Data Protection Policy

Da­ta Protection Policy

 

Contents:
I. Controller within the meaning of data protection laws
II. Data protection officer
III. General information about data processing
IV. Automatic data processing when accessing the website www.xitaso.com
V. Use of cookies
VI. Processing personal data via the contact form
VII. Processing personal data via e-mail
VIII. Processing personal via telephone
IX. Processing personal data within job application procedures
X. Processing personal data acquired by handing over business cards
XI. Google Maps
XII. Rights of the data subject

Our data processing
When you use the website www.xitaso.com and its functions, make contact and send a request, you send us personal data which we process for the purpose of responding to your requests. We handle these data in accordance with data protection laws strictly for the intended purpose only.

I. The controller within the meaning of data protection laws is

XI­TA­SO GmbH
Au­stra­ße 35
D-86153 Augs­burg

Telefon-Nr.: +49 (0) 821 / 885 882 00
E-Mail: info@xitaso.com

Represented by:
Ul­rich Hug­gen­ber­ger, Mar­tin Hug­gen­ber­ger

II. Data protection officer

Statutory data protection officer:
We have appointed a data protection officer for our company.

RDP Röhl Dehm & Partner Rechtsanwälte mbB
Moritzplatz 6
86150 Augsburg
datenschutz@xitaso.com

III. General information about data processing

Scope of processing of personal data in general

As a basic principle, we only process personal data if this is necessary to provide a functional website along with our content and services.

Legal basis for processing personal data

The legal basis for processing this personal data can be found in the General Data Protection Regulation, Article 6(1)(a)-(f) GDPR.

If the data subject has given consent, the legal basis is Article 6(1)(a) GDPR.

Article 6(1)(b) GDPR is the legal basis for processing personal data as required for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

If processing is necessary for compliance with a legal obligation of the controller, the legal basis is Article 6(1)(c) GDPR.

If vital interests of the data subject or another natural person make it necessary to process data, the legal basis is Article 6(1)(d) GDPR.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6(1)(e) GDPR.

If processing is necessary to protect a legitimate interest of our company and overrides the interests, fundamental freedoms or fundamental rights of the data subject, the legal basis is Article 6(1)(f) GDPR.

Provision of personal data required to conclude a contract or based on statutory retention obligations

When you contact us, we collect personal data. We store these data partly due to legal requirements and partly for the purpose of concluding a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. Tax and commercial law considerations also result in statutory retention obligations which we have to meet. Otherwise, we may be unable to provide you with our service.

Before providing your personal data, you can feel free to get in touch with your contact person in our company to find out whether we will need your data to conclude a contract and/or to meet our statutory retention obligations and what will happen if you do not provide us with the data.

Data erasure and storage period

We will store your personal data as long as this is necessary to fulfill a purpose or the storage of the data is mandatory based on legal requirements according to Article 6(1)(c) GDPR.
If the purpose for storing personal data no longer applies, these data will be erased after 6 months or processing will be restricted unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
These data will only be stored otherwise if this has been stipulated by the European or national legislator.

SSL or TLS encryption

We use SSL or TLS encryption on the entire website for security reasons on the one hand and to protect your confidential data on the other.
Confidential data such as, for example, requests or orders that you have sent to us cannot be viewed by third parties as a result of this encryption.
You can recognize an encrypted connection from the address bar of the browser changing from “http://” to “https://” and a green padlock icon being displayed in the address bar.

IV. Automatic data processing when accessing the website www.xitaso.com

IP adress

1. Description and scope of data processing
When accessing this website, requests are sent to the server which it must answer. Your IP address must be collected and processed for this purpose in order to enable the server to respond to the corresponding requests.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address is to ensure that the website functions correctly and to enable you to access it.

4. Legitimate interest
The legitimate interest in the temporary storage of the IP address is that the website cannot function and access to the website is not possible without it.

5. Duration of storage
The data will be erased again as soon as it is no longer necessary for them to be stored due to fulfillment of the purpose.
Where the collection of data for providing the website is concerned, this is the case when the access procedure is completed.

6. Recipients of personal data
The IP address is processed by the following hosting provider as subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

Hosting

1. Description and scope of data processing
We use the services of our hosting provider for the technical implementation and accessibility of the website and for the technical maintenance thereof.
This includes the provision of storage and database services and the maintenance and updating thereof.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing is the implementation of the website and the detection of malfunctions and intrusion attempts.

4. Legitimate interest
The legitimate interest in mandating the hosting provider is the external technical expertise and the provision of a functional and uncompromised technical website environment.

5. Recipients of personal data and data categories:

The following hosting provider is active for us as a subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

The data categories concerned are:

User data
Communikation data
Contact data
Contract data

Server log files

1. Description and scope of data processing
The IP addresses collected when accessing this website are also stored in what are referred to as server log files in order to discover and eliminate technical faults and/or attempts to manipulate and break into the server structure.

The hosting provider of this website also automatically collects, stores and processes information in server log files that is sent automatically by your browser.

This information comprises:

IP adress
Browser type und browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of server request

However, this information is not merged with other data sources.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address and the aforementioned information is to detect malfunctions and intrusion attempts.

4. Legitimate interest
The legitimate interest in processing the IP address and the aforementioned information is the provision of a functional and uncompromised technical website environment.

5. Duration of storage
The data will be erased again within 7 days.

6. Recipients of personal data
The IP address and the aforementioned information are processed by the following hosting provider as subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

V. Use of cookies

1. Description and scope of data processing
The website www.xitaso.com uses “cookies”. Cookies are text files that are stored in the memory and/or on a data carrier of the device you use to visit the site and that are processed by your Internet browser in accordance with the settings stored therein.

2. Legal basis for data processing
The legal basis for processing is Article 6(1)(f) GDPR.

3. Purpose of data processing
These cookies contain technical information enabling the website functions to be provided within the scope of using the website. This ensures the technical implementation of the website.

4. Legitimate interest according to Article 6(1)(f) GDPR
The cookies used contain technical data only. The use of these cookies is necessary for ensuring that our website functions in a way that meets the user’s expectations.

5. Duration of storage as well as objection and removal options
The cookies used on this website are “session cookies”. They will be automatically deleted from the browser cache/memory by your computer after you have finished visiting the website and/or closed your browser provided you have activated this function in your browser.
Please also check the settings of your Internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your Internet browser also gives you the option of controlling how the cookies are handled or of deactivating them entirely. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website in their entirety.

VI. Processing personal data via the contact form

1. Description and scope of data processing
A contact form is available on our website that is used to make contact electronically. We process your personal data only to the extent you communicate them to us when making contact.

The following data are processed for requests using the contact form:

Title (Mr./Ms.)
First name*
Last name*
Company
e-mail adress*
Telephone number
Message*

The fields marked with a “*” symbol are mandatory fields and a request may not be sent to us using this contact form if they are not filled out.

The title is provided on a voluntary basis and is only used to address you personally when processing your request.

The name is provided so that we can address you personally when processing your request.

No data are sent to us when you are merely entering data into the forms. This only happens when you press the “Send” button.

The following data are also processed at the time the message is sent:

Date and time of request

2. Legal basis for data processing
The legal basis for processing personal data in order to handle and respond to your requests is Article 6(1)(f) GDPR.
The legal basis for processing personal data that are used to prepare and/or execute a contractual relationship is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data via the contact form only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the purpose may also be to initiate and/or execute a contractual relationship. In this case, the purpose is additionally to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your data entered in the contact form, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

VII. Processing personal data via e-mail

1. Description and scope of data processing
In the case of e-mail inquiries, personal data are processed depending on the content of your e-mail:

This always includes your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:

First name, last name
Telephone number

The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.

2. Legal basis for data processing
Based on the express request from the user by e-mail, the legal basis for processing data is Article 6(1)(f) GDPR. If the aim of making contact by e-mail is also to conclude and/or to execute a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data from your e-mail request only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the purpose may also be to initiate and/or execute a contractual relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

VIII. Processing personal data via telephone

1. Description and scope of data processing
In the case of telephone inquiries, personal data are processed depending on the content of the conversation:

Depending on the information you provide during the telephone call, this may also include the following personal data:

First name, last name
Telephone number
Customer number
Payment data
Contract data

The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.

2. Legal basis for data processing
Based on the express request from the user by telephone, the legal basis for processing data is Article 6(1) (f) GDPR. If the aim of making contact by telephone is also to conclude and/or to execute a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data from the telephone conversation only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the objective may also be to initiate and/or execute a contractual relationship and to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

IX. Processing personal data within job application procedures

1. Description and scope of data processing
We provide information about the current vacancies to be filled on a regular basis in job advertisements or on our website. You have the opportunity to apply for these jobs. You can send us your application data either by online application form, post or by e-mail.

Data that you send us using the online application form may include:

First name*
Last name*
E-mail adress*
Desired job category
Link to XING or LinkedIn profile
CV

Data that you send us by post as part of the application procedure may include:

Name, address and contact details
Resume including any further details
Personal letter
Qualifikations
Interests

If you send us your data by e-mail, we will also process your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:

First name, last name
Telephone number

The data are used solely to reach a decision on the vacancy to be filled as part of the application procedure.

2. Legal basis for data processing
The legal basis for processing the data within job application procedures is Article 6(1)(b) GDPR, § 26(1) BDSG (Federal Data Protection Act).

If you provide us with special categories of personal data within the application procedure such as information on an existing severe disability or health data that are required to assess the possibility of employing you in a certain position, these data provided on your initiative are processed according to Article 9(2)(b), (h) GDPR, Section 26(3) BDSG (Federal Data Protection Act).

3. Purpose of data processing
The processing of personal data within job application procedures is solely for the purpose of personnel planning and to establish employment relationships.

4. Legitimate interest
The legitimate interest in data processing is the necessity to fill open vacancies with qualified applicants as part of sustainable personnel planning and company management.

5. Duration of storage
If an application is rejected, the data will be erased within 6 months of the rejection. Data from successful applications are subject to retention obligations which result from the labor and social law provisions, the German Tax Code (AO) and the German Commercial Code (HGB).

X. Processing personal data acquired by handing over business cards

1. Description and scope of data processing
By handing over your business card to us on initial contact, you provided us with your personal data. These are:

Last name, first name
Company
Address of company
Contact data

We process these data in our CRM system.

2. Legal basis for data processing
The legal basis is contained in Article 6(1)(f) GDPR insofar as you have consented to the data being processed.

3. Purpose of / legitimate interest in data processing
We process these data to enable business communication and to determine shared business interests and for maintaining a customer relationship.
We process your personal data only for this purpose and only insofar as you have communicated them to us.

4. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code).

XI. Google Maps

1. Description and scope of data processing
This website uses the map service Google Maps through an API. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Your IP address has to be stored to enable you to use the functions of Google Maps. This information is generally transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.

Google Maps is used in the interests of making our website more appealing and to make it easier to find the locations specified on the website. This is a legitimate interest within the meaning of Article 6(1)(f) GDPR.

More information on the handling of user data can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/

2. Legal basis for data processing
The legal basis for data processing is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of data processing is to make our website more appealing.

4. Legitimate interest
Our legitimate interest in data processing results from the purpose of offering an appealing web presence and providing you with engaging content on our websites.

XII. Rights of the data subject

If your personal data are being processed, you are the data subject within the meaning of the General Data Protection Regulation. This means you have the following rights against the controller.

In order to exercise your rights against us as the controller, please send an e-mail to the following address: datenschutz@xitaso.com

1. Right of access – Article 15 GDPR
You have the right to request confirmation from the controller as to whether personal data relating to you are being processed.

If such data are being processed, you have the right of access to these personal data and the following information:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipient to whom the personal data have been or will be disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;
the existence of the right to request from the controller rectification or erasure of your personal data or the right to restrict their processing or to object to such processing;
the right to lodge a complaint with a supervisory authority;
any available information as to the source of the personal data where the data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are also entitled to request information about whether your personal data are transferred to a third country or to an international organization. In this context, you also have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification – Article 16 GDPR
You have the right to obtain from the controller without undue delay the rectification and/or completion of the data relating to you if the processed personal data are incorrect or incomplete.

3. Right to erasure – Article 17 GDPR
Erasure obligation:
You have the right to request the erasure of your personal data without undue delay where one of the following grounds applies:

your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you have withdrawn your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal ground the processing;
you have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing or you have objected to the processing pursuant to Article 21(2) GDPR;
your personal data have been unlawfully processed;
your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Exceptions:
There is no right to erasure to the extent that processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1)
GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the establishment, exercise or defense of legal claims.

4. Right to restriction of processing – Article 18 GDPR
You have the right to request the restriction of processing of the personal data relating to you subject to the following conditions:

if you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If there is a restriction of processing based on the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

5. Right to notification – Article 19 GDPR
If you have asserted one of your rights to rectification, erasure or restriction of processing, we must inform all recipients to whom your personal data have been disclosed of the rectification or erasure of the data or of the restriction of processing unless this proves impossible or involves disproportionate effort.

You also have the right to be notified of these recipients.

6. Right to data portability – Article 20 GDPR
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which you have provided the personal data, where

a) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
b) processing is carried out by automated means.

In exercising this right to data portability, you also have the right to have your personal data be transmitted directly from one controller to another, where technically feasible.

7. Right to object – Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.

8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority – Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the General Data Protection Regulation.

The supervisory authority with which you lodge the complaint must inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Last update: October 2018.

This Data Protection Policy is updated on a regular basis.

DEINE KURZBEWERBUNG

Ein erstes Kennenlernen ist ganz nah. Schicke uns Deine Kontaktdaten und Deinen Lebenslauf und wir finden schnell heraus, ob wir zusammenpassen.

Vorname *
Nachname *
E-Mail-Adresse *
Gewünschte Berufsrichtung *
Link zum XING- oder LinkedIn- Profil
Lebenslauf als PDF-Datei

* Bei diesen Feldern handelt es sich um Pflichtfelder

Durch Betätigen des Buttons "Abschicken" werden die in das obige Formular eingetragenen Daten zum Zwecke der Personalplanung und der Begründung von Arbeitsverhältnissen erhoben und verarbeitet. Sämtliche Daten werden verschlüsselt übertragen und nur im Rahmen der Angaben in den Datenschutzhinweisen verarbeitet.

X
   JETZT BEWERBEN   

By continuing to use the site, you agree to the use of cookies. more information

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.

Schließen