Privacy policy

Data Protection at a Glance

Based on the information obligations pursuant to Section 13 of the General Data Protection Regulation, we would like to transparently inform you about processing of your data. The following notes provide a simple overview of what data we collect and for what purposes we use them.

Personal data include all data that makes it possible to identify you in person.

Detailed information on the subject of data protection can be taken from our data protection statement listed below this text. We inform you about processing of the data of nearly any person group, such as customers, applicants, suppliers, business partners and website visitors. For the sake of providing a better overview, we divide this detailed data protection statement into the following sections:

  1. General notes and mandatory information
  2. Information on processing of data on this website
  3. Information on processing of personal data for own business purposes

General notes on data protection on our website
The operators of these pages take protection of your personal data very seriously. We treat your personal data confidentially and comply with the statutory data protection rules and this data protection statement. When you use this website, various personal data will be collected. This data protection statement explains which data we collect and what we use them for. It also explains how and for what purpose this is done. We would like to point out that the data transmission on the internet (e.g. in the case of email communication) may involve gaps in security. Complete data privacy against third-party access is not possible.

How do we collect your data on this website?
Your data will be collected when you disclose them to us. These may be data you enter in a contact form. Other data will be recorded automatically by our IT systems when you visit the website. These are in particular technical data (e.g. web browser, operating system or time at which the page was called up). These data are collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data are collected in order to ensure defect-free provision of the website. Other data may be used for analysing your user behaviour.

SSL or TLS encryption
This page uses SSL or TLS encryption for reasons of safety and to protect the transmission of confidential contents, such as orders or queries that you send to us as the page operator. An encrypted connection can be recognised by the address line of the browser switching from “http://” to “https://” and the lock icon being shown in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by any third parties.

Analysis tools and third-party provider tools
Your surfing behaviour can be statistically evaluated when you visit our website. This is done in particular using cookies and analysis programmes. Analysis of your surfing behaviour usually takes place anonymously; your surfing behaviour cannot be tracked back to you. You can object to this analysis or prevent it by not using certain tools. For detailed information on this, see the following data protection statement.
You can object to this analysis. We will inform you about the objection options in this data protection statement.

Detailed Data Protection Statement

1. General notes and mandatory information

Controller for processing
The controller for data processing in general and on this website is:

Georg Hemmeter GmbH
Justus-von-Liebig-Str. 2
D-85435 Erding
Phone: 0049 2843 / 9200
Email: info@xuxu.de

The controller is the natural or legal person who, alone or together with others, decides about the purposes and means of processing of personal data (e.g. names, email addresses, etc.).

Legally required data protection officer
We have appointed a data protection officer for our company. You can contact him at:

Georg Hemmeter GmbH
Justus-von-Liebig-Str. 2
D-85435 Erding
Phone: 0049 2843 / 9200
Email: datenschutz@xuxu.de

What rights do you have on processing of your data?

Revocation of your consent to data processing activities
Many data processing activities are only permitted with your express consent. You may revoke consent once granted at any time. An informal notification by email to us is sufficient for this. The legality of the data processing activities performed until the revocation will not be affected by this.

Information concerning your data
You have the right to demand information concerning your personal data processed by us and to demand a copy of these data. The information contains the following: processing purposes, data categories, their recipients or categories of recipients as well as, if possible, the planned duration of data storage or criteria for specification of this duration.

Rectification, erasure, restriction
You also have the right to demand that the data be corrected if they are inaccurate, or deleted if data storage is inadmissible. If erasure is not possible ― for various reasons ― you have the right to demand restriction of processing or blocking of your data.

Right to object
As far as processing is based on point (f) of Article 6 (1) GDPR (reconciliation of interests), you have the right to object to processing of such data at any time. We no longer process such personal data in that case, except if we can present any mandatory legitimate reasons that override your legitimate interests, or if the processing is necessary for the establishment, exercise or defence of legal claims.

Right to data portability
You have the right to have any data that we process automatically based on your consent or to perform a contract transferred to you or a third party in a common machine-readable format. If you demand direct transfer of the data to another controller, this shall be done only as far as it is technically feasible.

Right to complain to the relevant supervisory authority
In case of violations of data protection law, the data subject has a right to complain to the relevant supervisory authority. The relevant supervisory authority in matters of data protection law is the state data protection officer of the Federal state in which the company is registered. For a list of the data protection officers and their contact details, see the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

To exercise your rights, please contact our data protection officer at datenschutz@xuxu.de.

2. Information on Processing of Data on this Website

1. Objection to advertising emails

We hereby object to the use of the contact details published within the scope of the imprint obligation for the transmission of not expressly requested advertisements and information materials. The providers of the pages expressly reserve the right to take legal action in the case of transmission of non-solicited advertising material, for example, by way of spam mails.

2. Recipients

Only our employees who are responsible for technical administration, maintenance and further development of the website have access to your personal data.
If you contact us, employees who are responsible for handling the respective process will also receive access to your personal data.
In addition to this, we employ external IT service companies to maintain our IT systems, which may receive access to your personal data within the context of their work. This shall apply accordingly to hosting providers.

3. Transmission

We will not pass on your personal data to any third country outside of the EU. Any other transmission shall only take place if we are required to do so by law or authorities or if the data must be passed on within the context of your use of the website.

4. How long do we secure your personal data?

Your personal data will be deleted if you have revoked a consent given to processing or if the personal data are no longer required to meet the purpose pursued by their processing. Cookies will be deleted after 12 months.
Data generated in connection with contact will be deleted after 12 months.

5. Automated decision making and profiling

We will not use your personal data for automated decision making. We also will not use your personal data to compile any profiles. Please note that we do not use any identification software of our own and that we do not evaluate any biometric data. However, please note as well that it is not excluded that a social network may use such software.

6. Why are your personal data collected?

We need your personal data to permit use of the website. You are able to choose not to provide us with your personal data or to provide us with incomplete information. However, this may render us unable to offer you use of the website or to do so in full, or it may prevent you from participating in a lottery or competition.

7. Data collection on our website

Cookies
The websites partially use so-called cookies. Cookies do not cause any damage on your computer and do not contain any viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are placed on your computer and that your browser stores.
Most of the cookies we use are so-called “session cookies”. They are deleted automatically after the end of your visit. Other cookies remain stored on your end device until you delete them (so-called “persistent cookies”). These cookies enable us to recognise your browser again on your next visit.
You can set your browser so that you will be informed when cookies are set and only permit cookies in individual cases, prevent acceptance of cookies for certain cases or generally and activate automatic deletion of the cookies when you close the browser. If you deactivate cookies, the function of this website may be limited.
Cookies that are needed to perform electronic communication or to provide certain functions desired by you (e.g. shopping cart function) are stored based on point (f) of Article 6 (1) GDPR. The website operator has as legitimate interest in storage of cookies for technically correct and optimised provision of its services. As far as any other cookies (e.g. cookies for analysis of your surfing behaviour) are stored, these are treated separately in the present data protection statement.

Server log files/protocol files
The provider of the website will collect and store automatically information in so-called server log files that your browser submits to us automatically. These are:

  • browser type and browser version;
  • operating system used;
  • referrer URL;
  • host name of the accessing computer;
  • time of the server query; and
  • internet protocol address.

These data will not be combined with any other data sources.
The legal ground for data processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. Without any further additional information, such as information from an internet service provider concerning the owner of the connection, which we usually do not have without any specific cause, such as suspected violation of laws, we will be unable to assign these data to individual identifiable persons.

Processing of data (customer and contract data)
We collect, process and use personal data only as far as they are required to found, design contents or change the legal relationship (stock data). The legal ground for this collection, processing and use is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. We collect, process and use personal data concerning the use of our websites (usage data) only as far as this is required in order to enable the user to use the service or to settle fees for use.
The collected customer data will be deleted after the end of the order or termination of the business relationship. Statutory retention periods shall remain unaffected.

Contact form
If you send us any queries via the contact form, your information from the contact form (first name, last name, email, phone number (voluntary information), message), including the contact details you indicate there, will be stored by us for processing of the request and in case we have any subsequent questions. We will not pass on your data without your consent.
The data entered in the contact form shall thus only be processed based on your consent (point (a) of Article 6 (1) GDPR). You may revoke your consent at any time. An informal notification by email to info@xuxu.de is sufficient for this. The legality of the data processing activities performed until the revocation will not be affected by this. The data you entered in the contact form will remain with us until you request us to delete them, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been completely processed). Mandatory statutory provisions ― in particular retention periods ― shall not be affected by this.

Age of majority
When you visit our website, you will be asked if you are a legal adult.

8. Analysis tools and marketing

Matomo (formerly Piwik)
This website uses the web analysis software Matomo (www.matomo.org), a service of provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”), to collect and store data based on our legitimate interest in statistical analysis of user behaviour for the purpose of optimisation and marketing in accordance with point (f) of Artcile 6 (1) GDPR. These data can be used to compile usage profiles with pseudonyms and evaluate them for the same purpose. Cookies can be used for this. Cookies are small text files that are locally stored in the temporary storage of the page visitor’s internet browser. The cookies permit, among others, recognition of the internet browser. The data collected with the Matomo technology (including your pseudonymised internet protocol address) are processed on our servers.
The information generated by the cookie in the user profile with pseudonym are not used in order to personally identify the visitor of this website and are not combined with any personal data on the carrier of the pseudonym.
If you do not agree to storage and evaluation of such data from your visit, you may object to storage and use at any time with one click of your mouse below. In this case, a so-called opt-out cookie will be placed in your browser, with the consequence that Matomo will not collect any session data. Please note that complete erasure of your cookies will delete the opt-out cookie as well and that you may have to re-activate it then.

https://stats.diversa-spez.de/index.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=ffffff&fontColor=000000&fontSize=12px&fontFamily=arial

9. Social media

Information about data processing with regard to online presence in social media
We maintain several online representations within social networks and platforms in order to communicate with customers, interested parties and users being registered there and to provide information about our services. Processing of personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with point (f) of Article 6 (1) GDPR. If the users are asked by the respective providers for consent to processing of their data (that is, users express their agreement e.g. by ticking a checkbox or confirming by button), the legal preconditions of the processing according to point (a) of Article 6 (1) and Article 7 GDPR are met.
Following ECJ judgment of 05/06/2018, we must provide you with comprehensive information about the data processing that takes place via and through the Facebook website (and possibly other social media). At the moment, we have not been sufficiently informed by the operators of these platforms, so at this point we would like to refer you to the relevant data processing directives and rights to object (opt-out) that apply to the respective social networks. Requests for information and assertion of data subject rights can only be asserted with the respective providers, as solely these have access to the respective user data.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Data protection: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Share Buttons
In order to prevent transmission of data to the service providers Facebook, Twitter and Pinterest without your knowledge, we do not use the social media plug-ins of these providers. This ensures that personal data will not be passed on to the providers of the individual social plug-ins directly when you enter the page, but only and exclusively if you click one of the social media buttons. Only then may data be transmitted to the corresponding service provider and stored there.

3. Information on Processing of Personal Data for Own Business Purposes

1. Purposes and legal basis of processing

We collect and process your personal data for the following purposes:

Applicant data
We collect and process applicant data (typically address, contact details, qualification, resume, letters of reference, etc.) for the purpose of performing application procedures, provided that these are required for the decision about initiating employment with us. The legal basis for this is Article 88 GDPR in conjunction with Section 26 (1) in conjunction with (8) second sentence BDSG. If we employ an applicant, we may process the personal data already received further in accordance with Section 26 (1) BDSG if this is required for the purpose of the employment.
We may store the data of rejected applicants for up to 6 months after the rejection was received in text form to defend against asserted legal claims from the application proceedings, based on point (f) of Article 6 (1) GDPR. Our legitimate interest is a possible burden of evidence in proceedings under the general law on equal treatment (Allgemeines Gleichbehandlungsgesetz, AGG). Storage beyond this will only take place with the express consent of the applicant. The applicant continues to have the right to exercise his rights named in 1.

Processing of personal data

  1. To perform pre-contractual measures or initiate a purchasing contract or business relationship. This processing is based on point (b) of Article 6 (1) GDPR. You may object to the storage of your data at any time, in which case we will erase your data, provided that we are not prevented from doing so by statutory retention periods.
  2. To perform the contract and to support the customer base. The legal ground for this processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. The data will be deleted after the end of the business relationship, except if there are any statutory retention periods. Such retention periods may result (as one example) from tax law, which may require archiving for periods of up to ten years.
  3. We also process personal data to perform campaigns and lotteries. Such processing takes place based on your consent in accordance with point (a) of Article 6 (1) GDPR. After the end of the lottery, all data that you as participant submitted to us will be deleted, unless any different statutory or contractual retention regulations exist.
  4. We may also use the addresses of our customer base for letter advertisements; this processing is based on point (f) of Article 6 (1) GDPR. Our legitimate interest is in personal direct marketing. You have the right at any time to object to use of your data for the purpose of direct marketing.
  5. We use the email addresses of our customer base, i.e. only those with whom we have a business relationship, for marketing emails. This processing is based on point (f) of Article 6 (1) GDPR in conjunction with Section 7 (3) UWG. Our legitimate interest is in simple and cost-efficient marketing contact with our customer base. Of course, this is done under observation of the high requirement of Section 7 (3) UWG, which defines the exceptions for use of the email addresses of the customer base. You have the right at any time to object to use of your email address for the purpose of direct marketing.
  6. To exercise your rights, please contact our data protection officer at datenschutz@xuxu.de.

2. Transmission of data

We may transmit your personal data to other companies as far as this is permitted or required in the scope of the purposes and legal basics presented. Apart from this, personal data will be processed by external service providers on our order based on contracts for processing activities according to Article 28 GDPR, in particular in the area of information technology and data processing. Your data will not be passed on outside of the EU in any case.

3. Storage of the data

Your personal data will only be stored as long as knowledge of the data is required for the contractual relationship or the purposes for which they were collected or if there are any statutory or contractual retention rules. Statutory retention periods result, among others, from provisions under social law and tax law and can be up to ten years for documents and vouchers relevant under tax law.