Data Protection Policy

Data Protection Policy

Da­ta Protection Policy

Our data processing
When you use the website xitaso.com or planfox.de and its functions, make contact and send a request, you send us personal data which we process for the purpose of responding to your requests. We handle these data in accordance with data protection laws strictly for the intended purpose only.

XI­TA­SO GmbH
Au­stra­ße 35
D-86153 Augs­burg

Telephone no.: +49 (0) 821 / 885 882 0
E-mail: info@xitaso.com

Represented by:
Ul­rich Hug­gen­ber­ger, Mar­tin Hug­gen­ber­ger

Statutory data protection officer:
We have appointed a data protection officer for our company.

Fly-tech IT GmbH & Co. KG
Winterbruckenweg 58
86316 Friedberg
datenschutz@xitaso.com

Scope of processing of personal data in general

As a basic principle, we only process personal data if this is necessary to provide a functional website along with our content and services.

Legal basis for processing personal data

The legal basis for processing this personal data can be found in the General Data Protection Regulation, Article 6(1)(a)-(f) GDPR.

o If the data subject has given consent, the legal basis is Article 6(1)(a) GDPR.
o Article 6(1)(b) GDPR is the legal basis for processing personal data as required for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
o If processing is necessary for compliance with a legal obligation of the controller, the legal basis is Article 6(1)(c) GDPR.
o If vital interests of the data subject or another natural person make it necessary to process data, the legal basis is Article 6(1)(d) GDPR.
o If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6(1)(e) GDPR.
o If processing is necessary to protect a legitimate interest of our company and overrides the interests, fundamental freedoms or fundamental rights of the data subject, the legal basis is Article 6(1)(f) GDPR.

Provision of personal data required to conclude a contract or based on statutory retention obligations

When you contact us, we collect personal data. We store these data partly due to legal requirements and partly for the purpose of concluding a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. Tax and commercial law considerations also result in statutory retention obligations which we have to meet. Otherwise, we may be unable to provide you with our service.

Before providing your personal data, you can feel free to get in touch with your contact person in our company to find out whether we will need your data to conclude a contract and/or to meet our statutory retention obligations and what will happen if you do not provide us with the data.

Data erasure and storage period

We will store your personal data as long as this is necessary to fulfill a purpose or the storage of the data is mandatory based on legal requirements according to Article 6(1)(c) GDPR.
If the purpose for storing personal data no longer applies, these data will be erased after 6 months or processing will be restricted unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
These data will only be stored otherwise if this has been stipulated by the European or national legislator.

SSL or TLS encryption

We use SSL or TLS encryption on the entire website xitaso.com or planfox.de for security reasons on the one hand and to protect your confidential data on the other.
Confidential data such as, for example, requests or orders that you have sent to us cannot be viewed by third parties as a result of this encryption.
You can recognize an encrypted connection from the address bar of the browser changing from “http://” to “https://” and a green padlock icon being displayed in the address bar.

IP adress

1. Description and scope of data processing
When accessing the website xitaso.com or planfox.de, requests are sent to the server which it must answer. Your IP address must be collected and processed for this purpose in order to enable the server to respond to the corresponding requests.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address is to ensure that the website functions correctly and to enable you to access it.

4. Legitimate interest
The legitimate interest in the temporary storage of the IP address is that the website xitaso.com or planfox.de cannot function and access to the website is not possible without it.

5. Duration of storage
The data will be erased again as soon as it is no longer necessary for them to be stored due to fulfillment of the purpose.
Where the collection of data for providing the website is concerned, this is the case when the access procedure is completed.

6. Recipients of personal data
The IP address is processed by the following hosting provider as subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

Hosting

1. Description and scope of data processing
We use the services of our hosting provider for the technical implementation and accessibility of the website xitaso.com or planfox.de and for the technical maintenance thereof.
This includes the provision of storage and database services and the maintenance and updating thereof.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing is the implementation of the website xitaso.com or planfox.de and the detection of malfunctions and intrusion attempts.

4. Legitimate interest
The legitimate interest in mandating the hosting provider is the external technical expertise and the provision of a functional and uncompromised technical website environment.

5. Recipients of personal data and data categories:

The following hosting provider is active for us as a subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

The data categories concerned are:

o User data
o Communication data
o Contact data
o Contract data

Server log files

1. Description and scope of data processing
The IP addresses collected when accessing the website xitaso.com or planfox.de are also stored in what are referred to as server log files in order to discover and eliminate technical faults and/or attempts to manipulate and break into the server structure.

The hosting provider of the website xitaso.com or planfox.de also automatically collects, stores and processes information in server log files that is sent automatically by your browser.

This information comprises:

o IP adress
o Browser type und browser version
o Operating system used
o Referrer URL
o Host name of the accessing computer
o Time of server request

However, this information is not merged with other data sources.

2. Legal basis for data processing
The legal basis for processing these data is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address and the aforementioned information is to detect malfunctions and intrusion attempts.

4. Legitimate interest
The legitimate interest in processing the IP address and the aforementioned information is the provision of a functional and uncompromised technical website environment.

5. Duration of storage
The data will be erased again within 7 days.

6. Recipients of personal data
The IP address and the aforementioned information are processed by the following hosting provider as subcontractor based on a data processing agreement pursuant to Article 28(2) and (4) GDPR:

MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg

1. Description and scope of data processing
The website xitaso.com or planfox.de use “cookies”. Cookies are text files that are stored in the memory and/or on a data carrier of the device you use to visit the site and that are processed by your Internet browser in accordance with the settings stored therein.

2. Legal basis for data processing
The legal basis for processing is Article 6(1)(f) GDPR.

3. Purpose of data processing
These cookies contain technical information enabling the website functions to be provided within the scope of using the website. This ensures the technical implementation of the website.

4. Legitimate interest according to Article 6(1)(f) GDPR
The cookies used contain technical data only. The use of these cookies is necessary for ensuring that our website functions in a way that meets the user’s expectations.

5. Duration of storage as well as objection and removal options
The cookies used on the website xitaso.com or planfox.de are “session cookies”. They will be automatically deleted from the browser cache/memory by your computer after you have finished visiting the website and/or closed your browser provided you have activated this function in your browser.
Please also check the settings of your Internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your Internet browser also gives you the option of controlling how the cookies are handled or of deactivating them entirely. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website in their entirety.

1. Description and scope of data processing
A contact form is available on our website that is used to make contact electronically. We process your personal data only to the extent you communicate them to us when making contact.

The following data are processed for requests using the contact form:

o Title (Mr./Ms.)
o First name*
o Last name*
o Company/hospital/clinic
o e-mail adress*
o Telephone number
o Message*

The fields marked with a “*” symbol are mandatory fields and a request may not be sent to us using this contact form if they are not filled out.

The title is provided on a voluntary basis and is only used to address you personally when processing your request.

The name is provided so that we can address you personally when processing your request.

No data are sent to us when you are merely entering data into the forms. This only happens when you press the “Send” button.

The following data are also processed at the time the message is sent:

o Date and time of request

2. Legal basis for data processing
The legal basis for processing personal data in order to handle and respond to your requests is Article 6(1)(f) GDPR.
The legal basis for processing personal data that are used to prepare and/or execute a contractual relationship is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data via the contact form only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the purpose may also be to initiate and/or execute a contractual relationship. In this case, the purpose is additionally to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your data entered in the contact form, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

1. Description and scope of data processing
In the case of e-mail inquiries, personal data are processed depending on the content of your e-mail:

This always includes your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:

o First name, last name
o Telephone number

The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.

2. Legal basis for data processing
Based on the express request from the user by e-mail, the legal basis for processing data is Article 6(1)(f) GDPR. If the aim of making contact by e-mail is also to conclude and/or to execute a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data from your e-mail request only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the purpose may also be to initiate and/or execute a contractual relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

1. Description and scope of data processing
In the case of telephone inquiries, personal data are processed depending on the content of the conversation:

Depending on the information you provide during the telephone call, this may also include the following personal data:

o First name, last name
o Telephone number
o Customer number
o Payment data
o Contract data

The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.

2. Legal basis for data processing
Based on the express request from the user by telephone, the legal basis for processing data is Article 6(1) (f) GDPR. If the aim of making contact by telephone is also to conclude and/or to execute a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing
The processing of personal data from the telephone conversation only serves the purpose of establishing contact and enabling the company to provide the customer with information on the initiative of the customer.
Depending on the intention and content of your request, the objective may also be to initiate and/or execute a contractual relationship and to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing is the capability of handling your request and being able to respond to it accordingly. The data collected are processed on the basis of a request sent by you. This processing is also in your interests in order to enable us to respond to your request in a way that meets your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when it is evident from the circumstances that the situation has been finally clarified.

1. Description and scope of data processing
We provide information about the current vacancies to be filled on a regular basis in job advertisements or on our website. You have the opportunity to apply for these jobs. You can send us your application data either by online application form, post or by e-mail.

Data that you send us using the online application form may include:

o First name*
o Last name*
o E-mail adress*
o Desired job category
o Link to XING or LinkedIn profile
o CV

Data that you send us by post as part of the application procedure may include:

o Name, address and contact details
o Resume including any further details
o Personal letter
o Qualifications
o Interests

If you send us your data by e-mail, we will also process your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:

o First name, last name
o Telephone number

The data are used solely to reach a decision on the vacancy to be filled as part of the application procedure.

2. Legal basis for data processing
The legal basis for processing the data within job application procedures is Article 6(1)(b) GDPR, § 26(1) BDSG (Federal Data Protection Act).

If you provide us with special categories of personal data within the application procedure such as information on an existing severe disability or health data that are required to assess the possibility of employing you in a certain position, these data provided on your initiative are processed according to Article 9(2)(b), (h) GDPR, Section 26(3) BDSG (Federal Data Protection Act).

3. Purpose of data processing
The processing of personal data within job application procedures is solely for the purpose of personnel planning and to establish employment relationships.

4. Legitimate interest
The legitimate interest in data processing is the necessity to fill open vacancies with qualified applicants as part of sustainable personnel planning and company management.

5. Duration of storage
If an application is rejected, the data will be erased within 6 months of the rejection. Data from successful applications are subject to retention obligations which result from the labor and social law provisions, the German Tax Code (AO) and the German Commercial Code (HGB).

1. Description and scope of data processing
By handing over your business card to us on initial contact, you provided us with your personal data. These are:

o Last name, first name
o Company
o Address of company
o Contact data

We process these data in our CRM system.

2. Legal basis for data processing
The legal basis is contained in Article 6(1)(f) GDPR insofar as you have consented to the data being processed.

3. Purpose of / legitimate interest in data processing
We process these data to enable business communication and to determine shared business interests and for maintaining a customer relationship.
We process your personal data only for this purpose and only insofar as you have communicated them to us.

4. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any other statutory retention obligations (e.g. 10 years pursuant to the German Tax Code, 6 years pursuant to the German Commercial Code).

1. Joint Controllers
You have accessed the Facebook Fan page of:
XITASO GmbH
Austraße 35
D-86153 Augsburg
Telephone no.: +49 (0) 821 / 885 882 0
E-mail: info@xitaso.com
In the framework of the information service provided on this page, we use the technical platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook” in the following).

We as the fan page’s operators and Facebook are joint controllers in the sense of the data protection law. The respective agreement conforming with Article 26(1)GDPR can be accessed via the following link: https://www.facebook.com/legal/terms/page_controller_addendum

2. Contact data for data protection
Teh contact data of our data protection officer are listed under II. Data Protection Officer. The platform operator’s data protection officer can be reached via the following link: https://www.facebook.com/help/contact/540977946302970

3. General information about data processing
Please note that you are using these Facebook pages and the appurtenant functions – and especially the interactive functions like commenting, sharing and liking – at your own responsibility. Alternatively, you can also access the information provided via this page on our website under xitaso.com.

4. Automatic data processing when accessing our Facebook fan page
During your visit of our Facebook page Facebook collects data like your IP adress and further information that is present on your computer in the form of cookies. These data are used to provide us, as the Facebook pages’ operators, with statistical information about the use of the Facebook page. Further information about this is provided under the following link: http://de-de.facebook.com/help/pages/insights.
Your data collected in this context are processed by Facebook and may in this framework be transferred to countries outside of the European Union. In its data use policy, Facebook describes in general terms which data are collected and how they are used. The document also lists contact details of Facebook and provides information about ad posting. The data use policy is available under the following link: http://de-de.facebook.com/about/privacy.

Facebook’s complete Privacy Policy is available here: https://de-de.facebook.com/full_data_use_policy

In which way Facebook uses the data collected during the visit of Facebook pages for its own purposes, to what extent activities performed on the Facebook page are assigned to individual users, how long these data are stored and whether the data collected in the framework of a visit to the Facebook page will be transferred to third parties is not clearly and conclusively set out by Facebook and thus unknown to us.

When you access a Facebook page the IP address attributed to your terminal is transmitted to Facebook. According to Facebook, this IP address will be rendered anonymous (in the case of “German” IP-addresses) and deleted after a period of 90 days. Moreover, Facebook will store information about the terminals of its users (for instance in the framework of the function “subscription acknowledgment”); thus, Facebook is potentially able to correlate IP addresses to individual users.

If you are currently registered with Facebook as a user a cookie with your Facebook identification number will be stored on your terminal. In this way, Facebook is able to reconstruct that you accessed this page and how you used it. This also applies to all other Facebook pages. Facebook buttons incorporated in websites enable Facebook to register your visits to these website pages and to assign these visits to your Facebook profile. Based these data you may subsequently be offered contents or advertising tailored specifically to you.

If you wish to avoid to be tracked in this way, you should unsubscribe from Facebook or deactivate the function “keep me signed in”, delete any cookies on your terminal and terminate and re-start your browser. This would delete any Facebook information by which you could be directly identified. In this way, you can use our Facebook page without your Facebook identification number being revealed. However, as soon as you access interactive functions on the page (liking, commenting, sharing of content, messages etc.) a Facebook subscription screen appears. If you subscribe to Facebook they will be able to identify you again as a specific user.

Information about the management and deletion of existing data is set out in the following Facebook support: https://de-de.facebook.com/about/privacy#

Information about which data of registered and unregistered visitors of our Facebook fan page the platform operator processes, the duration of their storage, the categories of recipients (including for disclosure and group-internal data exchange) as well as data transmission to third countries can be obtained via the following link: https://www.facebook.com/privacy/explanation

In accordance with Article 26(1) GDPR the platform operator is required to divulge if data subjects are tracked via the processing of their data on the Facebook fan page, for instance by the use of cookies, the storage of the IP address and other comparable technology.

Thus, the platform operator is obliged to inform about the purpose of its data processing, the legal framework and about the placing of a session cookie and three cookies with lifetimes between four months and two years.

For further information please follow the following links:
https://www.facebook.com/privacy/explanation
https://www.facebook.com/policies/cookies

5. Collection, processing and use of your personal data by us
You can use our Facebook fan page to react to our content, make comments, provide input our page yourself or send us private messages. All data you provided and disclosed in this respect will used and thereby processed by us. The purpose of this data processing is exclusively the communication with the users based on our legitimate interest (Article 6(1)(f) GDPR).

1. Categories of data subjects
The data subjects are registered and unregistered visitors of our Facebook fan page.

2. Data of registered visitors of our Facebook fan page which we process
o User identification (user name) by which you subscribed
o Authorized profile data (such as name specifications, profession, address, contact data, pictures, interests and – where required special categories of personal data – the confession, health data etc.)
o Data created in the course of the sharing of contents, messages and communications
o Data required in the framework of a contract execution on request of a subscribed visitor

Moreover, we only process pseudonymized data like:
Statistics and insights about interactions with our fan page, the content pages, videos and other content provided via our fan page (page view activities, page visits, “likes”, coverage, general demographic, site and interest-related information about age, sex, country, city, language). Even we ourselves are not able to connect these pseudonymized data to any personal data (identifying features like name specifications). Thus, it is impossible for us to identify individual visitors. They remain anonymous.

3. Data of unregistered visitors of our Facebook fan page which we process
Pseudonymized data like statistics and insights into interactions with our fan page, contributions, pages, videos and other content provided via our fan page (page view activities, page visits, “likes”, coverage, general demographic, site and interest-related information about age, sex, country, city, language). Even we ourselves are not able to connect these pseudonymized data to any personal data (identifying features like name specifications). Thus, it is impossible for us to identify individual visitors. They remain anonymous.

4. Origin of the data
We collect the data directly from the data subject or we receive them from the platform operator.

5. Purpose of data processing
We process the data mainly for the purpose of public image. Moreover, we process the data for the purpose of communication, data exchange and the organization of events. Finally, data can also be processed in order to initiate and conclude contracts.

6. Duration of storage
Based on the agreement concluded with the platform operator in accordance with Article 26 (1) GDPR it is the platform operator’s duty to store and delete the data. For further information please follow the link:
https://www.facebook.com/privacy/explanation

7. Categories of recipients
The data we process can only be accessed by our employees and service providers. But if data subjects post public content on our Facebook fan page it is accessible to other registered – and possibly also unregistered – visitors at any time.

8. Transfer of data to third countries
If data subjects post public content on our Facebook fan page it is accessible to other registered and unregistered visitors in any part of the world at any time.

Within the framework of the operation of our Facebook fan page data are moreover transferred to third countries. This data transfer is either backed by an adequacy decision taken by the EU Commission in accordance with Article 45 GDPR or appropriate safeguards in accordance with Article 46 GDPR. For further information please follow the link: https://www.facebook.com/privacy/explanation

Moreover, the platform’s operator has certified to the EU-U.S. and Swiss-U.S. Privacy Shields Frameworks: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Based on the understandings in respect of the EU-US Privacy Shield, Facebook is therefore required to grant data subjects certain rights which they can directly assert vis-à-vis Facebook.

6. Legal basis for data processing

1. Data processing by us:
For further information please see III. General information about data processing.

Our legitimate interest (Article 6(1)(f) GDPR) in the processing of the data outweighs the data subjects’ interest, fundamental rights and freedoms. Our interest in the processing is the provision of a platform offering current information, the improvement of our offer and of our web presence, the presentation of our company and the effective communication with the users in case of questions and other concerns. On the other hand, we process as little of the data subjects’ personal data as possible and make use of the possibility of rendering the data anonymous / pseudonymizing the data as far as this is feasible in the interest of effective communication.

2. Data processing by the platform operator:
For the legal basis the platform operator relies on please follow the link:

https://www.facebook.com/about/privacy/legal_bases

If data subjects are tracked by the collection of their data – be it by the use of cookies or similar technology or by storing the IP address – the platform operator will previously ask for their consent.

In particular, the platform operator is required to inform data subjects for what purpose and on which legal basis the first access to a fan page – even by non-registered visitors – creates an entry in the so-called Local Storage and whether also the personal data of non-registered visitors (like the IP address or other data consolidating to personal data) are used for the building of profiles.

We maintain online presence within social networks and platforms in order to communicate with customers, interested parties and users active in social media and to inform them about our services.

We would like to point out that this might cause user data to be processed outside the European Union, which can pose risks for users because this might hinder the enforcement of users’ rights, for example. With regard to US providers certified under the Privacy Shield, we would like to point out that they commit themselves to comply with EU data protection standards.

Furthermore, user data are generally processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and the associated user interests. The usage profiles can in turn be used, for example, to display advertisements that presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).

The processing of users’ personal data is carried out on the basis of our legitimate interests to effectively offer users information and communicate with users. Article. 6(1)(f) GDPR. If the users are requested by the respective providers of the platforms for consent to the above-mentioned data processing, the legal basis of the processing is Article 6(1)(a) and Article 7 GDPR.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below.

We would like to point out that requests for information and the assertion of user rights are also directed most effectively to the providers. Only the providers have access to the user data and can directly take appropriate measures as well as provide information. If you still need further assistance, you can contact us.

– Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/privacy, opt-out: https://twitter.com/personalization , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

– Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – Privacy Policy / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

1. Description, scope and purpose of data processing
This website uses Matomo (formerly Piwik), an open-source software for the statistical evaluation of visitor access. The supplier of Matomo software is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Matomo uses so-called cookies, text files which are stored on your computer and allow your use of the website to be analysed.

The information that the cookies generate about your use of the website is stored according to under V. above.

The IP address is anonymised immediately after processing and prior to storage. You can prevent the installation of cookies by changing the settings in your web browser. Please be advised that the adjusted settings may mean that some website functions may no longer be available.

You may decide whether an explicit web analytics cookie may be stored on your browser to allow the website provider to collect and analyse various statistical data.

For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.

2. Legal basis for data processing
The processing is to safeguard the legitimate interests of the controller (Article 6(1)(f) GDPR).

3. Duration of storage
The deletion of the data takes place as soon as it is no longer necessary for our recording purposes.

4. Use of Cookies, Opt-Out
You can prevent the use of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully utilise all functions provided on this website.

Opt-out for xitaso.com

Opt-out for planfox.de

https://www.planfox.de/opt-out-en/

5. Profiling
With the help of the Matomo tracking tool the behaviour of the visitors of the website can be evaluated and the interests analysed. For this we create a pseudonymous user profile.

1. Description and scope of data processing
This website uses the map service Google Maps through an API. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Your IP address has to be stored to enable you to use the functions of Google Maps. This information is generally transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.

Google Maps is used in the interests of making our website more appealing and to make it easier to find the locations specified on the website. This is a legitimate interest within the meaning of Article 6(1)(f) GDPR.

More information on the handling of user data can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/

2. Legal basis for data processing
The legal basis for data processing is Article 6(1)(f) GDPR.

3. Purpose of data processing
The purpose of data processing is to make our website more appealing.

4. Legitimate interest
Our legitimate interest in data processing results from the purpose of offering an appealing web presence and providing you with engaging content on our websites.

If your personal data are being processed, you are the data subject within the meaning of the General Data Protection Regulation. This means you have the following rights against the controller.

In order to exercise your rights against us as the controller, please send an e-mail to the following address: datenschutz@xitaso.com

1. Right of access – Article 15 GDPR
You have the right to request confirmation from the controller as to whether personal data relating to you are being processed.

If such data are being processed, you have the right of access to these personal data and the following information:

o the purposes for which the personal data are processed;
o the categories of personal data that are processed;
o the recipients or categories of recipient to whom the personal data have been or will be disclosed;
o where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;
o the existence of the right to request from the controller rectification or erasure of your personal data or the right to restrict their processing or to object to such processing;
o the right to lodge a complaint with a supervisory authority;
o any available information as to the source of the personal data where the data are not collected from the data subject;
o the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are also entitled to request information about whether your personal data are transferred to a third country or to an international organization. In this context, you also have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification – Article 16 GDPR
You have the right to obtain from the controller without undue delay the rectification and/or completion of the data relating to you if the processed personal data are incorrect or incomplete.

3. Right to erasure – Article 17 GDPR
Erasure obligation:
You have the right to request the erasure of your personal data without undue delay where one of the following grounds applies:

o your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
o you have withdrawn your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal ground the processing;
o you have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing or you have objected to the processing pursuant to Article 21(2) GDPR;
o your personal data have been unlawfully processed;
o your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
o your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Exceptions:
There is no right to erasure to the extent that processing is necessary

o for exercising the right of freedom of expression and information;
o for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
o for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
o for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1)
GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
o for the establishment, exercise or defense of legal claims.

4. Right to restriction of processing – Article 18 GDPR
You have the right to request the restriction of processing of the personal data relating to you subject to the following conditions:

o if you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;
o if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
o if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
o if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If there is a restriction of processing based on the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

5. Right to notification – Article 19 GDPR
If you have asserted one of your rights to rectification, erasure or restriction of processing, we must inform all recipients to whom your personal data have been disclosed of the rectification or erasure of the data or of the restriction of processing unless this proves impossible or involves disproportionate effort.

You also have the right to be notified of these recipients.

6. Right to data portability – Article 20 GDPR
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which you have provided the personal data, where

a) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
b) processing is carried out by automated means.

In exercising this right to data portability, you also have the right to have your personal data be transmitted directly from one controller to another, where technically feasible.

7. Right to object – Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.

8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority – Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the General Data Protection Regulation.

The supervisory authority with which you lodge the complaint must inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Last update: April 2019.

This Data Protection Policy is updated on a regular basis.

DEINE KURZBEWERBUNG

Ein erstes Kennenlernen ist ganz nah. Schicke uns Deine Kontaktdaten und Deinen Lebenslauf und wir finden schnell heraus, ob wir zusammenpassen.

Vorname *
Nachname *
E-Mail-Adresse *
Gewünschte Berufsrichtung *
Link zum XING- oder LinkedIn- Profil
Lebenslauf als PDF-Datei

* Bei diesen Feldern handelt es sich um Pflichtfelder

Durch Betätigen des Buttons "Abschicken" werden die in das obige Formular eingetragenen Daten zum Zwecke der Personalplanung und der Begründung von Arbeitsverhältnissen erhoben und verarbeitet. Sämtliche Daten werden verschlüsselt übertragen und nur im Rahmen der Angaben in den Datenschutzhinweisen verarbeitet.

X
   JETZT BEWERBEN   

By continuing to use the site, you agree to the use of cookies. more information

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.

Schließen