I. General

(1) Below you will find information about how we process personal data when you use our website.

We take the protection of your personal data very seriously and treat your personal data confidentially, in compliance with legal data protection provisions and the General Data Protection Regulation (hereinafter GDPR). If you have provided us with personal data, we exclusively use it for the purposes specified in this privacy policy, e.g. to respond to any queries you may have. We ensure that your data is handled in strict confidence, and erase it as soon as it is no longer required to fulfil the intended purpose.

(2) Pursuant to Article 4(1) GDPR, personal data includes all information relating to an identified or identifiable natural person, such as a name, address, e-mail address, user behaviour, etc. The term ‘processing’ includes but is not limited to obtaining, collecting, organising, arranging, storing, altering, changing, reading, querying, using, transmitting, erasing or destroying your personal data pursuant to Article 4(2) GDPR.

(3) The controller pursuant to Article 4(7) GDPR is:

x-ion GmbH,
Marschnerstraße 52, 22081 Hamburg, Germany
Telephone: +49 40 609 451 090
E-mail: info@x-ion.de

You can contact our data protection officer at: datenschutz@x-ion.de

II. Processing your data when you contact us

(1) If you contact us via the contact form or by e-mail (beratung@x-ion.de), we collect and store the data you send (your full name, e-mail address and/or telephone number). Processing serves the purpose of facilitating targeted communication with you and being able to process your concern promptly and comprehensively.

(2) Processing your personal data for the purpose of making contact takes place on the basis of Article 6(1) sentence 1 lit. a GDPR, if you have given your consent voluntarily. When filling out the contact form, you are requested to provide us with consent to process the data given on the contact form. You can withdraw this at any time by contacting us (more information can be found in point VII paragraph 7). We use this data exclusively for the purpose stated here, i.e. to respond to your request.

III. Processing your personal data when visiting our website

(1) If you use our website for purely informational purposes and do not get in touch with us, we automatically collect personal data that your web browser sends to our servers and temporarily saves in server logfiles. This includes the following information:

    • the IP address;
    • the date and time of the request (UTC time);
    • the access path for the file retrieved (e.g. URL);
    • the browser used, including version and operating system you use;
    • the protocol;
    • the HTTP status code(s).

(2) The processing of this data by us serves the purpose of a fault-free connection with our website as well as a comfortable use. In addition, we require this data to evaluate the stability and security of the system and for other administrative purposes. The legal basis of this data processing is Article 6(1) sentence 1 lit. f GDPR. The stated purposes also constitute our legitimate interest in processing your data. We never use your data to draw conclusions about you personally in any way.

(3) In addition to the data mentioned above, cookies are also saved on your computer when you use our website. Cookies are small text files that are saved in your browser and are assigned to this website. These are used to determine the frequency of use and number of users of our website. x-ion GmbH uses cookies to obtain specific information about visitors (e.g. session IDs, ID numbers) that are essential to ensure the smooth functioning of the website. We do not create an individual profile for your usage behaviour. The legal basis for this is Article 6(1) sentence 1 lit. f GDPR. We have a legitimate interest in saving cookies to provide our services with optimal technical function. It is possible to visit our website without cookies being used. You can disable cookies in your browser; however please note that if you do so, you may be unable to use all of the features of this website to their full extent.

IV. Data security

(1) We use technical and organisational security measures to protect your personal data against unauthorised access by third parties, manipulation, loss or destruction, and we constantly update these in line with technological progress.

(2) We use the following encryption levels when you visit our website:

    • TLS 1.2
    • AES 128 bit

You can recognise that our website is being transmitted securely by the lock symbol in your browser’s status bar.

V. Sharing your data with third parties

(1) Your personal data is not shared with third parties for purposes other than those listed in this privacy policy.

(2) Your data is only shared with third parties if this is required to process your request, if you have been informed of the respective processes and you have given your explicit consent to this (pursuant to Article 6(1) sentence 1 lit. a GDPR), or if there is a legal obligation to share the data pursuant to Article 6(1) sentence 1 lit. c GDPR, or if it is required to process contractual relationships with you pursuant to Article 6(1) sentence 1 lit. b GDPR. In doing so, we specify the criteria established for the storage period. If our service providers or partners are based in a state outside the European Economic Area (EEA), we will inform you of this in advance.

VI. Data storage period and/or erasure of your data

(1) In principle, we only store your personal data for as long as it is required to achieve the purposes specified in this policy, or we observe the legally prescribed storage periods. We take into account the principles of data minimisation and data economy outlined in Article 5 GDPR.

(2) We only store data collected in the context of your contact with us if it is required and we consider it to be necessary to get in touch with you in relation to your request. The maximum storage period for your data is 12 months. Before the respective purpose ceases to apply, data is erased or blocked if you submit a legitimate request to erase the data and no legal retention obligations prevent this.

(3) Personal data that is collected by visiting our website is stored for a period of 14 days and is then erased via an automated process.

VII. Your rights as a data subject

You have the following rights with respect to your personal data:

(1) Right of access pursuant to Article 15 GDPR

You are entitled to obtain from us confirmation as to whether or not personal data concerning you is being processed and to what extent. You also have the right to request from us the respective purposes of processing, the categories of personal data, the recipient(s) of your data or categories of recipients (also including third countries), the planned storage period, information about the right to rectification, restriction or erasure of processing, the right to object, the right to lodge a complaint with a supervisory authority, the origin of your data (if it was not collected from you) and the existence of automated decision making, including profiling.

(2) Right to rectification – Article 16 GDPR

You have the right to request that inaccurate or incomplete data stored by us is rectified without undue delay.

(3) Right to erasure – Article 17 GDPR

You have the right to request that the data stored by us is erased, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise or defend legal claims.

(4) Right to restriction of processing – Article 18 GDPR

You are entitled to request that the processing of your personal data is restricted if the accuracy of the data is disputed by you or if processing is unlawful, and you have objected to such data being erased or we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21(1) GDPR.

(5) Right to data portability – Article 20 GDPR

You have the right to receive from us personal data concerning you in a structured, commonly used and machine-readable format or have it transmitted to another controller, if the other conditions of Article 20 GDPR have been met.

(6) Right to lodge a complaint with a relevant supervisory authority – Article 77 GDPR

You have the right to lodge a complaint with a data protection supervisory authority relating to how we process your personal data. The relevant supervisory authority here is generally the Hamburg supervisory authority (The Hamburg Commissioner for Data Protection and Freedom of Information, ‘Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit’).

(7) Withdrawing your consent – Article 7(3) GDPR

You have the right to withdraw the consent you have given us at any time. To do so, simply send an e-mail to: datenschutz@x-ion.de. When you withdraw your consent, the lawfulness of processing previously carried out on the basis of consent will not be affected.

(8) Right to object – Article 21 GDPR

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1) sentence 1 lit. f GDPR, you have the right to object against your personal data being processed, provided that there are reasons relating to your particular situation or provided that the objection is against direct marketing. In the latter case, you have a general right to object, which means that you are not required to disclose details relating to your particular situation. When exercising such an objection, we kindly ask that you provide a brief description of the reasons why you no longer want us to process your personal data. To exercise your right to object, please send an e-mail to: datenschutz@x-ion.de

VIII. Google Maps API

1) On our website we are using the Google Maps (API) service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to provide you our location. By visiting our website your personal data (IP address) could be transferred to, stored and analysed by Google’s server in the USA or other countries outside the EEA. This is independent of the existence of an own google account.

(2) The legal basis of this data processing is Article 6(1) sentence 1 lit. f GDPR. The legitimate interest of this processing arises of the exact presentation of our business location. Furthermore your IP address is required to provide the map content to you. If you have deactivated JavaScript in your browser, no data will be transferred to Google. However, this will result in an unfunctional map view.

(3) Google is certified according to the EU-U.S. Privacy Shield and ensures a data protection level according to the european standard. A list of Google’s subprocessors can be found at this link: https://gsuite.google.com/intl/en/terms/subprocessors.html. The terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html and the privacy policy at  http://www.google.de/intl/de/policies/privacy.

IX. Updating this privacy policy

This privacy policy is dated September 2018. If the legal, judicial or official framework conditions change, and/or if our service changes, it may be necessary to update this privacy policy from time to time. You can always find the current version on our website: https://www.x-ion.de/de/datenschutz/

Our duty to inform you about processing your personal data pursuant to Art. 12 and the following articles of the General Data Protection Regulation for our customers, suppliers, applicants and interested parties you will find at:
https://www.x-ion.de/de/datenschutz/informationspflichten/ (german version only)

Privacy Policy PDF