1. The data controller and data protection officer
a) The data controller for this website as defined within the General Data Protection Regulation (GDPR) is Xsell GbR, Kaiserstr. 63-65, 44135 Dortmund, Germany, represented by Pavlos Tsulfaidis, Francesco Lanzillotti, at the same address as above. Tel.: +49 (0) 231 5335-250, Fax: 49 (0) 231 5335 251, E-Mail: info@xsell.de.
b) The data protection officer for Xsell GbR is Mr. Francesco Lanzillotti. He is at the above address, with correspondence to be marked for his attention. Alternatively, you can reach Murat Cakir by email at info@xsell.de
2. The collection and storage of personal data
a) Storage of access data in server log files
You can visit our web pages without disclosing any of your personal details. When you visit our website, the browser on your end device automatically sends us only the following access data information. This is temporarily recorded and stored in a server log file until it is automatically deleted:
- The IP address of the computer making the request,
- The date and time of access,
- The name and URL of the accessed file,
- Possibly the volume of data requested,
- The website from where access is made (referrer URL),
- browser used,
- If applicable, your computer operating system
- The name of your provider.
We process this data with a legitimate interest according to Article 6, para. 1 (f) GDPR for
- Easy access to our website,
- Easy use of our website,
- System security and stability, and also
- For other administrative purposes.
We never us it to draw conclusions on your identity. For the cookies used on our website, web analysis services and plugins, please refer to the rest of section 5 and 6 of this data protection declaration.
b) Contact form and email
Our website enables swift electronic contact and direct communication with our company via our website's contact form or by email.
If you contact us via the contact form or by email, the personal data you provide will automatically be saved. To enable this, you
only need to provide a valid email address so that we know who the request has come from and can answer it; optionally, you can provide
further personal data.
Data processing for the purpose of making contact with us and processing your request is carried out in
accordance with Art. 6 para. 1 S.1 l (a) of the GDPR, based on your consent being given. The personal data collected by us will
automatically be deleted after your request has been processed. We will not pass on this personal information to third parties.
c) User account
You can choose to open a user account on our website by providing personal data. The personal data transmitted to us is determined by
the input form provided when you register for a user account. The personal data entered by you will be subject to para. 4 and collected
and stored for our internal use and own purposes.
Furthermore, upon registering on our website, the IP address assigned by your
Internet service provider and the date and time of registration are also saved. This data storage takes place to prevent the misuse of
our services. If necessary, this data will serve to clarify any offenses committed. In this respect, so storing this data is necessary
for our security. This data will not be passed on to third parties unless this is required by law or for the purposes of criminal
prosecution.
Your registration for a user account and voluntarily providing personal data serves to offer you content or
services that, due to their very nature, can only be offered to registered users.
You can only access to your customer account
after entering your personal password. You should keep your access information confidential and close the browser window when you have
finished your session with us, especially if you share your computer with others.
You can delete your user account at any time,
either by using a designated function in your user account or by notifying us e.g. by emailing info@xsell.de or using the contact form on our website.
d) Newsletter subscription
If you have given us your valid email address, which is only needed for the newsletter, according to Art. 6 para. 1 S. 1 (a) GDPR, you
have expressly given your consent and we will use your email address to regularly send you our newsletter for information about our
latest offers and news.
A confirmation email is part of the ‘double opt-in procedure’. This is sent to an email address when
first registered and is part of the process for sending the newsletter in order to check whether the owner of the email address is the
person concerned and has authorised the newsletter registration. When you register for the newsletter, the personal data that you, the
user, have entered into the registration form, the IP address assigned to you by the Internet Service Provider and the date and time of
registration for the newsletter are saved. The data collection described above is needed to trace any misuse of the data belonging to a
data subject at a later date. The personal data collected in the context of registering for the newsletter will only be used to send our
newsletter. In addition, subscribers to the newsletter can be informed by email in the event of changes to the newsletter subscription
or technical changes.
You can unsubscribe from the newsletter at any time and withdraw your consent to your personal data being
stored for sending the newsletter, for example, via a unsubscribe link at the end of each newsletter or by sending us a message, e.g.,
by email to info@xsell.de or via the contact form on our website.
e) Evaluation reminder by email with consent
If in accordance with Art. 6 para. 1 S. 1 (a) GDPR, if you have given your express consent in this respect, we will use your email address as a reminder to submit an order evaluation using our evaluation system. This consent can be revoked at any time by sending us a message, for example, to info@xsell.de or using the contact form on our website.
f) Email promotion without newsletter subscription
If you provide us with information in accordance with Art. 6 para 1 S. 1 (a) GDPR, you have given your express consent in this respect and we reserve the right to occasionally send you offers for products and services from our range that may be of interest to you even without a newsletter subscription. You can withdraw your consent to this use of your email address at any time by sending us a message, e.g. by emailing us at info@xsell.de or using the contact form on our website. If you have provided us with your email contact information as a customer in connection with the sale of a product or service and you have not objected, we also retain a legitimate interest according to Art. 6 para. 1 s. 1 (f), Art. 95 GDPR, Art. 13 para. 2 of the data protection Directive for electronic communication 2002/58/EG, and § 7 para. 3 UWG (Law against Unfair Competition), even if you have not specifically given your consent, to occasionally send you direct mail for our own similar products or services. Upon the collection of your electronic contact information and each time it is transferred, you have a clear opportunity to use your electronic contact information in this way without any problems and without additional fees other than your own transfer costs.
g) Postal advertising with consent
If, in accordance with Art. 6 para 1 S 1 (a) GDPR, we have received your express consent, we also reserve the right to store your first and last name, postal address in summarised lists and - if we have received this additional information as part of the contractual relationship with you - your title, academic degree, year of birth and professional title, sector description or business name. We may use these for our own promotional purposes, such as sending you interesting offers and information about our products by post. You can withdraw your consent to this use of your email address at any time by sending us a message, e.g., by emailing info@xsell.de or using the contact form on our website.
3. Data security with SSL procedures
As part of our website, we use the customary SSL procedure (Secure Socket Layer) in connection with the highest encryption level
supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3
technology instead.
You will see the encryption of an individual page of our website by the closed lock symbol in your
browser.
We use suitable technical and administrative security measures that are continuously improved in line with
technological developments to protect your data against accidental or intentional manipulation, partial or complete loss, destruction
and/or against unauthorised access by third parties.
4. Transfer of data
Under no circumstances will we pass on your personal data to third parties for any purposes other than listed below. We will only disclose your personal data to third parties if:
- You have expressly consented to this under Art. 6 para 1 S 1 (a) of the GDPR,
- The disclosure is in accordance with Art. 6 para 1 S 1 (f) GDPR to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
- In the event that disclosure in accordance with Art. 6 para. 1 S 1 (c) GDPR is a statutory obligation and provided that,
- This is legally permissible and in accordance with Art. 6 para. 1 S 1 (b) GDPR, this is required for processing the contractual relationship with you.
To implement pre-contractual measures at your request and to fulfil the contract with you, based on Art. 6 para. 1 S. 1 (b) GDPR and Art. 6 para. 1 S. 1 (f), Art. 95 GDPR and in conjunction with Art. 13 para. 2 of the Data Protection Directive for electronic communication 2002/58/EG and §7 para. 3 UWG, we use selected cloud-based services in compliance with data protection. Here, as part of contractual data processing according to Art. 28 GDPR and only as far as necessary, customer data is stored and processed on the provider's servers. At present, these are:
- Microsoft Office 365 Germany, in particular Microsoft Exchange Online, for email communication with customers, with online calendar and address book functions while processing customer data such as messages, text, audio, video or image files, appointments and contact information on Microsoft Exchange servers in German data centers (Microsoft's data protection declaration can be found online at: https://privacy.microsoft.com/de-de/privacystatement)
- Weclapp, which is accounting software with a Merchandise Management System (CRM and ERP functionalities) processing customer data required for accounting and ERP (contact information, offers, orders, products, invoices) with data centers in Germany. Weclapp's data protection declaration is online at https://www.weclapp.com/de/datenschutz/ as well as at the interface to the CRM and ERP functionalities of Weclapp, if you have not objected to this,
- CleverReach, which is a German service provider for email marketing and direct communication between you as a customer and us as a company, processing the data required for sending emails and newsletters on their servers. (the data protection declaration can be found online at: https://www.cleverreach.com/de/datenschutz/).
If, in accordance with Art. 6, para 1 S. 1 (a) GDPR, you have given your express consent to this, we may obtain credit information from a credit check provider based on mathematical and statistical procedures to safeguard our legitimate interests. As part of this, we will disclose personal data required for the credit check and use the information received to provide information on the statistical probability of a default, so that we may take a well-balanced decision to enter into, implement or terminate a contractual relationship with you. The credit report may include a score calculated through scientifically approved mathematical and statistical methods. These take data such as your address into account.
As part of a payment process, your data will only be processed in accordance with article 6 para 1 (b) GDPR relating to the bank, savings bank or credit institution and as far as necessary for payment processing; when paying by credit card or by direct debit by means of a payment service provider, the data required for payment processing is transmitted directly to the payment service provider within the process without being stored by us.
5. Cookies
Our website uses cookies to design and continuously optimise our website for you. Cookies are small text files that are saved on your
device when you visit our website. By using cookies, our systems can recognise your browser and offer you additional useful information
in connection with the specific end device used; cookies also serve to statistically record the use of our website and to evaluate to
optimise our services and products.
A cookie is used to collect information about your use of our website such as your browser
type/version, the operating system, referrer URL (the previously visited webpage), host name of the accessing computer (IP address) and
time of the server request.
Some of the cookies we use are deleted after the browser session, i.e. after you close your browser
(these are session cookies). They are used to recognise that you have already visited individual pages of our website.
Temporary cookies, which are stored on your device for a specific period of time, automatically recognise your browser and any entries
and settings you make when you visit our website again. These cookies are automatically deleted after a defined period of time.
The data processing carried out during the use of cookies is in accordance with Art. 6 para. 1 (f) GDPR to protect our legitimate
interests and for the best possible functionality of the website. This also ensures a customer-friendly and effective experience when
visiting the website we operate.
You can set your browser so that you are informed about the use of cookies and decide in each
case whether to accept them or to deactivate the acceptance of cookies in individual cases or completely. For details, please refer to
the description of the browser you are using. If you reject the use of cookies, our website may have limited functionality.
6. Programs for web analysis and newsletter tracking
a) Web analysis programs
On the basis of Art. 6 para. 1 S 1 (f) GDPR, we use the tracking measures mentioned below with a legitimate interest in web analysis to statistically record the use of our website and to evaluate this to optimise our products and services so we can design our website to meet requirements and continuously improve it. The relevant data processing purposes and data categories can be found in the various tracking tools.
(1) "Google Analytics"
Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA
94043, USA, hereinafter referred to as "Google", cf. a. https://www.google.de/intl/de/about/.
Google Analytics uses "cookies" (cf. para. 5 for details) to enable
an analysis of your website use. The information generated by a cookie is usually sent to and saved in a Google server in the U.S.. IP
anonymisation has been enabled on our website, which means your IP address is truncated in advance by Google within EU Member States or
other states party to the agreement in the European Economic Area. Only in exceptional cases will the full IP address be transferred to
a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to analyse
your use of the website, compile reports regarding website activity and provide other services to the website operator related to
website usage and internet usage. The IP address provided by your browser for Google Analytics will not be combined with other data from
Google.
You can prevent the use of cookies by selecting the relevant settings on your browser; however, we would like to point
out that if you do so, you may not be able to fully use all all functionality provided on this website.
Furthermore, you can
prevent the data generated by the cookie, relating to the usage of the website (including your IP address) from being collected and
processed by Google by downloading and installing the browser plugin available on the following link (https://http://tools.google.com/dlpage/gaoptout?hl=de)
Using this browser add-on for deactivating Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google
Analytics from using their data.
Google's privacy policy can be found online at https://policies.google.com/privacy?hl=de; Further help on data
protection in relation to Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=de.
b) Newsletter-Tracking
The newsletter sent by us can contain tracking pixels. This is a miniature graphic that is embedded in our email newsletter sent in
HTML format so that log file recording and analysis can be carried out. Based on a tracking pixel, we can recognise if and when an email
was opened and which links were clicked on in the email. This helps us to carry out a statistical evaluation of the success or failure
of online marketing campaigns.
Data collected from you in the tracking pixels contained in our newsletters are saved and
evaluated by us, but not passed on to third parties.
At any time, you are can withdraw the separate declaration of consent
relating to this, which has been made using the double opt-in procedure (see Section 2 (d). After withdrawing your consent and also
after unsubscribing from the newsletter, the data collected from you will be deleted.
7. Social Plugins
Based on Art. 6 para. 1 S. 1 (f) GDPR, we use social plug-ins on our website, in particular, the social networks Facebook, Google+,
Twitter, Instagram and XING, to make your visit to our website more personal, to network our company and to publicise ourselves. This
advertising has a legitimate interest as part of the GDPR.
When you visit a page on our website that contains one of these
social plug-ins, your browser establishes a direct connection to the servers belonging to the social plug-in provider. They receive the
information that you have accessed the page on our website through your browser, even if you do not have a profile or are not currently
logged in. This information (including your IP address) is transmitted from your browser directly to a server belonging to the provider
in the U.S. and is stored there.
If you are logged in to one of the providers' services, they can assign your visit to our
website against your profile. When interacting by means the social plug-in, the relevant information is also sent directly to the
provider’s server, stored there, published in the social network and displayed there to your contacts.
We operate our website
with social plug-ins, but have no knowledge of the content of the data transmitted or how the provider of the social plug-in uses this
data.
If you do not want the provider of a social plug-in to assign the data collected via our website directly to your profile
there, you can log out of the respective provider’s site when visiting our website. You can also completely prevent plugins from loading
using browser add-ons, e.g. the script blocker "NoScript".
Responsibility for operating within the bounds of data protection
will be guaranteed by the provider of the social media plugin; The purpose and scope of data collection and the further processing and
use of the data by the provider, as well as your rights and setting options for protecting your privacy can be found in the data
protection information for the provider listed below.
These individual providers are:
a) Facebook
We use Facebook plugins, especially the "Like" and "Share" buttons. You will find an overview of the Facebook plugin and the design at http://developers.facebook.com/docs/plugins/.
Facebook can obtain and evaluate the information transmitted via a Facebook plug-in sent to its servers in the U.S. to create usage, interest and relationship profiles for advertising, market research and the custom presentation of Facebook pages, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook. Facebook's data protection declaration, with information on the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and setting options for protecting your privacy can be found online at http://de-de.facebook.com/policy.php. . If you do not want Facebook to assign your visit to our website to your Facebook user account, please log out of Facebook beforehand.
8. Rights of affected persons
With regard to the processing of your personal data, you have the following data subject rights:
a) Right to information, Article 15 GDPR:
In particular, you have a right to access your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, whether there is a right to rectification, deletion, restriction of processing, objection to processing, a complaint to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope concerning you and the desired effects of such processing, as well as your right to be informed about the guarantees provided in accordance with Art. 46 GDPR for the transfer of your data to third countries.
b) Right to rectification, Art. 16 GDPR
This includes the right to correct inaccurate data about you and/or to complete any incomplete data we have stored.
c) Right to deletion, Art. 17 GDPR
This includes the right to demand that we delete your personal data according to the requirements of Art. 17 para. 1 GDPR. However, this right does not exist, in particular, if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
d) The right to restriction of processing, Art. 18 GDPR:
This includes the right to request that the processing of your personal data is restricted if you dispute the accuracy of the data and the processing is unlawful, but you decline to have the data deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you object according to Art. 21 GDPR or have lodged an objection to the processing.
e) Right to information in accordance with Art. 19 GDPR;
If you have exercised the right to rectify, erase or restrict the processing of your data and have informed the data controller of this, he/she is obliged to notify all recipients about this rectification (if your personal data has been disclosed to these recipients), unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
f) Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, up-to-date and machine-readable format or to request its transfer to another responsible person, insofar as this is technically feasible.
g) Right to withdraw your consent, Art. 7 para. 3 GDPR:
This includes the right to withdraw your consent given to us to process your data at any time and with future effect. In the event of withdrawal of consent, we will delete the data concerned without delay, unless there is a legal basis for processing without consent that requires further data processing. This withdrawal of consent will not affect the lawfulness of any processing carried out beforehand.
i) Right to lodge a complaint, Art. 77 GDPR:
Regardless of any administrative or judicial remedies that may exist, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR.
9. Duration of the storage of personal data
After ending a contract, we will routinely delete the personal data stored by us, taking into account tax and business retention periods, if this is no longer required for contractual purposes, if you have not expressly declared your consent to specific future use of the data and/or we have no legitimate interest in further processing.
10. RIGHT OF OBJECTION
IF THERE IS A LEGITIMATE INTEREST FOR PROCESSING YOUR DATA ACCORDING TO ART 6 PARA 1 S 1 GDPR, ART. 21 GDPR, YOU HAVE THE RIGHT TO OBJECT AGAINST THIS PROCESSING OF YOUR PERSONAL DATA WITH A FUTURE EFFECT, IF THERE ARE REASONS BASED ON YOUR INDIVIDUAL CIRCUMSTANCES. THE DATA CONTROLLER WILL NO LONGER PROCESS THE PERSONAL DATA UNLESS HE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH THE INTERESTS, RIGHTS AND FREEDOMS OF THE DATA SUBJECT, OR THE PROCESSING IS FOR THE PURPOSE OF ENFORCING, PURSUING OR DEFENDING LEGAL CLAIMS. IF YOUR OBJECTION IS AGAINST DIRECT ADVERTISING, YOU HAVE A GENERAL RIGHT TO OBJECT, WHICH WILL BE IMPLEMENTED WITHOUT ANY SPECIFIC CIRCUMSTANCES. IF YOU WANT TO USE YOUR RIGHT TO OBJECT, PLEASE SEND AN EMAIL TO: info@xsell.de