1. Joint Controllers
You have accessed the Facebook Fan page of:
Telephone no.: +49 (0) 821 / 885 882 0
In the framework of the information service provided on this page, we use the technical platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook” in the following).
We as the fan page’s operators and Facebook are joint controllers in the sense of the data protection law. The respective agreement conforming with Article 26(1)GDPR can be accessed via the following link: https://www.facebook.com/legal/terms/page_controller_addendum
2. Contact data for data protection
Teh contact data of our data protection officer are listed under II. Data Protection Officer. The platform operator’s data protection officer can be reached via the following link: https://www.facebook.com/help/contact/540977946302970
3. General information about data processing
Please note that you are using these Facebook pages and the appurtenant functions – and especially the interactive functions like commenting, sharing and liking – at your own responsibility. Alternatively, you can also access the information provided via this page on our website under xitaso.com.
4. Automatic data processing when accessing our Facebook fan page
During your visit of our Facebook page Facebook collects data like your IP adress and further information that is present on your computer in the form of cookies. These data are used to provide us, as the Facebook pages’ operators, with statistical information about the use of the Facebook page. Further information about this is provided under the following link: http://de-de.facebook.com/help/pages/insights.
Your data collected in this context are processed by Facebook and may in this framework be transferred to countries outside of the European Union. In its data use policy, Facebook describes in general terms which data are collected and how they are used. The document also lists contact details of Facebook and provides information about ad posting. The data use policy is available under the following link: http://de-de.facebook.com/about/privacy.
In which way Facebook uses the data collected during the visit of Facebook pages for its own purposes, to what extent activities performed on the Facebook page are assigned to individual users, how long these data are stored and whether the data collected in the framework of a visit to the Facebook page will be transferred to third parties is not clearly and conclusively set out by Facebook and thus unknown to us.
When you access a Facebook page the IP address attributed to your terminal is transmitted to Facebook. According to Facebook, this IP address will be rendered anonymous (in the case of “German” IP-addresses) and deleted after a period of 90 days. Moreover, Facebook will store information about the terminals of its users (for instance in the framework of the function “subscription acknowledgment”); thus, Facebook is potentially able to correlate IP addresses to individual users.
If you are currently registered with Facebook as a user a cookie with your Facebook identification number will be stored on your terminal. In this way, Facebook is able to reconstruct that you accessed this page and how you used it. This also applies to all other Facebook pages. Facebook buttons incorporated in websites enable Facebook to register your visits to these website pages and to assign these visits to your Facebook profile. Based these data you may subsequently be offered contents or advertising tailored specifically to you.
If you wish to avoid to be tracked in this way, you should unsubscribe from Facebook or deactivate the function “keep me signed in”, delete any cookies on your terminal and terminate and re-start your browser. This would delete any Facebook information by which you could be directly identified. In this way, you can use our Facebook page without your Facebook identification number being revealed. However, as soon as you access interactive functions on the page (liking, commenting, sharing of content, messages etc.) a Facebook subscription screen appears. If you subscribe to Facebook they will be able to identify you again as a specific user.
Information about the management and deletion of existing data is set out in the following Facebook support: https://de-de.facebook.com/about/privacy#
Information about which data of registered and unregistered visitors of our Facebook fan page the platform operator processes, the duration of their storage, the categories of recipients (including for disclosure and group-internal data exchange) as well as data transmission to third countries can be obtained via the following link: https://www.facebook.com/privacy/explanation
Thus, the platform operator is obliged to inform about the purpose of its data processing, the legal framework and about the placing of a session cookie and three cookies with lifetimes between four months and two years.
For further information please follow the following links:
5. Collection, processing and use of your personal data by us
You can use our Facebook fan page to react to our content, make comments, provide input our page yourself or send us private messages. All data you provided and disclosed in this respect will used and thereby processed by us. The purpose of this data processing is exclusively the communication with the users based on our legitimate interest (Article 6(1)(f) GDPR).
1. Categories of data subjects
The data subjects are registered and unregistered visitors of our Facebook fan page.
2. Data of registered visitors of our Facebook fan page which we process
o User identification (user name) by which you subscribed
o Authorized profile data (such as name specifications, profession, address, contact data, pictures, interests and – where required special categories of personal data – the confession, health data etc.)
o Data created in the course of the sharing of contents, messages and communications
o Data required in the framework of a contract execution on request of a subscribed visitor
Moreover, we only process pseudonymized data like:
Statistics and insights about interactions with our fan page, the content pages, videos and other content provided via our fan page (page view activities, page visits, “likes”, coverage, general demographic, site and interest-related information about age, sex, country, city, language). Even we ourselves are not able to connect these pseudonymized data to any personal data (identifying features like name specifications). Thus, it is impossible for us to identify individual visitors. They remain anonymous.
3. Data of unregistered visitors of our Facebook fan page which we process
Pseudonymized data like statistics and insights into interactions with our fan page, contributions, pages, videos and other content provided via our fan page (page view activities, page visits, “likes”, coverage, general demographic, site and interest-related information about age, sex, country, city, language). Even we ourselves are not able to connect these pseudonymized data to any personal data (identifying features like name specifications). Thus, it is impossible for us to identify individual visitors. They remain anonymous.
4. Origin of the data
We collect the data directly from the data subject or we receive them from the platform operator.
5. Purpose of data processing
We process the data mainly for the purpose of public image. Moreover, we process the data for the purpose of communication, data exchange and the organization of events. Finally, data can also be processed in order to initiate and conclude contracts.
6. Duration of storage
Based on the agreement concluded with the platform operator in accordance with Article 26 (1) GDPR it is the platform operator’s duty to store and delete the data. For further information please follow the link:
7. Categories of recipients
The data we process can only be accessed by our employees and service providers. But if data subjects post public content on our Facebook fan page it is accessible to other registered – and possibly also unregistered – visitors at any time.
8. Transfer of data to third countries
If data subjects post public content on our Facebook fan page it is accessible to other registered and unregistered visitors in any part of the world at any time.
Within the framework of the operation of our Facebook fan page data are moreover transferred to third countries. This data transfer is either backed by an adequacy decision taken by the EU Commission in accordance with Article 45 GDPR or appropriate safeguards in accordance with Article 46 GDPR. For further information please follow the link: https://www.facebook.com/privacy/explanation
Moreover, the platform’s operator has certified to the EU-U.S. and Swiss-U.S. Privacy Shields Frameworks: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Based on the understandings in respect of the EU-US Privacy Shield, Facebook is therefore required to grant data subjects certain rights which they can directly assert vis-à-vis Facebook.
6. Legal basis for data processing
1. Data processing by us:
For further information please see III. General information about data processing.
Our legitimate interest (Article 6(1)(f) GDPR) in the processing of the data outweighs the data subjects’ interest, fundamental rights and freedoms. Our interest in the processing is the provision of a platform offering current information, the improvement of our offer and of our web presence, the presentation of our company and the effective communication with the users in case of questions and other concerns. On the other hand, we process as little of the data subjects’ personal data as possible and make use of the possibility of rendering the data anonymous / pseudonymizing the data as far as this is feasible in the interest of effective communication.
2. Data processing by the platform operator:
For the legal basis the platform operator relies on please follow the link:
In particular, the platform operator is required to inform data subjects for what purpose and on which legal basis the first access to a fan page – even by non-registered visitors – creates an entry in the so-called Local Storage and whether also the personal data of non-registered visitors (like the IP address or other data consolidating to personal data) are used for the building of profiles.