Data Protection – xTCU AG

Privacy policy

xTCU appreciates your visit to our website and your interest in our products and services. xTCU takes the protection of your information and the maintenance of data secrecy very seriously.

xTCU wants you to know what information is collected when you visit our website and how it is processed and used:

1. responsible body

The responsible entity in terms of data protection regulations is xTCU AG, Fürst-Franz-Josef-Strasse5, 9490 Vaduz, Principality of Liechtenstein. You can find more information about the responsible entity in our imprint.

2. consent

By using our website, you agree to our terms of use and to the collection, processing and use of your data as explained below. This privacy policy is constantly updated and adapted to any changes in data protection regulations. You should therefore visit this page regularly to find out about the current status of our privacy policy. If necessary, we obtain separate consents via this website (e.g. Consent Manager or Newslettter).

3. data processing on the website

3.1 Personal data

Personal data allows concrete conclusions to be drawn about a person, including details such as the company, name, date of birth, address, telephone number and e-mail address of visitors to our website. Anonymized data, on the other hand, is not personal and therefore does not fall within the scope of the GDPR.

3.2 Purpose of the collection, processing or use

Within the framework of the use of our websites, for the execution of a contract, on the basis of consent, as well as any contact – as it were by you or by us – the processing of your personal data takes place on the basis of the so-called legitimacy principle. Personal data is passed on within the company, as well as to commissioned service providers, partners and other legitimate recipients. In particular, this refers to the following constellations:

Contact by you
If you contact us by e-mail, fax, telephone, mail, contact form, chat function or using other communication channels (also from external partners) or via a personal contact (e.g. at trade fairs, events or with the field service), we process personal data (title, name, company, contact details) that you provide to us for the purpose of processing, documenting and following up your request on the basis of Art. 6 (1) lit. b DSGVO or Art. 6 (1) lit. f DSGVO.
Processing of orders
For the processing of orders (e.g. fulfillment of purchase contract) we process personal data (title, name, company, address, contact details, transaction data) that you provide to us on the basis of Art. 6 para. 1 lit. b DSGVO. In this context, we transmit necessary information, if required, to the companies commissioned with the delivery or execution as well as the banks, insurance companies and service providers commissioned with the transaction, regulation, credit assessment and sanctions list comparison. This also applies to the processing of contract-initiating or pre-contractual measures as well as post-contractual services and complaints.
Trade fairs and events
Fairs and events give you the opportunity to find out about our products and services and to make personal contact with us. Personal data (title, name, company, address, contact details) that you provide to us will be processed for the purpose of documentation, processing of your inquiries and follow-up of the respective event on the basis of Art. 6 para. 1 lit. b DSGVO or Art. 6 para. 1 lit. f DSGVO.
Contact by us
In the context of the customary tracking of properties, to make appointments, for a one-time information of new contacts via our communication channels and for similar purposes, we contact you in the industry environment by telephone, e-mail, using other communication channels or via a personal contact.In doing so, we process personal data (title, name, company, address, contact details, role in the object) that you have provided to us and newly provide to us, are publicly available or are transmitted to us by third parties, on the basis of Art. 6 Para. 1 lit. b DSGVO or Art. 6 Para. 1 lit. f DSGVO. This also applies to the implementation of regular satisfaction surveys for quality assurance and to increase partner and customer satisfaction. In this context, we transmit necessary information to the service providers and partners commissioned with the implementation, if required.

3.3 Newsletter

If you have subscribed to one of our newsletters by clicking the button provided for this purpose, we collect and use your e-mail address for sending the newsletter. You can revoke your consent at any time with effect for the future (e.g. by clicking on the unsubscribe link, which you will find in every newsletter).

To confirm your registration, we use the so-called double opt-in procedure. This means that we will send you a confirmation e-mail before sending the first newsletter, with which you can confirm the newsletter subscription by clicking on the link provided for this purpose. You will only receive our newsletter after confirmation. The newsletter is sent via the odoo software. You can find more information under 6.3.

3.4 External links

xTCU has included links from external providers on the website. By clicking on these links, you will be forwarded directly to the websites of these providers. You will recognize this, among other things, by the change of the URL. Since xTCU has from this time no more influence on the processing of your personal data, xTCU can take over no responsibility for it. Please inform yourself for all external offers directly about the data protection provisions on the selected websites.

3.5 Use of communication media

If the use of a video function or other communication media makes sense for the processing of these use cases, you expressly agree to the use of the respective form of communication with the system use and, if applicable, the system-side data release. The legal basis for the processing of your personal data in this context is Art. 6 (1) a) DSGVO.

3.6 Disclosure of personal data

As a matter of principle, personal data is not passed on to third parties; in particular, the sale of customer information is not part of our business. A disclosure is possible to the following extent:

to our service providers, e.g. for package delivery, mail delivery, credit card payment or processing of a training;
to other service providers who act for us as order processors and a transfer is required due to a contractual relationship, you have given your consent for the transfer or our legitimate interests prevail;
to authorities, provided that a court or other official order exists;
to other third parties if there is a corresponding legal obligation, if such disclosure is necessary to protect our rights as well as the rights of our customers, e.g. to assert or defend against legal claims

3.7 Duration of data storage

If a contractual relationship exists between you and xTCU, personal data will be deleted in accordance with the mandatory deletion requirements (e.g. statutory deletion periods of the German Commercial Code and the German Fiscal Code).

If we process your personal data on the basis of an inquiry, contact or other communication, it will be deleted after completion of the inquiry if there is neither a legitimate interest for further data processing or data storage, nor consent.

4. log data

For the delivery of the websites, to ensure the functionality, the optimization of the applications and for the security of the websites, we process the following personal data, the so-called log data, on the basis of Art. 6Abs. 1 f) DSGVO: IP address of the user, date and time of access, accessed pages/files, protocol and status of access, volume of data transmission, referrer URL, information on the client/browser used.

Log data and its contents are stored for 30 days [S1] and then deleted or, if necessary, anonymized, unless they are required for the clarification or documentation of misuse or illegal use that has become known within the retention period. [S1]Please specify how long log data is stored.

We use the German web hosting provider united-domains AG, Gautinger Straße10, 82319 Starnberg for our website. Further information on data protection at united-domains AG can be found at
https://www.united-domains.de/unternehmen/datenschutz/.

5. use of cookies

Our websites use cookies to provide you with a seamless web experience and to optimize the user experience. Cookies are small text files that are stored on the end devices used by the users and contain specific user and usage information.

The use of all company websites requires consent for those cookies that are absolutely necessary for operation. In addition, you can give us your consent to the use of other cookies (analytics, marketing, external content). This request is made before the first use of our websites and serves as the legal basis for the processing of personal data (title, name, company, IP address, user information, etc.), which are automatically collected by our websites, on the basis of Art. 6 para.1 lit. a DSGVO. As a precaution, we would like to point out that the functions of our websites may be limited if cookies are deactivated or removed.

Detailed information about the cookies used, their purpose and storage period can be found in our cookie banner under “More information”. In this you can adjust your cookie settings at any time and revoke your consent with effect for the future.

You can also restrict or deactivate the use of cookies in your browser settings at any time. It is also possible to use our offers without cookies. However, this may lead to certain restrictions in the functions and user-friendliness of our offer.

5.1 Usercentrics

For the ConsentManagement we use the service Cookiebot by Usercentrics. Recipient of your data in the sense of Art. 13. para. 1. e) DSGVO is Usercentrics GmbH. In the context of order processing, xTCU transmits personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany, as an order processor. Consent data means the following data: Date and time of the visit or consent / refusal, device information.The processing of the data is carried out for the purpose of compliance with legal obligations (obligation to provide proof in accordance with Art. 7 para. 1 DSGVO) and the associated documentation of consents and thus on the basis of Art. 6Abs. 1 lit. c) DSGVO. Local storage is used to store the data.

The consent data will be stored for 1 year. The data is stored in the European Union. For more information on the data collected and contact options, please visit https://usercentrics.com/privacy-policy/.

6. use of third party providers

When using third-party providers, we always ensure that there is a valid legal basis for the data transfer. In order to ensure the security of your personal data, we have concluded an order processing agreement with all third-party providers in accordance with Art. 28 DSGVO. For third-party providers located in third countries, we have concluded the standard contractual clauses approved by the EU Commission.

6.1 WordPress

We use WordPress, … as our website builder and to display the forms on our website. In the process, your interactions with the website, web browser or operating system details, and Internet Protocol address, as well as input into forms, if applicable, are transmitted to xTCU. The data storage takes place in the Azure cloud. For more information about WordPress’s privacy policy, please visit https://automattic.com/privacy/

6.2 Google Services

Person responsible for all Google services: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As a rule, the legal basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. In exceptional cases, we invoke our legitimate interest.

We have concluded an order processing agreement with Google, including standard contractual clauses.

For more information about Google’s privacy policy and retention period, please see the Google Privacy Policy: https://policies.google.com/privacy.

6.2.1 Google Fonts

On our website, we use Google Fonts, a directory of over 800 fonts. You do not need to register to use Google Fonts. Furthermore, no cookies are stored in your browser. The files are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According toGoogle, the requests for CSS and fonts are completely separate from all otherGoogle services. Even if you have a Google account, yourGoogle account information is not transmitted to Google. Google records the use ofCSS (Cascading Style Sheets) and the fonts used and stores this data securely. Google Fonts is an important component to keep the quality of our website high and to speed up the loading time. When you visit our website, the fonts are reloaded via a Google server. This transmits data to the Google servers. In this way, Google also recognizes that you or your IP address are visiting our website. The Google Fonts API is designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. Each Google Font request also automatically transfers information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. The font files are stored by Google for one year. The collected usage figures enable Google to determine how well the individual fonts are received. Google thus pursues the goal of fundamentally improving the loading time of websites.

6.2.2 Google Drive

We use Google Drive as a file hosting service. Customers can store, share, and collaborate on documents with other users in the Google Drive cloud. We use the service to download documents provided to us. The transfer of documents is encrypted.

6.2.3 Google Maps

Our websites use the external map service “Google Maps”. This service enables us to present our web pages in an appealing way by loading map material from an external server. The required data is requested from a Google server in Europe or the USA. Through this request, information such as your IP address and the web pages you have visited are usually transferred to a Google server and stored there for several months. The use of “Google Maps” is in the interest of an appealing presentation of our online offers.

6.4 Microsoft 365

We use Microsoft 365 as an online service and for Office applications. In particular, communication with you and scheduling is done via Outlook. The legal basis is our legitimate interest.

The responsible party for the European region is Microsoft Ireland Operations Limited, One MicrosoftPlace, South County Business Park, Leopardstown Dublin 18, Ireland. Data storage takes place in data centers in Europe. Further information on data protection at Microsoft can be found at https://privacy.microsoft.com/de-de/privacy.

6.7 Vimeo

For the integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is VimeoInc., 555 West 18th Street, New York, New York 10011, USA. When a page with an integrated Vimeo plugin is called up, a connection to the Vimeo servers is established. Vimeo learns which of our pages you have accessed. Vimeo learns your IP address, even if you are not logged into the Vimeo portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.

Vimeo can assign your surfing behavior directly to your personal profile. You have the option to prevent this by logging out beforehand. The use of Vimeo is in the interest of an appealing presentation of our online offers on the basis of your consent.Details on the handling of user data can be found at: https://vimeo.com/privacy.

6.8 YouTube

Our website uses plugins from Youtube.de/Youtube.com, which – represented by Google Inc. – is operated by Youtube, LLC, Cherry Ave, USA. If you call up web pages of our Internet presence provided with such a plugin and have given your consent, a connection is established to the Youtube servers and the plugin is displayed on the web page by notifying your browser. This transmits to the Youtube server which of our web pages you have visited. If you are logged in as a member of Youtube, Youtube assigns this information to your personal user accounts of these platforms. When using these plugins, such as clicking/starting a video or sending a comment, this information is assigned to your Youtube user account, which you can only prevent by logging out before using the plugin. For more information on the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

6.11 LinkedIn

We use plugins from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA on our websites. If you access LinkedIn from our site, LinkedIn collects information from the devices and connects.Already when you access our website, a direct connection to the servers of LinkedIn is established via your browser. LinkedIn automatically receives the URL of the website from which you came or the page to which you are redirected. LinkedIn also receives the Internet Protocol (“IP”) address of your computer or the proxy server you use to access the Internet, information about your computer’s operating system and the web browser you use, your mobile device (including the mobile device identifier available through your mobile device’s operating system), your mobile device’s operating system (if you access LinkedIn through a mobile device), and the name of your Internet service provider or mobile carrier. LinkedIn may also receive location data through this. If you are logged in as a member of LinkedIn via your account during your visit to our website and link the content of this website to your LinkedIn profile, LinkedIn is able to assign your visit to this website to your user account. The latest data protection information from LinkedIn, in particular information on your rights and settings options, can be accessed at the following website: https://www.linkedin.com/legal/privacy-policy”.

7. data protection information for applicants

Data and documents provided to us in connection with your application are automatically collected, stored and used by our HR department exclusively for this purpose. If you submit your application via our online form, the data requested in the input fields will be collected.All mandatory fields are marked with an asterisk. We store your personal data within the company only for as long as is necessary to fulfill the purpose for which it was collected or as the law requires us to retain it. If we are unable to consider your application and as long as you have not given your consent for us to store your data for a longer period, we will delete your data after six months from the date on which the position was awarded.

8. information security

xTCU takes all reasonable technical and organizational security measures to protect your personal data against deletion, alteration, loss, misuse, unauthorized disclosure or access.

If you send us information by e-mail, confidentiality is not guaranteed, as the content of e-mails can be viewed by third parties.Confidential information should only be sent to us in person or by mail.

9. minors

xTCU does not collect, process or use personal data of minors. If xTCU learns that personal data of minors has been used unknowingly, this data will be deleted immediately.

10. your rights

Art. 15 DSGVO: Right of access
You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 DSGVO.

Art. 17 DSGVO: Right to erasure
You have the right to request the erasure of your personal data if one of the reasons described in Art. 17 DSGVO applies. However, this right does not apply in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Art. 18 DSGVO: Right to restrict processing
Youhave the right to request the restriction of the processing of your personal data if one of the conditions listed in Art. 18 DSGVO applies. This applies, for example, to situations where you have objected to the processing as long as it has not yet been determined whether our legitimate grounds prevail.

Art. 19 DSGVO: Right to information
Ifyou have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this to all further recipients to whom it has disclosed your personal data. Unless this notification proves impossible or involves a disproportionate effort. You are entitled to be informed about these recipients.

Art. 20 DSGVO: Right to data portability
You have the right to receive your personal data that you have provided to us or to request that it be transferred to another controller, insofar as this is technically feasible.

Art. 7 para. 3 DSGVO: Right to revoke consent given
You have the right to revoke consent given at any time with effect for the future. In this case, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent.

Art. 21 DSGVO: Right of objection
If data is collected on the basis of Art. 6 (1) (f) (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data.

Art. 77 GDPR: Right to lodge a complaint
Ifyou believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

11. inquiries and suggestions

xTCU will process requests regarding your personal data used by xTCU accordingly, in particular provide authorized information and make corrections, additions or deletions. Also for other questions and suggestions in matters of data protection, our data protection officer is available at any time at the following address:

Mr. Robert Jeffares
Data Business Services GmbH & Co KG
jeffares@db5.eu

12. online dispute resolution

The EU Commission provides an online platform for online dispute resolution (ODR platform) in consumer matters. You can access this platform on the Internet at ec.europa.eu/consumers/odr/.