Responsible body within the meaning of data protection laws, in particular the EU Data Protection Ordinance (DSGVO):
Xenium AG
Sapporobogen 6-8
D-80637 Munich
I. Your data subject
You can exercise the following rights at any time using the contact details provided by our data protection officer:
- information about your data stored by us and its processing (Art. 15 DSGVO),
- correction of incorrect personal data (Art. 16 DSGVO),
- deletion of your data stored by us (Art. 17 DSGVO),
- restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
- objection to the processing of your data by us (Art. 21 DSGVO) and
- data portability, given you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).
If you have given us consent, you can revoke this at any time with effect for the future.
You can lodge a complaint with a supervisory authority at any time, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.
A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
II. Call our website
Purpose, legal basis and legitimate interest
When you access our website, i.e. even if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and the like..
In particular, they are processed for the following purposes:
- ensuring a problem-free connection setup,
- the website,
- ensuring the smooth use of our website,
- evaluating system security and stability, and
- for other administrative purposes.
We also reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.
Recipient of data
We use technical service providers for the operation and maintenance of our website who act as our processors.
Storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be restricted.
Objection
Please read the information about your right to object according to Art. 21 DSGVO below.
III. Use of Matomo
Type and purpose of the processing:
This website uses Matomo, an open source software for statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is a data protection-friendly web analysis software that is used without cookies and in which the recognition of returning users is carried out with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours. With the "digital fingerprint", user movements within our online offer are recorded with the help of pseudonymised IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users.
Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or contents are most frequently used or invite re-use. We can also see which areas need optimisation.
You can find more information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
Legal disclaimer:
The legal basis here is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in optimising our website.
Recipient:
Recipients of the data are, if applicable, order processors.
Storage period:
Data is deleted as soon as it is no longer required for our recording purposes.
IV. Applications
Purpose, legal basis and legitimate interest
You can submit your application to Xenium AG by e-mail via our application portal. We will only process the data you provide to assess your professional suitability and to contact you.
The processing is carried out for the purpose of establishing an employment relationship as part of the implementation of pre-contractual measures, which are carried out upon request, § 26 BDSG.
Within the framework of the balancing of interests (Art. 6 para. 1 lit. f) DSGVO), we process your data, as far as necessary, beyond the actual decision on the establishment of an employment relationship. Examples of such cases are:
- measures to protect employees and customers as well as to protect the company's property and building and facility security (e.g. access controls, locking systems and video surveillance),
- assertion of legal claims and defence in legal disputes: disclosure of personal data may be necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil claims,
- writing letters of application via LinkedIn, Xing and other applicant databases such as Absolventa, Indeed, etc.
Furthermore, we process your data on the basis of legal requirements (Art. 6 para. 1 lit. c) DSGVO in conjunction with. § 26 BDSG), e.g. in order to comply with tax law and similar control and reporting obligations.
Recipient of the data
Within the company, access to your data is granted to those offices that need it to fulfil contractual, legal and supervisory obligations and to safeguard legitimate interests (e.g. HR department, management, the future supervisor). The processing takes place on the systems and servers of Xenium AG.
Service providers and vicarious agents employed by us may also receive data for these purposes, insofar as they require the data to perform their respective services. These may be external service providers from the following areas: Support or maintenance of EDP or IT applications and personnel management software. All service providers are contractually bound and in particular obliged to treat your data confidentially.
Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Personal data may be passed on to the following third parties, for example: external data protection officer, authorities in the event of a duty to disclose data.
Third country transfers
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
Storage duration
If your application is rejected, it will be deleted six months after notification of the decision.
If an employment relationship is established, the application documents will be stored at Xenium AG for at least the period of employment.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, it is not possible to process the application without this information.
Automated decision-making or profiling
We do not use fully automated decision-making pursuant to Article 22 of the GDPR for the establishment, implementation and termination of the working relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law. We also do not process your data with the aim of automatically assessing certain personal aspects.
V. Contact
Purpose, legal basis and legitimate interest
The data you enter will be stored for the purpose of individual communication with you.
The processing of the data entered when contacting us is based on a legitimate interest (Art. 6 para. 1 lit f DSGVO).
By making the contact available, we would like to enable you to make uncomplicated contact. The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions.
If you contact us to request an offer, the data entered when contacting us will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit b DSGVO).
Recipient of the data
Our website is maintained by a service provider who acts as our processor.
If you send us a request for an offer, the service providers we use may receive data for these purposes if they need the data to perform their respective services (e.g. IT services).
All service providers are contractually obliged to treat your data confidentially.
Storage duration
Data will be deleted no later than 6 months after the request has been processed.
If a contractual relationship is established, we are subject to the statutory retention periods and delete your data after six or ten years.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, it is not possible to process the request without this information.
Objection
Please read the information about your right to object according to Art. 21 DSGVO below.
VI. SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
VII. Links and references
External Links
Xenium AG is only responsible for its "own content" that it makes available for use. If links to websites of other providers are provided, the statements of the Xenium AG privacy policy do not apply to the processing of personal data by these providers.
If you follow a link to one of these websites (which are outside our responsibility), we would like to point out that these websites have their own data protection information and that we are not responsible for this. We therefore recommend that you read the privacy policy on the other websites you visit before passing on your personal data to these website providers.
External links are marked with this symbol on our website: ↗
Please note that clicking on external links may also result in a data transfer to a third country (e.g. USA). In this case, it may be possible that foreign third parties, authorities or intelligence services receive your personal data (such as your IP address).
We maintain a company profile on LinkedIn.
A simple link will take you from our website to our presence on LinkedIn. This platform is operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. We maintain this LinkedIn company page in order to inform users or interested parties as well as customers about our company. We provide information via our LinkedIn profile and offer users the opportunity to communicate with us.
Furthermore, we would like to point out that as the operator of a LinkedIn company profile, we are jointly responsible with LinkedIn for the processing of the personal data of the site visitors (Art. 26 DSGVO). For this purpose, we have entered into a corresponding joint responsibility agreement with LinkedIn, which specifies the distribution of data protection obligations between us and LinkedIn. You can access this contract under the following link https://legal.linkedin.com/pages-joint-controller-addendum. In accordance with this contract, LinkedIn is responsible for responding to data subject requests. To assert these data subject rights, you may contact LinkedIn online at https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de or reach LinkedIn using the contact information in the Privacy Policy. You may also contact LinkedIn's Privacy Officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
Once you visit our LinkedIn company profile, follow or engage with this site, LinkedIn processes personal data. As a result, LinkedIn provides us with insight and statistics in anonymized form, after which we are informed about the types of actions visitors take on our site (so-called page insights). It is not possible for us to derive conclusions about individual members via the information of the page insights. On the one hand, LinkedIn processes data that you have stored in your profile based on your own published information. In addition, LinkedIn processes in particular data about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page.
The processing of your personal data is based on your consent pursuant to Art. 6 (1) sentence 1 lit.a DSGVO, which you have given to LinkedIn as part of your registration.
Further information on the processing of your data by LinkedIn can be found in the privacy policy of LinkedIn https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.
We cannot exclude that a third country transfer, e.g. to servers located in the USA, takes place when you call up our LinkedIn company presence.
Youtube
We maintain a profile on the YouTube platform, a service provided by YouTube, LLC (hereinafter referred to as "YouTube"), a subsidiary of Google, LLC (hereinafter referred to as "Google"), primarily to provide instructional videos on how to best use our products. We also provide videos informing about product updates, as well as video recordings of conference presentations. Personal data is processed by us through the use of the comment function.
Google's privacy policy applies:
- https://policies.google.com/privacy?hl=en#intro
The processing of data is based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, which you give to YouTube when visiting our YouTube channel.
YouTube and Google may process your data in the USA. An adequate level of data protection is ensured by standard contractual clauses.
Google may retain your data for longer periods of time. Some data may be deleted by you or will be deleted automatically. For more details, please refer to Google's privacy policy.
Providing your personal data is not required by law or contract. However, we cannot communicate with you without providing it.
XING is a social network operated by XING SE, which is headquartered in Hamburg. Here, members can primarily manage their professional, but also private contacts and make new contacts. Organizations can set up a page with a logo and short profile, post news and initiate discussion groups.
A personal profile with administrator rights must be assigned to the company profile. Dialog in groups can only be done via the personal profile of a natural person.
To use the network functions you have to be registered as a user. There is a free basic version and a paid version with additional functions. Unlike other social networks, XING is based more on a combination of personal and electronic contact, and is less commercial and less visual. The focus is on professional exchange on specialist topics with people who have the same professional interests. In addition, XING is frequently used by companies and other organizations for recruiting personnel and presenting themselves as attractive employers. For this purpose, XING is linked to the employer rating platform Kununu.
Your personal data is processed on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO, which you have given to XING as part of your registration.
XING provides further information at: https://corporate.xing.com/de/unternehmen/
You can read the current information on data protection at https://privacy.xing.com/de/datenschutzerklaerung.
Kununu
We maintain a company profile on Kununu.
A simple link will take you from our website to our presence on Kununu. This platform is operated by Kununu as a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We maintain this Kununu company page in order to inform users or interested parties as well as customers about our company. We provide information via our Kununu profile.
Furthermore, we would like to point out that as the operator of a Kununu company profile, we are jointly responsible with Kununu for the processing of the personal data of the site visitors (Art. 26 DSGVO). For this purpose, we have concluded a corresponding joint responsibility agreement with Kununu, which specifies the distribution of data protection obligations between us and Kununu.
As soon as you visit our Kununu company profile, or engage with this site, Kununu processes personal data. We have no influence on the type and scope of the data processed by Kununu.
On the one hand, Kununu processes data that you have stored in your profile based on your own published information. In addition, Kununu processes in particular data about how you interact with our Kununu company page, e.g. whether you are a follower of our Kununu company page.
The processing of your personal data is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) DSGVO, which you have given to Kununu as part of your registration. We would like to point out that you use the Kununu channel offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions.
Kununu processes your voluntarily entered data and evaluates any content you have shared or viewed.
Information about which data is processed by Kununu and for which purposes can be found in the Kununu privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
VIII. Change to our privacy policy
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.
IX. Questions to the Data Protection Officer
If you have any questions about data protection, please write us an e-mail or contact the person responsible for data protection in our organisation directly:
Data Protection Officer at Xenium AG
c/o activeMind AG
Potsdamer Str. 3
80802 München
Phone: +49 (0)89 / 91 92 94 – 900
www.activemind.de
datenschutz@xenium.de
X. Information about your right to object according to Art. 21 DSGVO
Individual right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Recipients of an objection
The objection can be made informally with the subject "Objection", stating your name, address or other identifiers, to:Xenium AG
Sapporobogen 6-8
80637 München
Phone: +49 89 4207980
E-Mail: info@xenium.de
