Name and Contact Details of the Responsible Party
xChange Solutions GmbH
Represented by Johannes Schlingmeier
Data Protection Officer
Should you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:
External Data Protection Officer
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg
If you have any questions or concerns regarding your information, please contact firstname.lastname@example.org.
If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive matter), please contact them by post, as communication by e-mail can always have security gaps. Please state in your request that your concern relates to the company xChange Solutions GmbH.
Personal data is all information about an identified or identifiable persons. This includes the following categories of personal data that we process:
• Your contact details (such as first and last name, address, e-mail address, phone number)
• Your correspondence with us
• Log files with information about your visit to our website
• Payment data (such as bank account number, credit card number, financial institution)
• Online identifiers (such as cookie IDs, IP addresses, advertising IDs)
• Customer data (such as invoice data, user profiles, address, order history, payment data)
General Information About Cookies
A cookie is a text file containing an identification number which, when the website is used, is transmitted to the user’s computer together with the other data actually requested and stored there. The file is kept there for later access and serves to authenticate the user. Since cookies are only simple files and not executable programs, they do not pose any danger to the computer.
Cookies that are already active can be deleted at any time via the settings of your internet browser or other software programs. We may work together with advertising partners who help us to make our online offer more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive when you visit our website (cookies from third parties).
Persistent cookies remain on your end device after closing the browser. These cookies can, for example, save your user preferences, such as language settings, and analyse user behaviour on our website. Storage duration of persistent cookies corresponds to the respective duration of the individual cookie. Afterwards they are automatically deleted.
Purpose of Processing
We process your data for the following purposes:
• For corresponding with you
• For processing contracts with you
• For advertising purposes such as the dispatch of our newsletter
• On quality assurance and statistics
• In order to provide our service
• In order to improve our service
We base the processing of your data on the following legal bases:
• Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
• The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
• The fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)
• The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)
When processing your data, we pursue the following legitimate interests:
• The improvement of our offer
• Protection of our systems against misuse
• For marketing purposes
• For the storage of our correspondence with you
Requirement or Obligation to Provide Data
Unless this is expressly stated, the provision of your data is not required or obligatory.
As soon as we do not receive the data from you, or about the devices you use, it comes from the following sources:
• Master data of companies and self-employed persons from publicly available official sources
• Data on B2B contacts of specialised service providers
We store your data,
• if you have consented to the processing, at most until you revoke your consent;
• if we need the data for the execution of a contract, at most for as long as the contractual relationship with you exists;
• if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
• insofar as statutory storage obligations exist, until the end of the storage periods.
When processing your data, we work together with the following service providers who have access to your data:
• Provider of web analysis tools
• Web hosting and web development providers
• Service provider for IT development services
• Ticket and customer support software provider
• Sales service provider
• Payment service provider
• E-mail and newsletter provider
• CRM system service provider
• Cloud services
• Conference and Webinar Software
• Service provider for online surveys
• Service provider for chat software
• Social media platforms
• Service provider for bookkeeping and invoicing
• Provider for external document management
Transfer to Third Countries
Data is being transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by means of contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.
• United States of America (EU-U.S. PRIVACY SHIELD)
As a data subject, you have the following rights:
• To request information about the processing of your data, as well as to receive a copy of your personal data. You may request information on, among other things, the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;
• To receive personal data relating to you in a structured, common and machine-readable format or to transfer it to another person in charge
• To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
• To have your data deleted or blocked.
• To have the processing restricted;
• To object to the processing of your data;
• To revoke your consent to the processing of your data for the future and
• To complain to the responsible supervisory authority about unauthorised data processing.