1) Information on the collection of the controller’s personal data and contact details
1.1 We are pleased that you are visiting our website and thank you for your interest. Information on the handling of your personal data when using our website is provided below. In this context, personal data is all data by which you can be personally identified.
1.2 The data controller on this website within the meaning of the GDPR [General Data Protection Regulation] is Xchange Technology GmbH, Otto-Hahn-Str. 3, 63594 Hasselroth, Germany, Phone: 06055-89324-0, Fax: 06055-89324-111, E-Mail: firstname.lastname@example.org. The data controller is the natural or legal person who determines — either alone or jointly with others — the purposes and means of the processing of personal data.
1.3 The controller has appointed a data protection officer, who can be contacted as follows: “IITR Datenschutz GmbH, Marienplatz 2, 80331, Munich, 089 189 173 60, email@example.com”.
1.4 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). An encrypted connection can be recognised by the string “https://” and the lock symbol in your browser line.
2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (server log files). When you visit our website, we collect the following data, which is technically necessary for us in order to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the site
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either to implement the contract or in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interests in the website’s optimal functioning as well as a customer-friendly and effective design of the visit to our website.
We may occasionally collaborate with advertising partners who help us to make our website more interesting for you. Cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies) for this purpose. If we collaborate with aforementioned advertising partners, you will be informed individually and separately of the use of such cookies and the scope of the information collected in each case within the paragraphs below.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers via the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that not accepting cookies may cause the functioning of our website to be limited.
4.1 — Rating reminder through Trustpilot
If you have granted your express consent to this in accordance with Art. 6 (1) lit. a GDPR during or after your order placement, we will transmit your email address to the Trustpilot rating platform of Trustpilot A/S, Pilestræde 58, 1112 Copenhagen K, Denmark (www.trustpilot.com), so that it sends you a rating reminder by email.
You may withdraw your consent at any time by sending a message to the data controller or the rating platform.
4.2 Personal data is collected in the course of contacting us (e.g. via contact form or email). The data which is collected in the case of contact form usage is shown on the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If the objective of your contacting us is the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after your request has been processed. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4.3 WhatsApp business
We offer visitors to our website the possibility to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the business version of WhatsApp for this purpose.
If you contact us via WhatsApp regarding a specific transaction (e.g. an order placed), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first name and surname in accordance with Art. 6 (1) lit. b. GDPR to process and respond to your request. On the same legal basis, we may ask you to provide further data (order number, customer number, address or email address) via WhatsApp in order to assign your request to a specific process.
If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first and last name in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in providing the requested information efficiently and promptly.
Your data will only ever be used to respond to your request via WhatsApp. It will not be passed on to third parties.
Please note that WhatsApp Business obtains access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. We operate our WhatsApp business account using a mobile device whose address book stores only the WhatsApp contact details of those users who have also contacted us via WhatsApp.
5) Use of customer data for direct advertising
5.1 Registration for our email newsletter
If you register for our email newsletter, we will send you information on our offers on a regular basis. The only mandatory data to receive the newsletter is your email address. The provision of any additional data is voluntary and will be used to address you personally. We use the double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter provided you have granted your express consent to receiving newsletters. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.
By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for the newsletter is used exclusively to address you for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the corresponding link in the newsletter or by sending a message in this regard to the controller named at the outset. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately. This occurs in all cases unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this, which is permitted by law and about which we inform you in this policy.
5.2 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you email offers for similar goods or services to those you have already purchased from our range on a regular basis. Pursuant to Section 7 (3) UWG [Unfair Competition Act], we can do this without obtaining your separate consent. This data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send any emails. You are entitled to object to the continued use of your email address for the aforementioned advertising purpose at any time by notifying the controller named at the outset. You will only incur transmission costs in accordance with the basic rates for this. Once your objection is received, the use of your email address for advertising purposes will cease immediately.
5.3 — Advertising sent via the postal system
Based on our legitimate interest in personalised direct advertising, we reserve the right to store your first name and surname, your postal address and — insofar as we have received this additional information from you within the framework of the contractual relationship — your title, academic degree, year of birth and your professional, industry or business name in accordance with Art. 6 (1) lit. f GDPR and to use it to send you interesting offers and information on our products via the postal system.
You can object to the storage and use of your data for this purpose at any time by contacting the controller.
6) Web analytics services
6.1 Google (Universal) Analytics
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymisation of the IP address by shortening it and preventing it from being traced to a specific user. The extension means that your IP address is initially shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google LLC. server in the USA and shortened there.
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. In this context, the IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Furthermore, using a special function called demographic characteristics, Google Analytics enables the creation of statistics providing statements on the age, gender and interests of site visitors based on an evaluation of interest-based advertising and with the inclusion of third-party information. This allows user groups of the website to be defined and differentiated for the purpose of targeting marketing measures. However, data records collected via demographic characteristics cannot be assigned to a specific person.
Details on the processing triggered by Google Analytics and on Google’s handling of data from websites are provided here: https://policies.google.com/technologies/partner-sites
All of the processing described above, in particular the setting of Google Analytics cookies for reading out information on the terminal device used, is only carried out if you have granted your express consent in accordance with Art. 6 (1) lit. a GDPR. Without this consent, Google Analytics will not be used during your visit to the website.
You may revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the Cookie Consent Tool provided on the website. We have concluded an order processing agreement with Google for the use of Google Analytics, under the terms of which Google is obligated to protect the data of visitors to our site and to refrain from passing it on to third parties. In relation to the transfer of data from the EU to the USA, Google refers to the standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
The UserIDs function is also used as an extension of Google Analytics in connection with this website. By assigning individual UserIDs, we can have Google create cross-device tracking reports. This means that your usage behaviour can also be analysed across multiple devices if you have granted your corresponding consent to the use of Google Analytics in accordance with Art. 6 (1) lit. a GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different terminal devices with your relevant login data. The data collected in this way shows, among other things, which terminal device you were using when you clicked on an ad for the first time and on which terminal device the relevant conversion took place.
6.2 Google Analytics 4
This website uses Google Analytics 4, a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), a tool for analysing the use of websites.
Cookies are used as standard during the use of Google Analytics 4. Cookies are text files that are stored on your terminal device and enable an analysis of your use of a website. The information collected by cookies on your use of the website (including the IP address transmitted by your terminal device, shortened by the removal of the last few digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the information being transmitted to the servers of Google LLC, a company based in the USA, where it is further processed.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always automatically collected and processed anonymously by default, so that the information collected cannot be directly related to an individual. This automatic anonymisation is carried out by shortening (removing by the last digits) of the IP address transmitted from your terminal device by Google within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA).
Google uses this and other information on our behalf for the purpose of evaluating your use of the website, compiling reports on your website activity and/or usage behaviour and providing us with other services relating to your use of the website and the Internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Furthermore, using a special function called demographic characteristics, Google Analytics 4 enables the creation of statistics providing statements on the age, gender and interests of website users based on an evaluation of interest-based advertising and with the inclusion of third-party information. This allows user groups of the website to be defined and differentiated for the purpose of the target group-optimised orientation of marketing measures. However, data collected via demographic characteristics cannot be traced to a specific person and thus not to you personally either. This data collected via the demographic characteristics function is kept for two months then deleted.
All of the processing described above, in particular the setting of Google Analytics cookies for saving and reading out information on the terminal device used by you when visiting the website, is only carried out if you have granted your express consent in accordance with Art. 6 (1) lit. a GDPR. Google Analytics 4 will not be deployed during your use of the website unless you have consented to this. You may revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the Cookie Consent Tool provided on the website.
The UserIDs function is also used as an extension of Google Analytics 4 in connection with this website. By assigning individual UserIDs, we can have Google create cross-device tracking reports. This means that your usage behaviour can also be analysed across multiple devices if you have granted your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different terminal devices with your relevant login data. The data collected in this way shows, among other things, which terminal device you were using when you clicked on an ad for the first time and on which terminal device the relevant conversion took place.
We have concluded an order processing agreement with Google for our use of Google Analytics 4, under the terms of which Google is obligated to protect the data of our website users and to refrain from passing it on to third parties.
To ensure compliance with the European level of data protection, even in the event of any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the European Commission’s standard contractual clauses, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, is accessible via the following link: https://policies.google.com/privacy?hl=de&gl=de
Details on the processing triggered by Google Analytics 4 and on Google’s handling of data from websites are provided here: https://policies.google.com/technologies/partner-sites
7) Site functionalities
Applications to job advertisements via email
We advertise current vacancies on our website in a separate section, for which interested parties can apply to the contact address provided via email.
In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection together with their application via email.
The required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Health-related information may also be required as applicable, which must be taken into special consideration under labour and social law in the person of the applicant in the interest of social protection.
The components that an application must contain in order to be considered in each individual case and the form in which these components are to be sent via email are specified in the respective job advertisement.
After the application sent using the specified email contact address has been received, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. We will deal with queries arising in the course of processing using either the email address provided by the applicant with his/her application or a telephone number provided, at our discretion.
The legal basis for this processing, including contacting for queries, is generally Art. 6 (1) lit. b GDPR (for processing in Germany in conjunction with Art. 26 (1) BDSG [Federal Data Protection Act]), in the meaning of which the application process is considered to be the initiation of an employment contract.
Insofar as applicants are requested to provide special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severely disabled status) as part of the application process, the processing is carried out in accordance with Art. 9 (2) lit. b. GDPR so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.
Cumulatively or alternatively, the processing of the special data categories may also be based on Art. 9 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnosis, the provision of health or social care or treatment or for the management of health or social care systems and services.
In the event that, in the course of the evaluation described above, the applicant is not selected or if an applicant withdraws his/her application prematurely, his/her data transmitted via email as well as all electronic correspondence, including the original application email, will be deleted at the latest 6 months following notification. This period is measured based on our legitimate interest in being able to answer any follow-up questions on the application and, if necessary, to comply with our obligations to provide evidence under the regulations on the equal treatment of applicants.
In the event of a successful application, the data provided will be further processed based on Art. 6 (1) lit. b GDPR (for processing in Germany in conjunction with Section 26 (1) BDSG) for the purposes of implementing the employment relationship.
8) Rights of the data subject
8.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective prerequisites for exercising these rights:
- Right to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
9) Duration of the storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations based on Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest in continuing to store it on our part.
When processing personal data on the basis of Art. 6(1) lit. f GDPR, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data is stored until the data subject exercises his/her right to object pursuant to Art. 21 (2) GDPR.
Unless otherwise indicated in the other information in this policy on specific processing situations, stored personal data is otherwise deleted if it is no longer required for the purposes for which it was collected or otherwise processed.
Version date 20/04/2022
Deactivate Microsoft Clarity