XITASO GmbH
Austraße 35
D-86153 Augsburg

Telephone no .: +49 821 885882-0
Email: info@xitaso.com

Represented by:
Ulrich Huggenberger, Martin Huggenberger, Dr. Michael Schackert, Andreas Beirer

Legally required data protection officer:
We have appointed a data protection officer for our company.

Fly-tech IT GmbH & Co. KG
Winterbruckenweg 58
86316 Friedberg
datenschutz@xitaso.com

Scope of the processing of personal data in general

In principle, we only process personal data insofar as this is necessary to provide a functional website and our content and services.

Legal basis for the processing of personal data

The respective legal basis for the processing of personal data results from the General Data Protection Regulation, Article 6 Para. 1 lit. a) – f) GDPR.
o With the consent of the person concerned, Art. 6 para. 1 lit. a) GDPR legal basis.
o Art. 6 para. 1 lit. b) GDPR is the legal basis for the processing of personal data that is required to fulfill a contract to which the data subject is a party or for processing operations in the case of pre-contractual measures that are carried out at the request of the data subject.
o If processing is necessary to fulfill a legal obligation of the person responsible, Art. 6 para. 1 lit. c) GDPR legal basis.
o If the vital interests of the data subject or another natural person make processing necessary, Art. 6 Para. 1 lit. d) GDPR legal basis.
o If the processing is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the person responsible for the processing, the legal basis is Art. 6 Para. 1 lit. e) GDPR.
o If processing is necessary to safeguard a legitimate interest of our company and if the interests, fundamental freedoms or fundamental rights of the person concerned do not outweigh the interests, the legal basis is Art. 6 Para. 1 lit. f) GDPR.

Provision of personal data required for the conclusion of a contract or due to statutory retention requirements

When you contact us, we collect personal data. Some of this data is stored by us on the basis of legal regulations, and some is necessary to conclude a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. In addition, there are statutory retention requirements for us from tax and commercial law considerations, which we must comply with. Otherwise we may not be able to provide our services to you.

Before providing your personal data, you are welcome to ask your respective contact person in our company whether we need your data to conclude a contract and / or our statutory retention requirements and what the consequences are if you do not provide us with the data .

Data deletion and storage duration

We store your personal data as long as this is necessary for the fulfillment of the purpose or storage is required due to legal regulations, Art 6 para. 1 lit. c) GDPR.
If the purpose for storing personal data is no longer given, these data will be deleted after 6 months or their processing will be restricted, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Any further storage will only take place if this has been provided for by the European or national legislature.

SSL or TLS encryption

We use SSL or TLS encryption on the entire planfox.de website, on the one hand for security reasons and on the other hand to protect your confidential data.
This encryption means that confidential data, such as inquiries or orders that you submit to us, cannot be viewed by third parties.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and a green lock symbol is displayed in the address line.

IP address

1. Description and scope of data processing
When the planfox.de page is called up, requests are sent to the server, which it must answer. For this, your IP address must be collected and processed in order to be able to answer the relevant server inquiries.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address is the functionality of the planfox.de website and the provision of technical access.

4. Legitimate Interest
The legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical accessibility of the planfox.de website is not possible without this.

5. Duration of storage
The data will be deleted again as soon as further storage is no longer necessary due to the purpose being achieved.
When collecting the data for the provision of the planfox.de website, this is the case when the retrieval process has ended.

6. Recipients of personal data
The IP address is assigned by the following hosting provider on the basis of an order processing agreement in accordance with. Art. 28 para. 2, paragraph 4 GDPR processed:

RAIDBOXES GmbH
Friedrich-Ebert-Strasse 7
48153 Munster

Hosting

1. Description and scope of data processing
We use the services of our hosting service provider for the technical implementation of the website planfox.de and its retrievability as well as its technical maintenance.
This includes the provision of storage and database services as well as their maintenance and care.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of the processing is the realization of the online offer as well as the detection of malfunctions and break-in attempts.

4. Legitimate Interest
The legitimate interest in commissioning the hosting service provider is external technical competence and the provision of a functional and uncompromised technical website environment.

5. Recipients of personal data and data categories:

The following hosting provider is commissioned on the basis of an order processing agreement in accordance with Art. 28 para. 2, paragraph 4 GDPR working for us:

RAIDBOXES GmbH
Friedrich-Ebert-Strasse 7
48153 Munster

Affected data categories are:

o User data
o communication data
o Contact details
o contract data

Server log files

1. Description and scope of data processing
The IP addresses collected when this page is accessed are also stored in so-called server log files in order to discover technical faults and / or attempts to manipulate and break into the server structure and make them remediable.

In addition, the hosting provider of this website automatically collects, stores and processes information in so-called server log files, which are automatically transmitted by your browser.

This information is:

o IP address
o browser type and version used
o operating system used
o Timestamp
o called page

However, this information is not merged with other data sources.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address and the above information is to detect malfunctions and break-in attempts.

4. Legitimate Interest
The legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical website environment.

5. Duration of storage
The data will be deleted within 7 days.

6. Recipients of personal data
The IP address and the above information are provided by the following hosting provider on behalf of an order processing agreement in accordance with. Art. 28 para. 2, paragraph 4 GDPR processed:

RAIDBOXES GmbH
Friedrich-Ebert-Strasse 7
48153 Munster

1. Description and scope of data processing
Contact forms are available on our website, which are only used for electronic contact. We only process your personal data insofar as you communicate it to us when you contact us.

The following data can be processed for inquiries via the contact form:

o Salutation (Mr / Ms)
o Title
o Name *
o Hospital / clinic
o Email address *
o phone number
o Message *
o Desired date *

The fields marked with a “*” symbol are mandatory fields. Without these fields, no inquiry can be sent to us via this contact form.

Providing the salutation is voluntary and only serves to address you personally when processing your request.

The indication of the name is used to address you personally when processing your request.

If you simply enter the data in the forms, no data is transmitted to us, this only happens after you have clicked the “Send” button.

At the time the message is sent, the following data is also processed:
o Date and time of the request

2. Legal basis for data processing
The legal basis for the processing of personal data to process and answer your inquiries is Art. 6 Para. 1 lit. f) GDPR.
The legal basis for the processing of personal data that is used to prepare and / or execute a contractual relationship is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via the contact form serves the sole purpose of establishing contact and enabling the company to address the customer for information on the customer’s initiative.
Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship, in this case the purpose is also to maintain the customer relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or they are not subject to any further statutory retention requirements (e.g. 10 years according to AO, 6 years according to HGB). For the data you entered in the contact form, this is the case when the respective conversation with the user has ended.
The conversation is ended when the circumstances show that the matter in question has been finally clarified.

1. Description and scope of data processing
In the case of inquiries by e-mail, personal data will be processed depending on the content of your e-mail:

In any case, this is your e-mail address, the date and time and the content of the message. In addition, depending on the content of your email, the following personal data, for example, can be processed:

o First name, last name
o phone number

The data will only be used to process the conversation and / or to carry out and / or initiate a contractual relationship.

2. Legal basis for data processing
Due to the express request of the user via email, the legal basis for the processing of the data is Art. 6 Para. 1 lit. f) GDPR. If the establishment of contact by email is also aimed at concluding and / or executing a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via your e-mail request serves the sole purpose of establishing contact and enabling the company to address the customer for information on the customer’s initiative.
Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or they are not subject to any further statutory retention requirements (e.g. 10 years according to AO, 6 years according to HGB). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when the circumstances show that the matter in question has been finally clarified.

1. Description and scope of data processing
In the case of telephone inquiries, personal data will be processed depending on the content of the conversation:

Depending on the information you provided during the telephone call, this may also contain the following personal data:

o First name, last name
o phone number
o customer number
o Payment details
o contract data

The data will only be used to process the conversation and / or to carry out and / or initiate a contractual relationship.

2. Legal basis for data processing
Due to the express request of the user via telephone, the legal basis for the processing of the data is Art. 6 Para. 1 lit. f) GDPR. If the establishment of contact by phone is also aimed at concluding and / or executing a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via the telephone call serves the sole purpose of establishing contact and enabling the company to address the customer for information purposes at the customer’s initiative.
Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship, as well as maintaining the customer relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or they are not subject to any further statutory retention requirements (e.g. 10 years according to AO, 6 years according to HGB). For your e-mail, this is the case when the respective conversation with the user has ended.
The conversation is ended when the circumstances show that the matter in question has been finally clarified.

1. Description and scope of data processing
When you first contacted us when you handed over the business card, you provided us with your personal data. These are:
o Surname, first name
o company
o Company address
o Contact details
We process this data in our CRM system.

2. Legal basis for data processing
The legal basis is Art. 6 Para. 1 lit. f) as far as the processing is based on your consent.

3. Purpose / legitimate interest of data processing
We process this data to enable business communication and to identify common business interests as well as to maintain a customer relationship.
We only process your personal data for this purpose and only to the extent that you have communicated it to us.

4. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or they are not subject to any further statutory retention requirements (e.g. 10 years according to AO, 6 years according to HGB).

1. Joint controllers
You are on the Facebook fan page of:

XITASO GmbH
Austraße 35
D-86153 Augsburg

Telephone no .: +49 821 885882-0
Email: info@xitaso.com

For the information service offered here, we use the technical platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (hereinafter “Facebook”).

As a fan page operator, we and Facebook are jointly responsible for processing within the meaning of data protection laws. We therefore have an agreement with Facebook in accordance with Art. 26 Para. 1 GDPR, in which we have regulated who fulfills which data protection obligations. The essentials of this agreement are made available to you by Facebook under the following link:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Under this link you will also find information on the processing of your data both by Facebook and by us when you access and interact with our Facebook fan page. There you will also find information about your rights and setting options with regard to the processing of your data. The information contained in this section of our data protection notice therefore only applies in addition to the information provided by Facebook.

2. Contact details of the data protection officer
You can find the contact details of our data protection officer under II.

3. Collection, processing and use of your personal data by us
Via our Facebook fan page you have the opportunity to react to our posts, write comments, create a post on our site yourself or send us private messages.

1. Categories of data subjects
Affected persons are registered and non-registered visitors to our Facebook fan page in the social network Facebook.

2. Data that we process from registered visitors to our Facebook fan page
o User ID (username) under which you registered
o Released profile data (e.g. name details, occupation, address, contact details, pictures, interests and possibly also special personal data such as religious affiliation, health data, etc.)
o Data generated when sharing content, exchanging messages and communicating
o Data that are required in the context of contract processing at the request of registered visitors

In addition, we process pseudonymised data from registered visitors such as:
Statistics and insights into how you interact with our fan page, the articles, pages, videos and other content provided through it (page activities, page views, “likes”, reach, general demographic, location and interest-related information on age, gender, country , City, language). These pseudonymized data are made available to us by Facebook in the form of statistics and we cannot combine them with the corresponding personal data (attribution features such as name details) ourselves.

3. Data that we process from non-registered visitors to our Facebook fan page
Pseudonymized data such as statistics and insights into how our fan page, the articles, pages, videos and other content that is provided through it is interacted with (page activities, page views, “likes”, reach, general demographic, location and interest-related information on age, Gender, country, city, language). We cannot combine these pseudonymised data with the corresponding personal data (allocation features such as name details). This means that it is not possible for us to identify individual visitors. These remain anonymous to us.

4. Origin of the data
We collect the data directly from the data subject or receive it from the platform operator.

5. Purposes of data processing
We process the data primarily for the purposes of external presentation. In addition, we process the data for communication and data exchange as well as for the organization of events. Finally, the data can also be processed to initiate or process contracts.

6. Legal bases
Further information on this under III. General information on data processing.
The data processing for the purpose of external presentation takes place on the legal basis of Art. 6 Para. 1 lit. f) GDPR (legitimate interests) and in our interest in the provision of a platform with current information, the improvement of our offer as well as our website and the presentation of our company.
The data processing for communication with you via the Facebook fan page takes place on the legal basis of Art. 6 Para. 1 sentence 1 b) GDPR (contract initiation and implementation), insofar as the content relates to an existing contractual relationship or you are interested in entering into a contract. Otherwise, the data will be processed on the legal basis of Art. 6 Para. 1 lit. f) GDPR (legitimate interests) and in our interest in effective communication with users on questions and other concerns.

7. Storage period
On the basis of the agreement concluded with the platform operator in accordance with Art. 26 Para. 1 GDPR, the platform operator is responsible for storing and deleting the data. You can find more information on this at the following link:
https://www.facebook.com/privacy/explanation

8. Categories of recipients
Only our employees and service providers can access the data we process. If the data subjects post their data publicly on our Facebook fan page, they can be viewed at any time by other registered and possibly non-registered visitors.

1. Description and scope of data processing
We use videos and plug-ins from YouTube on our website. In accordance with the YouTube Terms of Use (as of January 22, 2019), the YouTube service is provided in the European Economic Area and Switzerland by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). In other countries, the YouTube service is provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”). Google Ireland Limited and YouTube LLC are subsidiaries of Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).

We use the so-called “extended data protection mode” from YouTube. This means that when you visit our website, only the technically necessary data is transmitted to the service provider responsible for your area (YouTube LLC or Google Ireland Limited), which your browser has to send to retrieve the video from YouTube (accessed video, date and time) Time, IP address, browser type and settings, operating system).

Only when you click on the video will further data be transmitted to the service provider responsible for your area. At the same time, YouTube also regularly stores data on your device using cookies and similar technologies. If you have a YouTube or Google account, additional data can be assigned directly to your account via the video view, depending on your account settings.

Further information on the purpose and scope of the data collection and its processing by YouTube and Google can be found in Google’s data protection declaration: https://www.google.com/intl/de_de/policies/privacy/ . There you will also find further information on your rights in this regard and setting options to protect your privacy.

2. Legal basis for data processing
Your data is processed on the legal basis of Art. 6 Para. 1 sentence 1 f) GDPR (legitimate interests).

3. Purpose of data processing
The data processing serves the purpose of being able to provide you with videos from the YouTube platform on our website.

4. Legitimate Interest
Our legitimate interest in data processing is to be able to provide you with the videos on our website and at the same time to relieve our server.

We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to be able to inform them about our services.

We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users’ rights, for example.

Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the interests of the user resulting from this. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of the personal data of the users takes place on the basis of our legitimate interests in an effective information of the users and communication with the users acc. Art. 6 para. 1 lit. f) GDPR. If the users are asked by the respective providers of the platforms for consent to the data processing described above, the legal basis for processing is Art. 6 Para. 1 lit. a), Art. 7 GDPR.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

– Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy: https://policies.google.com/privacy , Opt-Out: https://adssettings.google.com/authenticated

– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection declaration: https://twitter.com/de/privacy , Opt-Out: https://twitter.com/personalization

– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest -controls / retargeting-opt-out

– XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Data protection declaration / opt-out: https://privacy.xing.com/de/datenschutzerklaerung .

1. Description, scope and purpose of the data processing
This website uses Matomo (formerly Piwik), an open source software for the statistical analysis of visitor access.
Matomo uses so-called cookies, i.e. text files that are stored on your computer and that enable your use of the website to be analyzed.
The information generated by the cookie about your use of the website is saved with your consent as described under V. You can revoke your consent to the statistical analysis of your website usage using Matomo at any time with future effect by adjusting your selection in the Matomo cookie settings.

Adjust privacy settings

The IP address is anonymized immediately after processing and before it is saved. You have the option of preventing the installation of cookies by changing the settings in your browser software. We would like to point out that with the appropriate setting, it is possible that not all functions of this website will be available.
You can decide whether a unique web analysis cookie may be stored in your browser in order to enable the website operator to collect and analyze various statistical data.
You can find more information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/ .

2. Legal basis for data processing
The legal basis for data processing is Art. 6 Para. 1 lit. a) GDPR in connection with your consent to the statistical analysis of your website usage using Matomo.

3. Duration of storage
Your data collected as part of the website analysis using Matomo will be deleted after 13 months.

Sendinblue is a service provided by Sendinblue GmbH for managing e-mail addresses and sending messages (newsletters).

We use Sendinblue to manage contacts and send messages.

This type of service enables the management of a database with e-mail contacts, phone numbers or any other contact information in order to communicate with the user.

The services can also collect data on what date and time the message was read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.

Personal data collected: cookie; E-mail; Surname; Phone number; Usage data.

Place of processing: Germany
Data protection declaration: https://de.sendinblue.com/legal/privacypolicy/

Conclusion of an order processing contract
We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect our customers’ data and not to pass them on to third parties.

We have integrated components from Wistia on our website. Wistia is operated by Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA.
Wistia is a service for hosting and embedding videos in websites. We use the Wistia Video Player to view and play videos. We use videos to provide information and entertainment for our visitors. Wistia collects data about video usage by the user such as: B. How much video was viewed, at what point in time it was paused, rewound or jumped, how many videos and how often they were viewed. Wisita uses cookies for user identification. Other logged data are IP address, device class (“desktop”, “mobile”), operating system, browser, embed URL (page on which the video is played), internet provider, location, region and country, session start time (date and time the first video view per video). For certain videos, you will be asked to enter your e-mail address in order to see the video, which will then also be logged. If you are logged in as a member of Wistia, Wistia will assign this information to your personal user account on this platform. You can prevent such an assignment by logging out of your user account before visiting our website.
The use of Wistia and the storage of Wisitia cookies are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Further information on data protection and the technologies used can be found on the Wistia website at: https://wistia.com/privacy

Google Analytics

This website uses functions of the web analysis service Google Analytics (Art. 6 (1) (f) GDPR). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By integrating Google Analytics, we pursue the purpose of analyzing user behavior on our website and being able to react to it. This enables us to continuously improve our offer.

Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plug-in and objection to data collection

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. These data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the point “Objection to data collection”.

Google remarketing

We use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), who supports us as a processor.

Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us as the operator of the website with other services relating to website activity and internet usage. If you are logged in with a Google account while visiting our website, the data will also be used to provide us with other website and internet related services to the website operator on other devices on which the same Google account is logged in provide.

In the case of data collection processes that are not merged in your Google account (e.g. you have no Google account or you have objected to the merging), the collection of data is based on Art. 6 Para. 1 lit. f GDPR. The possibility of evaluating the success of individual offers enables us, among other things, to react in a targeted manner to market behavior and to place our offers in the best possible way for interested users. Google also has a legitimate interest in the (personal) data collected in order to be able to market personalized advertising and improve its own services.

You can object to the use of your data for this purpose at any time. We process the data until the end of the evaluation. The provision of the data by you is neither legally nor contractually required, nor is it necessary for the conclusion of a contract.

The collected data is summarized in your Google account exclusively on the basis of your consent, which you give to Google (Art. 6 Para. 1 lit. a GDPR) and which you can withdraw from Google.

Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.

You can permanently revoke your consent to cross-device remarketing / targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

Google Ads

We use the online advertising program “Google Ads” on our website and, in this context, conversion tracking (evaluation of visits). Google Conversion Tracking is an analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). If you click on an ad placed by Google, a conversion tracking cookie will be placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can see that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. This means that there is no way that cookies can be tracked via the websites of Ads customers. The information that is obtained with the help of the conversion cookie is used to generate conversion statistics. Here we find out the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

To do this, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. You will then not be included in the conversion tracking statistics. You can also deactivate personalized advertising for you in the advertising settings on Google. Instructions can be found at https://support.google.com/ads/answer/2662922?hl=de. In addition, you can deactivate the use of cookies by third-party providers by calling up the deactivation page of the Network Advertising Initiative at http://optout.networkadvertising.org/?c=1 and implementing the additional information on opt-out mentioned there .

You can find more information and Google’s data protection declaration at https://www.google.de/policies/privacy/ and https://policies.google.com/technologies/ads.

Google DoubleClick

This website uses the online marketing tool DoubleClick by Google. DoubleClick uses cookies to show ads that are relevant to users, to improve reports on campaign performance or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to record so-called conversions that relate to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or have clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and save it.

The legal basis for processing your data is Article 6 Paragraph 1 Clause 1 Letter f GDPR. The possibility of evaluating the success of individual offers enables us, among other things, to react in a targeted manner to market behavior and to place our offers in the best possible way for interested users. Google also has a legitimate interest in the (personal) data collected in order to improve its own services. Further information on DoubleClick by Google is available at https://www.google.de/doubleclick, as well as on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third-party providers; b) by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, with this setting is deleted when you delete your cookies; c) by deactivating the interest-based advertisements of the providers who are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

Google Adwords Conversion Tracking

We use Google Conversion Tracking to statistically record the use of our website and to evaluate it for you for the purpose of optimization. For this purpose, Google places a cookie on your computer when you have reached our website via a Google ad.

These cookies lose their validity after 30 days. They are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie is still valid, Google and the customer can see that the user clicked on the ad and was redirected to this page.

A different cookie is set for each customer and can therefore not be tracked via the websites of Adwords customers. The information collected is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The following information is disclosed:

Total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.

However, no information is given that can be used to personally identify users.

If you do not want to take part in the tracking process, you can also refuse the setting of a cookie required for this – for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked.

You can find Google’s data protection information on conversion tracking here (https://services.google.com/sitestats/de.html)

Google Tag Manager

We use the Google Tag Manager. The Google Tag Manager does not collect any personal data. It triggers other tags, which in turn may collect data. However, it does not access this data. If a deactivation has been made at the domain or cookie level, the deactivation remains for all tracking tags that are implemented with Google Tag Manager. You can find Google’s data protection notice on Google Tag Manager here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google web fonts

In order to present our content correctly and graphically appealing across browsers, we use font libraries such as. B. Google Webfonts (https://www.google.com/webfonts/). The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in a faster and more uniform presentation, regardless of the fonts stored on your device. Google web fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, the content is displayed in a standard font.

Calling up font libraries automatically triggers a connection to the operator of the asset or library. It is theoretically possible – but currently also unclear whether and, if so, for what purposes – that operators of such libraries collect data. You can opt-out here: https://adssettings.google.com/authenticated.

You will find the data protection guidelines for Google Fonts below: https://www.google.com/policies/privacy/

If your personal data are processed, you are the data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to the following rights vis-à-vis the person responsible.

To exercise your data subject rights towards us as the person responsible, please contact the following email address: datenschutz@xitaso.com

1. Right to information – Art. 15 GDPR
You have the right to request confirmation from the person responsible as to whether personal data relating to you is being processed.

If such processing has taken place, you have the right to information about this personal data and the following information:

o the purposes for which the personal data are processed;
o the categories of personal data that are processed;
o the recipients or the categories of recipients to whom the personal data have been disclosed or are still being disclosed;
o if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining the storage duration;
o the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
o the right to lodge a complaint with a supervisory authority;
o all available information about the origin of the data if the personal data are not collected from the data subject;
o the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the person concerned.

You also have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can also request the appropriate guarantees in accordance with. Art. 46 GDPR to be informed in connection with the transfer.

2. Right to rectification – Art. 16 GDPR
You have the right vis-à-vis the person responsible to have the data concerning you corrected and / or completed immediately if the personal data processed is incorrect or incomplete.

3. Right to deletion – Art. 17 GDPR
Deletion obligation:
You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

o the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
o You have revoked your consent on which the processing was based in accordance with. Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR based, and there is no other legal basis for the processing;
o According to Art. 21 Para. 1 You have lodged an objection to the processing and there are no overriding legitimate reasons for the processing, or you have, according to Art. 21 Para. 2 DS-GVO filed an objection to the processing;
o the personal data concerning you have been processed unlawfully;
The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject;
o the personal data relating to you were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

Exceptions:
There is no right to deletion if processing is necessary

o to exercise the right to freedom of expression and information;
o to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible;
o for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 letters h and i and Article 9 paragraph 3;
o for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89
Section. 1 GDPR, insofar as the right mentioned in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
o to assert, exercise or defend legal claims.

4. Right to restriction of processing – Art. 18 GDPR
You have the right to request that the personal data relating to you be restricted under the following conditions:

o if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
o if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
o if the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
o if you have objected to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.

If the processing restriction has been restricted due to the aforementioned conditions, you will be informed by the person responsible before the restriction is lifted.

5. Right to information – Art. 19 GDPR
If you have exercised one of your rights to correction, deletion or restriction of processing, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of the correction, deletion of the data or the restriction of processing because this turns out to be impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.

6. Right to data portability – Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

a) the processing is based on consent in accordance with. Art. 6 para. 1 lit. a) GDPR or Art. 9 Para. 2 lit. a) GDPR or on a contract according to. Art. 6 para. 1 lit. b) GDPR is based and
b) the processing is carried out using automated procedures.

In exercising this right to data portability, you also have the right to have your personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible.

7. Right of objection – Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para. 1 lit. e) or f) DS-GVO takes place, to lodge an objection; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services – regardless of Directive 2002/58 / EC – you have the option of exercising your right of objection by means of automated processes that use technical specifications.

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

9. Right to lodge a complaint with a supervisory authority – Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation.

The supervisory authority to which you lodge a complaint must inform you, as the complainant, of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.