.

Please note that the aforementioned reasons do not apply as long as the processing is necessary:

  • To exercise the right to freedom of expression and information;

  • To fulfill a legal obligation or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • For reasons of public interest in the field of public health;

  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

  • To assert, exercise or defend legal claims.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided.

Right to Object to Certain Data Processing (Art. 21 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing.

Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of personal data relating to you is in violation of the GDPR, you have the right, without prejudice to other remedies, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence or the place of the alleged infringement.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Provision of the Website and Creation of Log Files

Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used;

  • The operating system of the user;

  • The internet service provider of the user;

  • Date and time of access;

  • Websites from which the user's system reaches our website;

  • Websites accessed by the user's system through our website

This data is not stored together with other personal data of the user. 

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Duration of Storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of collecting data for the provision of the website, this is the case when the respective session is ended.

In the case of storing data in log files, this is done after no more than seven days. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Possibility of Objection

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, the user has no possibility of objection.

Use of Cookies

Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again.

The following data is stored and transmitted in the technically necessary cookies:

  • Language settings

  • Acceptance of website functions

We also use cookies on our website that allow an analysis of users' surfing behavior. Cookies that are not technically necessary are used to improve the quality of our website and its content. These cookies enable us to continuously optimize our offers. The following data is processed by cookies that are not technically necessary:

  • IP address

  • User's location

  • Date and time of access to the website

  • Adjustment of display settings by the user

  • Tracking of user behavior

  • Linking of website visit with other social media platforms

Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

For the following applications, we need technically necessary cookies:

  • Adoption of language settings

  • Functionality of the website

The use of technically non-necessary cookies serves the purpose of improving the quality of our website, its content, and to increase our economic efficiency. By setting these cookies, we learn how the website is used, enabling us to continually optimize our offerings. Specifically, these cookies are used for the following purposes:

  • Tracking and analysis activities

For the storage of information in the terminal equipment of the user and/or the access to already stored information in the user's terminal equipment, the provisions of the Telemedia Data Protection Act (TDDSG) are decisive. When setting and reading cookies that are technically necessary, this is done to ensure the functionality of our website. In this case, the legal basis for processing is Art. 7 of the Cookie Directive in conjunction with § 25 para. 2 No. 2 TDDSG. The storage and reading of cookies that are not technically necessary is done for marketing purposes in order to be able to present offers to you that are tailored to your interests and to offer you the services that you desire. Some of these services require your active consent, which you can give when first accessing the website and can revoke at any time. The cookies are generally deleted after the session ends (e.g., closing the browser) or at the end of a defined period. For further details and to learn how to object to cookies, please refer to the following sections of this privacy policy.

If you use our website and agree to the data protection declaration, you can give your consent for the storage and reading of cookies that are not technically necessary. The legal basis for this is § 7 para. 2 No. 2 TDDSG and Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future, either through the settings of your browser software or by accessing the link provided for this purpose on our website. If you object to the setting of cookies or make use of your right to revoke consent, this may mean that you cannot use all the functions of our website. Insofar as cookies are set and read that are not technically necessary and personal data is processed, this is done on the basis of GDPR regulations. Further information can be found in the following sections of this privacy policy.

Newsletter

Description and Scope of Data Processing

On our website, you have the opportunity to subscribe to a free newsletter. When registering for the newsletter, data from the input mask is transmitted to us.

To provide this service, we collect the following data from you:

  • E-mail address

  • Surname

  • First name

For the processing of your data, consent is obtained during the registration process and reference is made to this privacy policy.

No further data is passed on in connection with the processing for sending the newsletter. The data is used exclusively for sending the newsletter.

Purpose of Data Processing

The collection of the user's e-mail address serves to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of services or the e-mail address used.

The legal basis for processing the data after the user has registered for the newsletter is the presence of the user's consent, Art. 6 para. 1 s. 1 lit. a GDPR.

Duration of Storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Thus, the user's email address will be stored as long as the newsletter subscription is active.

Other personal data collected during the registration process will usually be deleted after seven days.

Right of Revocation

The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter.

By revoking the consent, the legality of the already done data processing remains unaffected.

E-mail Contact

Description and Scope of Data Processing

Our website offers the possibility to contact us via the provided email address. In this case, the user's personal data transmitted by email will be stored.

The data will be used exclusively for processing the conversation.

Purpose of Data Processing

The processing of personal data from the email is solely for processing the contact. In the event of contact via email, there is also the necessary legitimate interest in processing the data.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding a contract, then the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

Duration of Storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data sent by email, this is the case when the respective conversation with the user ends. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after seven days.

Right of Objection

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

The objection can be made to the email address described in this privacy statement (contact@xentral.com).

In this case, all personal data stored during contact will be deleted.

Contact Form

Description and scope of data processing

On our website, there is a contact form available which can be used for electronic contact. If a user takes advantage of this option, the data entered into the input mask will be transmitted to us and saved.

When sending the message, the following data is stored:

  • Email address

  • Surname

  • First name

  • Telephone/mobile number

  • Company size

  • IP address of the calling computer

  • Date and time

Purpose of data processing

The processing of personal data from the input mask of the contact form is used solely for handling the contact.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6 Para. 1 lit. f DSGVO. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b DSGVO.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days.

Possibility of objection and removal

If the user contacts us via the contact form, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

The objection can be made at any time via the email address described in the data protection declaration (contact@xentral.com).

All personal data stored in the course of contacting will be deleted in this case.

Application by Email and Application Form

Description and scope of data processing

On our website, there is an application form available which can be used for electronic applications. If an applicant uses this opportunity, the data entered in the input mask will be transmitted to us and saved. These data are:

  • Title

  • Surname

  • First name

  • Telephone / Mobile number

  • Email address

  • Salary expectations

  • Details on education and schooling

  • Language skills

  • Marital status

  • Voluntary information from the applicant, work experience within the EU, earliest starting date

You can also send us your application by email. In this case, we use the e-mail address and any data you provide in the email.

Upon receipt of your application, you will receive a confirmation of the receipt of your application documents by email from us.

Furthermore, we offer an applicant/talent pool.

Your data will not be passed on to third parties. The data is exclusively used for processing your application.

Purpose of data processing

The processing of personal data from the application form is solely for the purpose of processing your application. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the application form and to ensure the security of our information technology systems.

The legal basis for processing your data is the contract initiation at your request or a contractual relationship if one exists, Art. 6 para. 1 s. 1 lit. b DSGVO and § 26 para. 1 s. 1 BDSG.

The legal basis for the processing of the data within the framework of the applicant pool is the express consent given by you, Art. 6 para. 1 s. 1 lit. a, Art. 7 DSGVO. You can revoke your consent at any time with effect for the future.

Duration of storage

After completion of the application process, the data will be stored for up to 6 months. After a period of 6 months, the data will be deleted. In the event of a legal obligation, the data will be stored for the required legal period.

Any additional personal data collected during the sending process will be deleted after a period of seven days.

Corporate appearances

Instagram

Instagram, part of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

On our company website, we provide information and offer Instagram users the opportunity for communication.

When you take action on our Instagram company profile (e.g., comments, posts, likes, etc.), it is possible that you thereby disclose personal data (e.g., your username or your profile picture) to the public.

However, we generally or largely have no influence on the processing of your personal data by Instagram. Therefore, we cannot make any binding statements about the purpose and scope of the processing of your data by them.

We use our company appearance on social networks for communication and information exchange with (potential) customers. Specifically, we use the company's appearance on the platform for:

  • Presence of the company on these platforms, image improvement

  • Publications on the company profile can include the following content:

  • Information about products

  • Information about services

  • Competitions

  • Advertising

  • Customer contact

Every user is free to publish personal data through activities.

As far as we process your personal data to evaluate your online behavior, offer you competitions, or carry out lead campaigns, this is based on your explicit consent declaration, Art. 6 para. 1 s. 1 lit. a, Art. 7 DSGVO.

The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 s. 1 lit. f DSGVO. In this context, there is a legitimate interest in being able to answer inquiries in an optimal manner.

If the contact aims for the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

Data generated automatically in this way is not stored in our own system.

For the processing of your personal data in third countries, we have suitable guarantees in the form of standard data protection clauses according to Art. 46 para. 2 lit. c DSGVO. A copy of the standard data protection clauses can be provided upon request.

You can object to the processing of your personal data that we process based on your use of our website or advertising campaigns by writing to us via email at contact@xentral.com. Please refer to our data protection declaration for the named contact options. There you will also find further information on your rights and the respective revocation options. More information can be found here: https://help.instagram.com/519522125107875

YouTube

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States.

On our company website, we provide information and offer YouTube users the opportunity for communication.

When you take action on our YouTube company profile (e.g., comments, posts, likes, etc.), it is possible that you thereby disclose personal data (e.g., your username or your profile picture) to the public.

However, we generally or largely have no influence on the processing of your personal data by YouTube. Therefore, we cannot make any binding statements about the purpose and scope of the processing of your data by them.

We use our company profile on social networks for communication and information exchange with (potential) customers. Specifically, we use the company's presence on the platform for:

  • Presence of the company on these platforms, image improvement

Publications on the company profile can include the following content:

  • Information about products

  • Information about services

  • Competitions

  • Advertising

  • Customer contact

Every user is free to publish personal data through activities.

As far as we process your personal data to evaluate your online behavior, offer you competitions, or carry out lead campaigns, this is based on your explicit consent declaration, Art. 6 para. 1 s. 1 lit. a, Art. 7 DSGVO.

The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 s. 1 lit. f DSGVO. There is a legitimate interest in this regard to optimally respond to inquiries or to provide the required information.

If the contact aims at concluding a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

For the processing of your personal data in third countries, appropriate guarantees in the form of standard data protection clauses in accordance with Art. 46 para. 2 lit. c DSGVO are foreseen. A copy of the standard data protection clauses can be requested from us.

You can object to the processing of your personal data that we process based on your use of our YouTube company profile at any time. For this purpose, please send a formless email to contakt@xentral.com. For processing your personal data by YouTube and the corresponding objection options, you can find more information here: https://policies.google.com/privacy?gl=DE&hl=en 

Twitter

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company website, we provide information and offer Twitter users the opportunity for communication.

If you take an action on our Twitter company profile (e.g., comments, posts, likes, etc.), it is possible that you thereby disclose personal data (e.g., your username or profile picture) to the public.

However, we generally or largely have no influence on the processing of your personal data by Twitter. Therefore, we cannot make any binding statements about the purpose and extent of the processing of your data by them.

We use our company profile on social networks for communication and information exchange with (potential) customers. Specifically, we use the company's presence on the platform for:

  • Improving the company's image on these platforms

Publications on the company profile can include the following content:

  • Information about products

  • Information about services

  • Competitions

  • Advertising

  • Customer contact

Every user is free to publish personal data through activities.

As far as we process your personal data to evaluate your online behavior, offer you competitions, or carry out lead campaigns, this is based on your explicit consent declaration, Art. 6 para. 1 s. 1 lit. a, Art. 7 DSGVO.

The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 s. 1 lit. f DSGVO. There is a legitimate interest in this regard to optimally respond to inquiries or to provide the required information.

If the contact aims at concluding a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

The data generated by this activity is not stored in our own system.

For the processing of your personal data in third countries, appropriate guarantees in the form of standard data protection clauses in accordance with Art. 46 para. 2 lit. c DSGVO are foreseen. A copy of the standard data protection clauses can be requested from us.

You can object to the processing of your personal data that we process based on your use of our Twitter company profile at any time. For this purpose, please send a formless email to contact@xentral.com. For processing your personal data by Twitter and the corresponding objection options, you can find more information here: https://twitter.com/en/privacy 

Use of Company Profiles on Career-Oriented Networks

LinkedIn

Scope of Data Processing

On our page, we provide information and offer users the possibility of communication.

The company profile is used for applications, information/PR, and Active Sourcing. For the processing of your personal data that the company responsible for the company profile may have, we do not have any information. Further information on this can be found in the privacy statement of:

If you take an action on our company profile (e.g., comments, posts, likes, etc.), it can be that you thereby disclose personal data (e.g., your real name or your profile picture) to the public.

The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 s. 1 lit. f DSGVO. There is a legitimate interest in this regard to optimally respond to inquiries or to provide the required information.

If the contact aims at concluding a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of Data Processing

The data processed through the company profile is not used to draw conclusions about the user's person. They are used exclusively for communication and information exchange.

Duration of Storage

The data generated by the company profile is not stored in our own systems.

Exercising Your Rights

You can object to the processing of your personal data that we process based on your use of our company profile at any time. For this purpose, please send a formless email to contact@xentral.com.

Hosting

The website is hosted on servers by a service provider commissioned by us. Our service provider is Amazon Web Services Inc. (AWS) with headquarters at P.O. Box 81226, Seattle, WA 98108-1226, USA.

The servers automatically collect and store information in so-called server log files, which your browser sends to us when you visit the website. The stored information includes:

  • Information about the browser type and the version used

  • The operating system of the user

  • The internet service provider of the user

  • The date and time of access

  • Websites from which the user's system reaches our website

  • Websites accessed by the user's system through our website

These data are not combined with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest in processing this data lies in the fact that we want to display the website error-free and optimize its functions.

The server's location of the website is geographically in Germany.

Used Plugins

We use plugins for various purposes. The plugins used are listed below:

Facebook-Pixel

a) Scope of personal data processing

We use the Facebook Pixel on our online presence from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and its representative in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (hereafter "Facebook"). With its help, we can track users' actions after they have seen or clicked on a Facebook ad. This allows us to measure the efficiency of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous for us, i.e., we do not see the personal data of individual users. However, this data is stored and processed by Facebook, who can link this information to your Facebook account and use it for their advertising purposes.

Further information on the processing of data by Facebook can be found here: https://www.facebook.com/privacy/center/ 

b) Purpose of the Facebook Pixel

The use of the Facebook Pixel is for analyzing and optimizing our online advertising measures.

The legal basis for the processing of users' personal data is essentially the user's consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.

d) Duration of storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes.

e) Right of revocation and deletion

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection and processing of your personal data by Facebook by using the "Do Not Track" function of your browser or by deactivating script code in your browser using certain extensions such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).


Further information on revocation and deletion options with regard to Facebook can be found here: https://de-de.facebook.com/policy.php

Google AdWords

a) Scope of personal data processing

We use Google AdWords from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and their representative in the EU, Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter "Google"). With Google AdWords, we can advertise our services on external websites. The data collected in this way, such as the number of users who clicked on our advertisement or the pages accessed by users, provides information on the efficiency of our advertising campaigns.

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=en 

b) Purpose of Data Processing

We only receive information about the total number of users who clicked on our advertisement. No information is passed on with which we could identify you. The use does not allow for tracking.

The legal basis for processing users' personal data is essentially based on the user's consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.

d) Duration of Storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

e) Right of Revocation and Deletion

You have the right to revoke your data protection consent declaration at any time. Revoking consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection and processing of your personal data by Google by using the "Do Not Track" function of your browser or by deactivating script code in your browser using certain extensions such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

You can use the following link to deactivate the use of your personal data by Google: https://adssettings.google.de


For more information on how to object to the use of your personal data by Google, please follow this link: https://policies.google.com/privacy?gl=DE&hl=en 

Google Analytics

a) Scope of Processing Personal Data

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter: “Google”). Google Analytics analyzes, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus enabling better monitoring of the success of advertising campaigns. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymized user IDs).
We use Google Analytics (Universal Analytics) to evaluate your use of our online presence, to compile reports on your activities and to use other Google services associated with the use of our online presence and the Internet.
We have requested the anonymization of IP addresses, whereby Google shortens your IP address as soon as technically possible. However, it cannot be ruled out that your data will be transmitted to the servers of Google LLC based in the USA. 
On behalf of the operator of this online presence, Google will use this information to evaluate your use of the online presence, to compile reports on the activities of the online presence and to provide other services related to the use of the online presence and internet usage to the operator of the online presence. Further information on the processing of data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=en 

b) Purpose of Data Processing

Google Analytics (Universal Analytics) allows us to analyze the usage of our online presence and compile reports on website activity. This provides insights into the usage of our online presence and supports targeted advertising to those who have already shown interest during their first visit.

The legal basis for processing users' personal data is essentially based on the user's consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.

d) Duration of Storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

e) Right of Revocation and Deletion

You have the right to revoke your data protection consent declaration at any time. Revoking consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

To prevent the collection and processing of your personal data by Google, you can avoid storing cookies on your computer, use the "Do Not Track" function of your browser, deactivate script code in your browser with certain extensions like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Beyond that, you can prevent Google Analytics from collecting and using data generated by the cookie by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de

For more information about objecting to Google's use of your personal data, please follow this link: https://myadcenter.google.de/personalizationoff?sasb=true&ref=ad-settings 

Further information on objection and removal options against Google can be found at: 
https://policies.google.com/privacy?gl=DE&hl=en 

f) Risk information in the context of third country transfers

When using this service, personal data may be transferred to servers located outside the EU, such as in the USA. We have made arrangements to ensure that the level of data protection remains as high as in the EU, according to Article 45 of the DSGVO, by providing appropriate guarantees. We will be happy to provide you with a copy of these guarantees upon request.

Messaging services in the USA, with certain online identifiers (such as IP addresses without additional information), may receive data about you as their basic information. There is no guarantee that these messaging services already have information about you through the transmitted data.

Providers of electronic communication services in the USA are subject to monitoring by US intelligence agencies in accordance with Section 1881a of the FISA Act. These providers are mainly located in the USA and are obliged under Section 1881a of the FISA Act to provide personal data to US authorities. Even encrypting the data in the databases of electronic communication providers does not prevent US intelligence agencies from accessing them. This obligation also extends to keys or passwords.

Moreover, US security agencies are also authorized by the Cloud Act (Clarifying Lawful Overseas Use of Data – Act, Section 18 U.S.C. § 2713) to access data from European companies in mutual societies based in the USA.

When data transmission is based on a legal basis other than an adequacy decision, the data transmission outside the EU is based on suitable guarantees in accordance with Article 46 paragraph 2 letter c of the DSGVO, using so-called standard data protection clauses. A copy of the standard data protection clauses can be requested.

Google Webfonts

a) Scope of the processing of personal data

We use Google Webfonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its subsidiaries in the Union, located at Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereafter: "Google"). This allows us to integrate certain fonts in our website. If your browser does not support Google Webfonts or restricts access, the text will be displayed in a standard font. When you access a page, a connection to Google is established, during which certain information is exchanged. Cookies associated with the page access are saved. These cookies are specific to the domain, like https://fonts.googleapis.com or https://fonts.gstatic.com. Personal data will be saved and evaluated, especially the activity of the user and which pages were accessed. This data is not associated with any information that Google may collect from authenticated sessions with other Google services. For more information about how Google processes data, please refer to: https://policies.google.com/privacy?gl=DE&hl=en 

b) Purpose of data processing

Using Google Webfonts ensures an appropriate representation of our texts. If your browser does not support this function, a standard font from your computer will be used for display.

The legal basis for the processing of personal data of users is Article 6, paragraph 1, lit. a of the GDPR.

d) Duration of storage

The personal data of the user will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Storage may continue if required by European or national legislation.

e) Opposition and removal options

You can prevent the collection and processing of your personal data by Google by deactivating the execution of script code in your browser or installing a script blocker, like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

You can deactivate the use of your personal data by Google at:
https://adssettings.google.de

For more information on revocation and removal options against Google, visit: https://policies.google.com/privacy?gl=DE&hl=en 

Hotjar

a) Scope of the processing of personal data

We use the web analysis tool Hotjar from Hotjar Ltd., Level 2, St Julian's Business Centre, 3 Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter: "Hotjar"). Hotjar uses, among other things, cookies that allow an analysis of your usage of our website. This can save personal data on your end device and analyze your behavior on our website. The data is pseudonymized using a User-ID. The collected information is transmitted to a Hotjar server in Ireland and stored there anonymously.

For more information on how Hotjar processes data, please refer to:
https://www.hotjar.com/legal/policies/privacy

b) Purpose of data processing

The use of Hotjar plug-ins serves to better understand the needs of our users and to optimize the offer of this online presence.

The legal basis for processing personal data of the user is fundamentally the consent of the user according to Art. 6 para. 1 s.1 lit. a DSGVO.

d) Duration of storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law.

e) Right of revocation and removal

You have the right to revoke your data protection consent at any time. Revoking your consent affects the legality of the processing that took place on the basis of your consent up until the revocation. To prevent the collection and processing of your personal data by Hotjar, you can deactivate the execution of script code in your browser or install a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Using the following link, you can deactivate the use of your personal data by Hotjar: https://www.hotjar.com/legal/compliance/opt-out

For more information on revocation and removal options against Hotjar, visit: https://www.hotjar.com/legal/policies/privacy

HubSpot

a) Scope of the processing of personal data

We use functions of HubSpot Inc., 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter: "HubSpot"). This involves an integrated software solution that covers various aspects of our online marketing. This includes, among other things: email marketing (newsletters and automated mailings, for example, to provide downloads), social media publishing & reporting, reporting (e.g., traffic sources, accesses, etc.), contact management (e.g., user segmentation & CRM), landing pages and contact forms. Personal data can be stored on its servers. This information includes information about which pages were accessed and when, browser information (especially the IP address and the operating system), data about the displayed ads (especially which ads were displayed and for how long), and data from advertising parameters (especially pseudonymized user IDs).

For more information on how HubSpot processes data, visit:
https://legal.hubspot.com/de/privacy-policy

b) Purpose of data processing

The use of HubSpot plug-ins is solely for optimizing our marketing.

The legal basis for processing personal data of the user is fundamentally the consent of the user according to Art. 6 para. 1 s.1 lit. a DSGVO.

d) Duration of storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law, e.g., for tax and accounting purposes.

e) Right of revocation and removal

You have the right to revoke your data protection consent at any time. Revoking your consent affects the legality of the processing that took place on the basis of your consent up until the revocation. To prevent the collection and processing of your personal data by HubSpot, you can deactivate the execution of script code in your browser or install a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information on revocation and removal options against HubSpot, visit: https://legal.hubspot.com/de/privacy-policy

Font Awesome

a) Scope of the processing of personal data

We use fonts from Font Awesome, a service of Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA (hereinafter referred to as "Font Awesome"). These fonts are used for the visual representation of text on our website. When a page is accessed, font files can be loaded from the server of Font Awesome. Various data, especially device and browser information (including the IP address and the operating system), can be transmitted.

If your browser does not support Font Awesome or prevents access, text can be displayed in a standard font.

For more information about data processing by Font Awesome, please visit: https://origin.fontawesome.com/privacy

b) Purpose of data processing

The use of Font Awesome fonts serves an appropriate presentation of our texts.

The legal basis for processing personal data of the user is fundamentally the consent of the user according to Art. 6 para. 1 s.1 lit. a DSGVO.

d) Duration of storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law.

e) Right of revocation and removal

You have the right to revoke your data protection consent at any time. Revoking your consent affects the legality of the processing that took place on the basis of your consent up until the revocation. To prevent the collection and processing of your personal data by Font Awesome, you can deactivate the execution of script code in your browser or install a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information on revocation and removal options against Font Awesome, please visit: https://origin.fontawesome.com/privacy

Google Tag Manager

a) Scope of the processing of personal data

We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the European Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereafter referred to as "Google"). With Google Tag Manager, tags from services like Google and third-party providers can be integrated and managed on our online presence in a small and lightweight manner. These tags are small code elements that are used, among other things, to measure traffic and user behavior, to capture the effects of online advertising and social channels, retargeting and tuning of target groups, and to test and optimize online presences. When a user visits the website, the current tag configuration is sent to the user's browser. It contains instructions on which tags are to be triggered. The Google Tag Manager itself does not process personal data. More information about the Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?gl=DE&hl=en 

b) Purpose of data processing

The purpose of processing personal data is the comprehensive and clear management and efficient integration of third-party services.

The legal basis for the processing of personal data of the user is, in principle, the user's consent according to Art. 6 para. 1 s.1 lit. a DSGVO.

d) Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law, e.g., for tax retention purposes. Google stores user-level and event-level data linked to cookies, user IDs, and advertising IDs for 14 months and deletes them automatically after 14 months.

e) Right of revocation and removal

You have the right to revoke your data protection consent at any time. Revoking your consent affects the legality of the processing that took place based on your consent up to the revocation. To prevent the collection and processing of your personal data by Google, you can deactivate the execution of script code in your browser or install a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent the collection generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the available browser plugin from the following link: https://tools.google.com/dlpage/gaoptout?hl=de

With the following link, you can deactivate the use of your personal data by Google: https://adssettings.google.de

For more information about revocation and removal options against Google, please visit: https://policies.google.com/privacy?gl=DE&hl=de

Usercentrics

a) Scope of the processing of personal data

We use the Consent Management Platform Usercentrics from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (hereafter referred to as "Usercentrics"). Usercentrics allows us to obtain users' consent to data processing in a legally compliant and documented manner. Usercentrics uses cookies on the user's end device. The following data is processed:

  • Date and time of the visit

  • Device information

  • Browser information

  • Anonymized IP address

  • Opt-in and opt-out data

This data is processed geographically within the European Union. For further information about the processing of data through Usercentrics, visit: https://usercentrics.com/de/datenschutzerklaerung/

b) Purpose of data processing

The processing of personal data serves to fulfill legal obligations under the GDPR and the BDSG (Federal Data Protection Act).

The legal basis for processing the personal data of users is Article 6, Paragraph 1, Sentence 1 of the GDPR. Our legitimate interest lies in the purposes mentioned in section 2.

d) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy statement, unless the consent to storage has been revoked or the storage is prescribed by law.

e) Right of revocation and removal

You can prevent the collection and processing of your personal data by Usercentrics by using browser settings and functionalities, such as "Do Not Track" features, disabling script execution with browser add-ons like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Further information on objection and erasure options in relation to Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/

Facebook Retargeting

a) Scope of processing of personal data

We use functionalities of the advertising plugin Facebook Retargeting from Facebook Ireland Limited, 4 Grand Canal Square, Dublin Dublin 2, Ireland (hereafter: "Facebook Retargeting"). Facebook Retargeting serves to carry out advertising campaigns and display ads to those users who have already engaged with our offers on Facebook or other websites. The user data of these campaigns is not merged with personal data that we may have stored. The following personal data is processed by Facebook:

  • Information about the user's activities

  • Visited websites

  • Products that have been shown

  • Actions taken, such as clicks

  • Device information, anonymized site-specific IP address

  • Facebook account details when logged into Facebook

Data is transmitted to Facebook Inc., Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. Further recipients of the data include providers and service providers from Facebook Inc., to carry out analyses.

For more information on processing data through Facebook, visit: 
https://de-de.facebook.com/privacy/explanation

b) Purpose of data processing

The use of Facebook Retargeting is for placing ads across various platforms and analyzing user interactions with these ads. This aims to show users personalized and more relevant advertising.

The legal basis for processing the personal data of the user is essentially the user's consent according to Article 6, Paragraph 1, Sentence 1 lit. a GDPR.

d) Duration of storage

Your personal data will be stored for as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law, e.g., for tax and accounting purposes.

e) Right to object and erasure

You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection and processing of your personal data by Facebook by deactivating the storage of cookies from third-party providers on your computer, using the "Do Not Track" function of a supported browser, deactivating script code execution in your browser, for example, with a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Deactivation of Facebook's personal advertising for logged-in Facebook users is possible here: https://www.facebook.com/settings/?tab=ads

For more information on objection and erasure options against Facebook, visit: https://de-de.facebook.com/privacy/explanation

Unbounce

a) Scope of processing of personal data

We use functionalities and design tools of Unbounce - an online marketing solution offered by Unbounce Marketing Solutions Inc., 400-401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1 (hereinafter "Unbounce"). We use Unbounce to design and operate landing pages and overlays, among other things, to implement advertising campaigns, collect leads, and build personalized sites for actions taken on each website. When you visit a landing page, cookies from Unbounce may be set on your device. In particular, the following personal data is processed by Unbounce:

  • IP address

  • Address of the website you visited before using the services

  • Date and time of the visit

  • The system you use to access the services

  • Geolocation information

  • Device type

  • Cookie data

  • Browser information

Data is transferred to Unbounce servers in Canada. The European Commission has decided that Canada offers an adequate level of data protection according to Article 45 of the GDPR. You can view the decision here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32002D0002

For more information on the processing of data by Unbounce, visit:  https://unbounce.com/privacy/

b) Purpose of data processing

The use of Unbounce serves to create, manage, and analyze new advertising campaigns, websites, pop-ups, and features. It also offers the possibility to create templates, optimize them, and add security features.

The legal basis for processing personal data of users is Article 6, Paragraph 1, Sentence 1 lit. f GDPR. Our legitimate interest lies in the purposes mentioned for data processing.

d) Duration of storage

Your personal data will be stored for as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law, e.g., for tax and accounting purposes.

e) Right to object and erasure

You can prevent the collection and processing of your personal data by Unbounce by deactivating the storage of cookies from third-party providers on your computer, using the "Do Not Track" function of a supported browser, deactivating script code execution in your browser, for example, with a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information on objection and erasure options against Unbounce, visit: https://unbounce.com/privacy/

Microsoft Advertising

a) Scope of processing personal data

We use the functionalities of the application "Microsoft Advertising" from Microsoft Corporation, One Microsoft Way, 98052, Redmond, Washington, USA (hereinafter referred to as "Microsoft"). Microsoft Advertising is used for online marketing purposes within the company, especially for customer acquisition, ad management, etc. When users view these ads on our website, they will be redirected to the Microsoft website, where additional data processing may occur. In this process, cookies from Microsoft may be stored on your device. Microsoft processes, in particular, the following personal data:

  • IP address

  • Device and browser information

  • User ID

  • Referrer-URL (website, from which our website was accessed)

Data is transferred to Microsoft servers in the USA.

For more information on the processing of data by Microsoft, visit: https://privacy.microsoft.com/de-de/privacystatement

b) Purpose of data processing

The use of Microsoft Advertising is intended solely for analysis, evaluation, and optimization of advertisements for marketing purposes.

The legal basis for processing the personal data of the user is essentially the user's consent according to Article 6, Paragraph 1, Sentence 1 lit. a GDPR.

d) Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy statement or as prescribed by law, e.g., for tax and accounting purposes.

e) Right to object and erasure

You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection and processing of your personal data by Microsoft by deactivating the storage of cookies from third-party providers on your computer, using the "Do Not Track" function of a supported browser, deactivating script code execution in your browser, for example, with a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can object to the evaluation of your personal data for advertising purposes by Microsoft here: http://choice.microsoft.com/de-DE/opt-out

For more information on objection and erasure options against Microsoft, visit: https://privacy.microsoft.com/de-de/privacystatement

Storylane

a) Scope of processing personal data

We use Storylane, an interactive storytelling platform provided by Storylane Inc, 2261 Market St #4813, San Francisco, CA 94114, United States. Storylane enables us to create and share engaging and interactive stories with our audience. When you interact with our product demos and stories on our website, Storylane processes personal data including your interactions with the stories (like choices made within the story), device and browser information, and IP address. This data collection helps us to effectively design, distribute, and analyse content to enhance user engagement and experience.

b) Purpose of data processing

The primary purpose of using Storylane is to provide an immersive and interactive storytelling experience for product demonstrations to website users and prospects. By analysing how users interact with our stories, we can better understand user engagement, preferences, and behaviour, allowing us to tailor our content and storytelling techniques to better meet user expectations and enhance overall engagement.

The processing of personal data through Storylane is based on the consent of website users in accordance with Art. 6 (1) (a) GDPR.

d) Duration of storage

The personal data collected through Storylane is retained as long as necessary to fulfil the purposes of providing interactive content and analysing user engagement. After the completion of the analysis or when the data is no longer needed for these purposes, the data is securely deleted or anonymized, unless there are legal retention obligations.

e) Exercising Your Rights

You have the right to withdraw your consent regarding data protection at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent prior to its withdrawal. 

For more information about your rights and how Storylane processes personal data, please refer to the Storylane Privacy Policy.

Sentry

a) Scope of Processing of Personal Data 

We use Sentry, an error tracking and monitoring tool provided by Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Sentry is designed to help us identify, diagnose, and fix issues in our web and mobile applications in real time. Sentry collects and processes data related to application errors, including IP address, browser information, information about the affected user's device, browser, operating system, and the time of the error.  

b) Purpose of Data Processing  

The purpose of using Sentry is to improve the stability and performance of our applications by quickly identifying and resolving errors. This ensures a smoother, more reliable user experience by minimizing disruptions and issues that users may face while using our applications. 

The processing of personal data through Sentry is based on our legitimate interest in ensuring the stability and usability of our applications, in accordance with Article 6(1)(f) of the GDPR. This is to provide our users with a seamless and error-free experience. 

d) Duration of Storage  

Personal data collected through Sentry is stored only for as long as necessary to identify and rectify the error. Once the issue is resolved, the data is securely deleted or anonymised. 

e) Exercising Your Rights  

You have the right to object to the processing of your personal data via Sentry based on legitimate interests. For more information about how Sentry processes personal data and to learn more about your rights, please refer to the Sentry Privacy Policy

This privacy policy was created with the support of DataGuard.

Get the Xentral news first