Privacy policy 1. At a glance
1.1. General information
1.2. Data collection on this website
Who is responsible for data collection on this website?
Data is processed on this website by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
On the one hand, your data will be collected when you communicate it to us. This could, for example, be data you enter on a contact form.
Other data is collected either automatically by our IT systems or with your consent when you visit the website. This data is primarily technical data (such as the browser and operating system you are using or when you accessed the page). This data is collected automatically as soon as you visit this website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected or deleted. If you have given your consent to data processing, you may revoke this consent at any time. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You may also, of course, file a complaint with the competent regulatory authorities.
You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection.
1.3. Analytics and third-party tools
When visiting our website, your browsing behavior may be statistically analysed. This happens primarily through the use of cookies and analytics.
Detailed information about these analysis programs can be found in the following Privacy Policy.
2. Hosting and Content Delivery Networks (CDN)
2.1. External Hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This information is primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, instances of website access, and other data generated via a website.
The hosting provider is used to fulfil the contract with our potential and existing customers (Article 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Article 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
What rights do you have regarding your data?
To ensure data protection-compliant processing, we have concluded an order processing contract with our host.
3. General and mandatory information
3.1. Privacy policy
The operator of this website takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations, including in this data protection declaration.
If you use this website, various pieces of personal data will be collected.
Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that the transfer of data on the internet (e.g., communication via email) may be subject to security gaps. It is not possible to fully protect data from third-party access.
3.2. Notice concerning the responsible party
XU Group GmbH
Mehringdamm 33
10961 Berlin
Phone: +49 (0) 30 959 999 99 0
Email: hallo@xu.de
The responsible company is a physical or legal person who decides on the goals and methods of processing personal data (e.g., names, email addresses, etc.) either alone or in tandem with others.
3.3. Statutory data protection officer
Address: FGND Core GmbH, Kelvinstraße 14, 50996 Cologne
Email: dpo.xu-group@fgnd-core.eu
Phone: +49 (0) 2236 / 490 90 80
3.4. Revoking your consent to the processing of your data
3.5. Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
Data is processed on the basis of Art. 6 para. 1 lit e or f GDPR, and you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you lodge your objection, we will no longer process the personal data that concerns you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection on the basis of Art. 21. para. 1 GDPR).
Where your personal data is processed for direct marketing purposes, you have the right at any time to object to the processing of your personal data for the purpose of advertising, including profiling, to the extent it is related to such direct marketing. If you object, your personal data will no longer be used for the purposes of direct marketing (objection on the basis of Art. 21 para. 2 GDPR).
3.6. Right to file complaints with regulatory authorities
3.7. Right to data portability
You have the right to have any data which we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another data controller, this will only be done if technically feasible.
3.8. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses an SSL or TLS protocol. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
3.9. Information, deletion and correction
3.10. Right to restrict processing
You have the right to request the restriction of the processing of your personal data. To this end, you can contact us at any time at the address given in the imprint. The right to limit the processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data was done/is done unlawfully, you may request the restriction of data processing instead of erasure.-
- If we no longer need your personal data, but you do need it to exercise it.
If you require the defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have objected pursuant to Art. 21 para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests take precedence, you have the right to demand that the processing of your personal data be restricted.
Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the European Union or of a Member State.
3.11. Objection to advertising e-mails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action in the event that unsolicited advertising material, such as email spam, is received.
4. Data collection on this website
4.1. Cookies
Our websites use cookies. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
In some cases, cookies from third-party companies can also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services).
Cookies perform various different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, for example for the shopping basket function) or to enhance the website (for example, cookies to measure web audience) are stored on the basis of Article 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website owner has a legitimate interest in the storing of cookies to the technically correct and optimized delivery of their services. If consent to the storage of cookies has been requested, the cookies concerned are stored exclusively on the basis of this consent (Art 6 para. 1 lit a GDPR); consent may be revoked at any time.
You can configure your browser in such a way that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this Privacy Policy and, if necessary, request your consent.
4.2. Cookie Consent with Consent Manager Provider
(hereinafter “Consent Manager Provider”).
When you enter our website, a connection is established to the servers of the Consent Manager Provider in order to obtain your consent and other declarations regarding the use of cookies. The Consent Manager Provider then saves a cookie in your browser to assign the consent you have given or to revoke it. The data collected in this way will be stored until you ask us to delete it, delete the Consent Manager Provider’s cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.
The Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 s. 1 lit. c GDPR.
Contract for order processing
We have concluded an order processing agreement with Consent Manager Provider. This is a contract prescribed by data protection laws, which ensures that the Consent Manager Provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
4.3. Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and browser version
- Used operating system
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data will not be combined with data from other sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically correct display and optimization of its website; for this purpose, the server log files must be stored.
4.4. Contact form
If you use our contact form to send us an inquiry, we will store the details you enter on the form, including your contact details, in order to address your inquiry and to ask any follow-up questions that may arise. We do not pass on these data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request relates to the execution of a contract or is required to carry out pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage is no longer applicable (e.g., after processing your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
4.5. Request by email, phone or fax
If you contact us by email, phone or fax, your request, including all ensuing personal data (name, nature of enquiry), is stored and processed by us for the purposes of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request relates to the execution of a contract or is required to carry out pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.
We will retain the data you provide on the contact form until its deletion is requested, your consent for storage is revoked, or the purpose for its storage is no longer applicable (e.g. after the handling of your enquiry has been completed). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
5. Analysis tools and advertising
5.1. Google Analytics
This website uses Google Analytics, a web analytics service. The provider is Google Ireland Limited (hereinafter referred to as “Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses what are called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be generally transmitted to and stored by Google on a server located in the United States.
The storage of Google Analytics cookies and the use of this analysis tool are carried out on the basis of Art. 6, para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If respective consent has been requested (for example, consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 1 lit. a GDPR; consent may be revoked at any time.
IP anonymisation
We have activated the IP anonymization feature on this website. Your IP address will be truncated by Google within the European Union or and the European Economic Area prior to transmission to the United States. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. At the website operator’s behest, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Browser plug-in
You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, please be aware that in this case you may not be able to fully utilize all the features of this website. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install:
https://tools.google.com/dlpage/gaoptout?hl=de.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set; this will prevent your data from being collected when you visit this website in the future:
Google Analytics in general
For more information on how Google Analytics handles user data, please see Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.
Outsourced data processing
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Storage period
Data stored at Google on the user and event level which are linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised after 14 months or deleted. Details can be found under the following link:
5.2. Advertising via marketing networks
Google AdWords Remarketing
We use Google AdWords to advertise this website in Google search results and on third-party websites. For this purpose, the so-called remarketing cookie from Google is set when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. This serves to safeguard our legitimate interests which are predominate in the context of weighing up interests for optimally marketing our website in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. Once the purpose for collecting the data and its use by Google AdWords Remarketing is ended, it will be deleted.
Any additional processing will only take place if you have agreed with Google that your web and app browsing history will be linked to your Google Account and information from your Google Account will be used to personalize ads you see on the web. If you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To this end, Google temporarily links your personal data with Google Analytics data to form target groups.
Google AdWords Remarketing is a service of Google LLC (www.google.de). Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed at https://www.privacyshield.gov/list. As a result of this agreement between the US and the European Commission, the latter has established that companies certified under the Privacy Shield have an adequate level of data protection.
You can deactivate the remarketing cookie via https://adssettings.google.com/authenticated?hl=en. In addition, you can inform yourself about the setting of cookies at the Digital Advertising Alliance (http://www.aboutads.info/) and make settings for this.
Google AdWords Conversion Tracking
We also use Google Conversion Tracking to statistically record and evaluate the use of our website for the purpose of optimizing it for you. Google AdWords will set a cookie (see Section 4) on your computer if you have accessed our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. Should the user visit certain pages of the AdWords advertiser’s website and the cookies have not yet expired, Google and their advertiser can tell that the user clicked on the ad and proceeded to that page.
Websites of AdWords customers are tracked. The information obtained using the conversion cookie information is used to create conversion statistics for the AdWords advertisers who have opted in to conversion tracking. The AdWords advertisers can find out the total number of users who have clicked on their advert and were directed to the page using the conversion tracking tag. However, advertisers do not obtain any information that can be used to identify users personally.
Should you not wish to participate in the tracking process, you can also reject the placement of a cookie in this instance by using the browser setting which generally disables the automatic placement of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies originating from the domain “www.googleadservices.com”. Google’s privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html).
The use of the visitor action pixel from Meta
Our website uses the visitor action pixel of Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, U.S.A. (“Facebook”) for conversion measurement.
These allow the behavior of site visitors to be tracked after they click on a Facebook or Instagram ad to reach the provider’s website. This allows an analysis of the effectiveness of Meta advertisements for statistical and market research purposes and their future optimization.
The collected data is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the guidelines for Meta data use. This will allow Meta to display ads both on Meta and on third-party sites. We have no control over how this data is used.
The tracking by the Meta Pixel is currently on this page:
Facebook opt-out notice: This setting also remains for all subsequent visits, but if you delete the cookies in this browser, you must click the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.
Please see Facebook’s privacy policy for more information on how we protect your privacy: https://www.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in the Ad Settings section of https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you will first need to log into Facebook.
If you do not have a Facebook account, you can disable Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
We use the Meta Pixel to design our website according to needs and to promote it (legitimate interest acc. Art. 6 (1) lit. f GDPR).
LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows the collection of, among other things, the following data: IP address, device and browser properties and page events (e.g. page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. LinkedIn does not share personal data with KPMG, but offers anonymous reports about the website target group and the display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. KPMG can use this data to display targeted advertising outside of its website without identifying you as a website visitor. Further information on data protection at LinkedIn can be found in the LinkedIn data protection information.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website (“opt-out”) click here.
6. Newsletter
6.1. Newsletter data
If you would like to receive our newsletter, we require a valid email address as well as information which allows us to verify that you are the owner of the email address provided and that you agree to receiving this newsletter. No additional data are collected or they are only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will therefore process any data you enter onto the contact form only with your consent per Art. 6 1 lit. a GDPR).
You can revoke your consent to the storage of the data as well as the use of your email address for receiving the newsletter at any time (by clicking the “unsubscribe” link in the newsletter). The data processed before we receive your request may still be legally processed.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interests.
6.2. rapidmail
This website uses the services of MailChimp to send newsletters. Provider is ie rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany.
rapidmail is a service which organizes and analyzes the distribution of newsletters. The data you provide in order to subscribe to our newsletter will be stored on rapidmail servers in Germany.
We use MailChimp to analyze our newsletter campaigns. When you open an e-mail sent with rapidmail, a file contained in the e-mail (so-called web beacon) connects to the servers of rapidmail. This allows us to determine if a newsletter message has been opened and which links, if any, you click on. Technical information (e.g. time of access, IP address, browser type and operating system) is collected as well. This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to ensure that the content of future newsletters better matches the interests of recipients.
If you do not want your usage of the newsletter to be analyzed by rapidmail, you will have to unsubscribe from the newsletter. We provide a link to do this in every newsletter we send. Furthermore, you can also directly unsubscribe from the newsletter on the website.
Data processing is based on Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist is only used for this purpose and is not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interests.
For more information, refer to rapidmail’s privacy policy at:
https://www.rapidmail.com/datensicherheit
