DATA PROTECTION DECLARATION
„XEELTECH GMBH“

Preamble

Thank you for your interest in data protection at XeelTech GmbH (hereinafter referred to as XeelTech).

The protection of your personal data is very important to us. Therefore, we would like to inform you transparently about the type and scope of the processing of your personal data within the framework of this data protection declaration:

  • visiting or calling up the XeelTech website,
  • the use of contact options with us,
  • the services we offer you as our customers and business partners,
  • your application to us or
  • when you come to visit us in person.

inform.

The legal basis for the processing of your personal data is in particular the General Data Protection Regulation (GDPR) or, in the case of us, XeelTech as website operator, the Austrian Data Protection Act (DSG).

Your personal data is processed exclusively within the framework of the legal requirements for the legally permissible purposes described in section C. Your personal data will only be passed on to third parties if you have consented to this or if another legal basis authorises us to pass it on. You will find more detailed information on this in the following sections of our data protection declaration.

If your personal data is also processed outside the European Union or the European Economic Area, this processing only takes place if the EU Commission has determined an adequate level of data protection in this third country or the processor in the third country has been obligated by standard contractual clauses (SCCs) to ensure an adequate level of data protection.

Section A – General Information

1. Controller within the meaning of the General Data Protection Regulation

The responsible party within the meaning of Article 4 No. 7 of the European Data Protection Regulation for the website is:

XeelTech GmbH

Montafonerstraße 68

6771 St. Anton im Montafon

Austria

Phone: +43 5552 93081-0

E-Mail: mail@xeeltech.com

If not only XeelTech, but also companies of the STIWA Group within the scope of the joint venture or Inventus Holding GmbH are involved in the processing of projects and there is a joint responsibility pursuant to Article 26 of the EU Data Protection Regulation, we will conclude a contract on joint responsibility.  In this case, the respective companies have stipulated by means of an agreement which responsible party within the meaning of the GDPR fulfills which obligations under data protection law. The essential content of this agreement can be made available to the data subject upon request.

2. Contact point for data protection questions / concerns

If you have any questions about data protection or wish to exercise your data subject rights, please contact us via datapprivacy@xeeltech.com.

3. Competent Supervisory Authority

If you believe that the processing of your personal data by XeelTech is not lawful, you may lodge a complaint with any data protection supervisory authority.

The competent supervisory authority for XeelTech pursuant to Art. 55f DS-GVO is:

Austrian Supervisory Authority; Barichgasse 40-42, 1030 Wien; Telephone: +43 1 52 152-0;

Contact Supervisory Authority (dsb.gv.at)

Section B – Data Subject Rights

1. Right of access by the data subject

In accordance with Article 15 of the GDPR, you have the right to obtain information about your personal data processed by XeelTech free of charge at any time.

2. Right to rectification, to erasure and data portability

Apart from the right to information, you have the right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) or restriction of processing (Article 18 of the GDPR), which you can assert against XeelTech. In addition, you also have the right to data portability in accordance with Article 20 of the GDPR.

3. Withdrawal of Consent

If your personal data was processed by XeelTech on the basis of your consent (Art. 6 para. 1 lit. a GDPR), you have the right to withdraw your consent for the future at any time without giving reasons. This also applies to the withdrawal of declarations of consent that you gave to XeelTech before 25 May 2018.

4. Withdrawal of Consent

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

 

5. (Case-related) right of objection according to Art. 21 GDPR

If the processing of your personal data takes place on legitimate interest (Art. 6 (1) f GDPR), you have the right to object on grounds arising from your particular situation. This also includes profiling in accordance with Article 4 No. 4 GDPR.

Profiling does not take place.

If you exercise your right to object, XeelTech will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

6. Right to object regarding direct marketing in accordance with Art. 21 GDPR

If the processing of your personal data is in connection with direct marketing, you may object to this at any time; this also applies to any profiling in connection with direct marketing.

In the event of objection, personal data will no longer be processed for this purpose.

7. Recipients of requests on the issue of the rights of the data subject

You can send your objection at any time without formalities with the subject “Objection”, your withdrawal with the subject “Withdrawal”, stating your name or other means of identification, to:

XeelTech GmbH

Montafonerstraße 68

6771 St. Anton in Montafon

Austria

Phone: +43 5552 93081-0

E-mail: dataprivacy@xeeltech.com

Please also direct your requests regarding the other data subject rights to which you are entitled as a data subject under the GDPR (right to information, correction, deletion, restriction of processing and data portability) to the contact option listed here.

8. Note on the identification of the applicant

If there is any recourse to data subject rights on your part and we have doubts about your identity, we will have recourse to our right to request further information from you in order to identify you unambiguously. This measure is important so that your personal data is not disclosed to unauthorised third parties or, in some circumstances, amended or erasured at their request.

9. Right of appeal to the supervisory authority

In addition to the rights already mentioned above, if you believe that the processing of your personal data is in breach of the law, you may contact the supervisory authority at your place of residence or the controller of your personal data (Article 77 of the GDPR). The supervisory authority responsible for XeelTech can be found under Section A – Point 3 Competent supervisory authority.

Section C – Purpose and scope of personal data processing

1. Website

  • Visiting the website – general

If you merely visit our website without using our contact options, for example, the following personal data stored in server log files is processed by us:

  • Call-up of the website including path
  • IP address
  • Referrer URL (page from which the file was requested)
  • Date and time of the call to our website
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred

The processing of personal data takes place for the purpose of:

  • Ensuring a smooth connection setup of the website,
  • ensuring the smooth use of our website and
  • Evaluation of system security and stability

Legal basis:

The processing of your personal data is neither contractually nor legally required, but is based on the legal basis of legitimate interest in accordance with Art. 6 (f) GDPR. Without the processing of the above-mentioned personal data, a smooth presentation or stability and functionality of our website, furthermore the maintenance of the system security can be guaranteed and misuse can be prevented.

Recipients:

Data will not be transferred to third parties unless you have given your express consent to do so.

Storage period:

The above-mentioned personal data is stored for a period of 12 months and is then irrevocably deleted, provided that no security-relevant event occurs (e.g. a DDos attack). In the event of such an event, the data will be stored until the security-relevant event has been fully clarified and mitigated or eliminated.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21 GDPR. You can find more information under section B point 5 – Individual case-related right of objection of this data protection declaration.

  • Basic facts about cookies

Cookies are small data records that are created during your visit to our website, temporarily stored on your system and kept ready for later retrieval. If the server of our website is called up again by your visit, your browser sends the previously transmitted cookie back to the server and can, for example, evaluate information obtained through this procedure.

Within the scope of the use of cookies, navigation on our website can be made easier in particular.

In the case of the cookies we use, we distinguish between

  • Technically necessary cookies
  • Technically non-essential cookies
  • Third Party Content

You will find more detailed information on the cookies we use in the next sections.

  • Technically necessary cookies

The following technically necessary cookies are implemented on our part:

Name Purpose Expiration period More Information
wp-settings-time-1 to store user preferences. (functional) 1 year Link
wordpress_test_cookie to read if cookies can be placed. (functional) session Link
wordpress_sec_d5bbaba029ae14d9b223378a09246d6e to provide protection against hackers, store account details.. (functional) 15 days Link
wp-settings-1 to store user preferences (functional) persistent Link
wp_woocommerce_session_d5bbaba029ae14d9b223378a09246d6e to store performed actions on the website. (functional) session Link
woocommerce_cart_hash to store items in shopping cart. (functional) 1 day Link
Woocommerce_items_in_cart to store items in shopping cart. (functional) session Link
cmplz_banner-status to store if the cookie banner has been dismissed. (functional) 1 year Link
cmplz_preferences to store cookie consent preferences (functional) 1 year Link
cmplz_statistics to store cookie consent preferences. (functional) 1 year Link
cmplz_marketing to store cookie consent preferences. (functional) 1 year Link
cmplz_functional to store cookie consent preferences. (functional) 1 year Link
cmplz_policy_id to store accepted cookie policy ID. (functional) 1 year Link
cmplz_consented_services to store cookie consent preferences. (functional) 1 year Link
  • Technically unnecessary cookies

The following technically unnecessary cookies are implemented by us:

Name Purpose Expiration period More Information
Tk_ai to store a unique user ID. (Statistics) session Link
  • Deleting cookies

Depending on which browser is used, the administration of the cookie settings is different. A description of how you can delete the cookies stored on your end device, for example, can be found in the corresponding FAQs of the browser.

Here you will find an overview of the most common browsers and the corresponding link that will take you to the relevant FAQs.

  • Third Party Content

Apart from this, we, XeelTech, also make use of third-party providers, among other things for the purpose of analysis and evaluation with regard to visits to our website or in order to be able to offer you additional content and functions on our website (e.g. explanatory videos, live session (e.g. speeches at trade fairs / interviews)). For this purpose, among other things, so-called plug-ins are embedded, which – technically required – carry out a transmission of the IP address to our respective third-party provider. The plug-ins embedded by us are only called up with your express consent, which you can revoke at any time without giving reasons (see section B point 4).

YouTube

As already mentioned above, we also create videos in order to inform you about our products or services or to make it easier for you to use them. These videos are not stored by us or on our servers, but on the servers of the third-party provider – in this case Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America. These are integrated in the so-called “extended data protection mode” (see https://support.google.com/youtube/answer/171780?hl=de).

If you call up the YouTube plugin, YouTube cookies may be stored on your end device, whereby at least the following personal data may be transmitted to Google Inc.:

  • IP address
  • cookie ID,
  • the specific address of the page called up on our site,
  • language setting of the browser,
  • system date
  • time of the call as well as
  • Identification of your browser.

Further information on the purpose and scope of data collection and processing by Google, Inc. can be found at the following link: www.google.at/intl/de/policies/privacy/.

In this context, we would like to point out that XeelTech, as the website operator, does not process any of your personal data in the case of YouTube or transmit it to the third-party providers in this context. An interaction takes place exclusively between your end device (e.g. cell phone, laptop, PC) and the systems of the third-party provider. Thus, we have no possibility of influencing or knowledge of the content of the data transmitted between your end device and the third-party provider and its processing by the latter.

 

3. Services for customers and business partners

If a contract is concluded between you and us and you subsequently use one of our services or work together with us on a project, we will process the following personal data from you:

  • First name, last name
  • E-mail address
  • Availability by telephone
  • Title
  • Department
  • Position
  • Company affiliation and address
  • Value added tax identification number
  • Contract master data, billing and payment data
  • Customer ID
  • User name in accordance with our SecureDocs
  • Date and time of log-in
  • Information regarding the incident / issue

If, for example, other companies of the STIWA Group or Inventus Development GmbH also carry out data processing within the scope of a project and joint responsibility exists in accordance with Article 26 of the Data Protection Regulation, the STIWA companies involved in the project have concluded an agreement to determine which data controller fulfils which data protection obligations within the meaning of the EU Data Protection Regulation. The essential content of this agreement can be made available to the data subject upon request.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • Planning, implementation and administration of (contractual) business relations; among other things, for processing incidents, for technical and organisational support, furthermore for inspection, for processing repairs / complaints and for compiling statistics.

Legal basis:

The processing of your personal data for the above-mentioned purposes is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR (here: fulfilment of contractual obligations) and is therefore necessary.

Insofar as we are also required to fulfil legal obligations (including commercial or tax regulations), the processing of your personal data on the basis of legal requirements pursuant to art. 6 para. 1 lit. c GDPR also comes into consideration and is in this case also necessary.

Storage period:

Your personal data will be deleted immediately after the purpose ceases to apply, unless you object in advance to the processing of your personal data based on the legitimate interest (Article 21 (1) GDPR) or unless any legal claims or statutory retention periods prevent deletion. Legal retention periods may result, for example, from commercial and tax law retention obligations (up to 7 years).

Recipient:

  • STIWA companies / Inventus Development GmbH, insofar as this is necessary to achieve the above-mentioned purpose: Please note that in this case, data may also be transferred to companies in a third country (United States of America / China) on an ad hoc basis. A transfer to a third country is only permitted if there are appropriate guarantees for the protection of your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
  • IT service providers, if they have to be used for the maintenance and support of our data processing equipment. Corresponding contracts (order processing contracts or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with them, which oblige them to comply with legal requirements.
  • Third parties (including courts, tax authorities, supervisory authorities), insofar as this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21. For more information on this, but also on the other rights you have, please see Section B – Point 5 of this Privacy Policy.

  • Web Shop / Sale

If you wish to purchase our products / services directly and use our web shop, the following personal data will be processed by us:

  • Name, first name, title (optional)
  • Customer number – if already available
  • Availability by telephone
  • E-mail address
  • Address
  • Log files / logging data
  • Contract master data
  • Bank/ – financial data (including information on the method of payment, VAT identification number)
  • Information on the intended use of the product (optional)

The above-mentioned personal data is processed for the following purposes:

  • Sale and distribution of goods and services
  • Execution and processing of payment

Legal basis for the processing of your personal data:

The processing of your personal data is based on the legal basis of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR and is therefore necessary. Apart from this, there are a number of laws that oblige us to process your personal data; these include:

Furthermore, in the context of the fulfilment of contractual, as well as legal obligations, there is a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to process your personal data and is therefore necessary.

Storage period:

After the purpose has ceased to apply, your personal data in this context will be stored for 7 years due to statutory retention periods (including §132 of the Federal Tax Code), but processing will be restricted.

Recipients:

  • IT service providers (e.g. for maintenance and support of the data processing equipment used here) An order processing agreement has been concluded with these service providers, which obliges them to comply with legal requirements. If a service provider we use is based in a third country (non-EU/EEA), we have concluded standard contractual clauses of the EU Commission https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de to ensure the protection of your personal data in the context of an ad hoc transfer to a third country.
  • Third parties if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (including courts, authorities, and legal advisors).
  • Service providers (e.g. for the dispatch of products ordered by you or for the processing of payment transactions PayPal.

PayPal (Europe)

If you purchase a product from us, we offer PayPal as one of the payment options. PayPal is a service of the provider of the same name, PayPal (Europe) S.à.r.l. et Cie, (S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg); hereinafter “PayPal”. In this case, we pass on the following personal data to PayPal:

  • First name, last name
  • Address
  • E-mail address
  • Telephone number
  • Bank account data

Note: PayPal acts as a data controller in the sense of Art. 4 No. 7 GDPR. For more information regarding the processing of your personal data by PayPal, please see PayPal Privacy Policy.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. The legitimate interest on our part is the provision of an efficient and secure payment method.

Note: The processing of the data provided in this section is not required by law or contract. However, we cannot carry out a payment via PayPal without the transmission of your personal data.

Storage period

Your personal data will be processed and stored until the payment process has been completed. This includes the processing of refunds, claims and fraud prevention. Subsequently, your personal data will be stored for a limited period of 7 years due to legal retention periods (including §132 Bundesabgabenordnung-BAO) and subsequently deleted.

Recipient:

Apart from PayPal itself, no data is transferred to third parties unless you have given your express consent.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21 GDPR. You can find more information under section B point 5 – Individual right of objection of this data protection declaration.

  • Virtual meetings (video conferences)

In the context of meetings, XeelTech also makes use of virtual means of communication (Microsoft Teams web conferences), in which your voice is transmitted via microphone and, if necessary, your image is also transmitted via webcam to all other meeting participants (hereinafter referred to as “online meetings”). For this purpose, we use service providers with whom – if necessary – corresponding data protection agreements have been concluded.

We would also like to point out that the type and amount of personal data that is processed depends, on the one hand, on the functional scope of the video conferencing system itself and, on the other hand, on you as a user or meeting participant, i.e. which data you provide.

The following personal data may be processed:

  • Display name
  • E-mail address
  • Status (optional)
  • Status messages (optional)
  • Profile picture (optional)
  • Language
  • Date and time
  • Duration of the meeting
  • Meeting ID
  • Phone number – event related
  • Location data – event-related
  • Text, audio, video and other multimedia data
  • Audio or video recordings
  • Shared content (e.g. links, documents)

Note: During a videoconference, data from the microphone, a webcam or a screen display of your terminal (using the screen/content sharing function) is processed for the display of video signals, the playback of audio signals and multimedia data; e.g. if you are giving a presentation. The meeting participant can independently switch the microphone and/or the camera on and off at his or her terminal device at any time; furthermore, the screen/content sharing function must also be actively activated and terminated by the user. In addition, the user may also have recourse to the chat function.

Your personal data is processed for the following purpose:

  • Ensuring smooth communication and implementation of telephone conferences, online meetings, video conferences, training courses and webinars (“online meetings”).
  • Documentation and logging of questions to be clarified or results during the online meeting or for training purposes, in order to train persons who could not participate in the online meeting afterwards or for self-study.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest in this case lies, among other things, in ensuring functionality, smooth communication and the implementation of online meetings with our business partners, and subsequently also contractual obligations.

The processing of your personal data in the context of recordings is based on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR. If a recording is planned, we will inform you of this in a transparent manner and obtain your consent in advance.

Storage period:

Your user data will be stored by us for as long as, for example, a business relationship with you exists and subsequently no legal retention periods or any legal claims conflict with a deletion.

Meeting data and text, audio or video data, insofar as no recording took place but there was processing apart from this, are automatically deleted after 90 days following the end of the online meeting.

If the online meeting was recorded with your consent, we store this data after the end of the online meeting until the purpose no longer applies and delete it afterwards, unless there are legal retention periods or any legal claims or you have revoked your consent in advance.

Automated decision-making pursuant to Art. 22 GDPR is not used.

Recipients:

  • STIWA companies / Inventus Development GmbH, insofar as this is necessary to achieve the above-mentioned purpose: Please note here that in this case, data may also be transferred to companies in a third country (United States of America / China) on an ad hoc basis. A transfer to a third country is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
  • IT service providers who may be required to conduct online meetings or to maintain and support the data processing equipment used here. Corresponding agreements were concluded with these
  • Third parties; (e.g. external participants, courts) if we are legally obliged to do so or you have given your express consent.

Note: Within our technical possibilities, we have limited the storage locations to data centres within the EU/EEA. Thus, the processing of your personal data does not take place outside the borders of the EU/EEA. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

Note / information in line with the use of Microsoft Teams (“MS Teams”):

If you call up the corresponding Microsoft website (https://teams.microsoft.com/) to download the necessary MS Teams software, “Microsoft” is responsible for data processing. Calling up this website is only necessary for the download if use should/cannot be made directly and without a download via an Internet browser.

“Microsoft Teams” is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America.

The use of MS Teams is generally subject to the usage and data protection provisions of “Microsoft”, over which XeelTech itself has no influence. If recourse is made to MS-Teams, the user must accept the terms of use and data protection provisions of “Microsoft”. If this is not done, the use of MS-Teams is not possible.

You can find Microsoft’s data protection regulations here: https://privacy.microsoft.com/de-de/privacystatement

The terms of use can be found here: https://www.microsoft.com/de-de/servicesagreement/

You can also find further information about Microsoft online services here: https://www.microsoft.com/de-at/trust-center/privacy/customer-data-definitions.

Microsoft Corporation, as one of our IT service providers, receives personal data from the above-mentioned in the context of the online meeting, insofar as this is provided for in the context of our order processing agreement with MS-Teams. With the help of the concluded order processing, on the basis of EU standard contractual clauses, Microsoft is obliged to comply with the legal requirements of the applicable data protection law. A current version can be found at the following link: Licensing Documents (microsoft.com).

Your Data Protection Rights:
In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. You can find more information on this, but also on the other rights you have, in section B of this data protection declaration.

4. Applications

If we have aroused your interest as a future employer and you send us your application documents, we will process the following personal data from you:

  • Name, first name
  • E-mail address
  • Telephone contact details (optional)
  • Information that we receive, on the one hand, through your application documents and, on the other hand, in the course of the interview (title, nationality, gender, photo, address, cover letter, curriculum vitae, (service) certificates, information on training, qualifications and professional experience)
  • If applicable, also travel data and bank details (for reimbursement of travel expenses).

If you also provide us with special categories of personal data (such as health data, religious affiliation, degree of disability) on a purely voluntary basis in the letter of application or as part of the subsequent application process, this data will only be processed if you have given us your consent to do so.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • Carrying out the application procedure, including.
  • Evaluation of the application documents to determine whether recruitment is possible for the advertised position
    Communication and invitation to interviews
  • Submission of an offer and, if applicable, reimbursement of travel expenses.
  • In the event that you have given your consent for your application documents to be kept on file.Legal basis

The processing of your personal data in connection with applicant management is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR and subsequently on the basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

If – as already mentioned above – you also provide us with special categories of personal data, the processing is based purely on your consent (Art. 9 para. 2 lit. a GDPR).

If we are unable to consider you further with regard to a job offer, but you would like us to keep a record of it, the processing of your personal data is also based on a separate consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us.

Storage period:
Your personal data will be deleted immediately after the purpose ceases to apply or after revocation of any consent you have given – provided that no legal retention periods, any legal claims or legal proceedings stand in the way of deletion. If no recruitment takes place, this is regularly the case 6 months after a rejection has been issued.
If travel expenses are reimbursed, we are obliged by law or on the basis of the Federal Fiscal Code (BAO §132) to store the personal data related to this for 7 years.
If you have consented to us storing your personal data in our applicant database even after a rejection, the data will be deleted after two years – unless you have revoked your consent in advance.
If you sign an employment contract with us, we will store your data for the duration of the employment relationship. In this case, you will receive further information about the processing of your data in the employment relationship as soon as you start the employment relationship with us.

Recipients:
IT service providers who may need to be contacted for the maintenance and support of the data processing equipment used here. Corresponding data protection contracts have been concluded with them, which oblige them to comply with legal requirements.

Other sources:
Apart from your application sent directly to us, there is also the possibility in individual cases that your application documents are transmitted to us by career portals (including Karriere.at , DEV.Jobs).

Your data protection rights:
In the event of consent, you have the right of revocation at any time in accordance with Art. 7 (3) GDPR. You can find more information on this, but also on the other rights you have, under section B point 4 of this data protection declaration.

5. On-site visit

5.1 Video surveillance of business premises and server rooms

Should you visit us personally at our site, we would like to draw your attention to the fact that our premises and server rooms are under video surveillance.

In addition to the data protection declaration, you will also be made aware of this at the corresponding entrances to our locations by means of corresponding information signs.

In connection with the video surveillance of our premises, we process the following personal data:

  • Video recording
  • Date and time
  • Location of the recording
  • Identity of the persons concerned (if recognisable)
  • Vehicle registration number (if recognisable)

The processing of the above personal data is carried out for the following purposes:

  • Encrypted video surveillance for the purpose of self-protection / house rights (protection of the organisation’s property as well as staff members).
  • Prevention, containment and clarification of criminally relevant behaviour, insofar as this affects the area of responsibility of the person in charge, with exclusive evaluation in the occasion defined by the purpose.
  • Enforcement of claims

Legal basis:

The processing of your personal data is based on the legal basis of the legitimate interest Art. 6 para. 1 lit. f GDPR or §12 para. 2f DSG and is necessary for the purposes listed above.

No automatic decision-making or profiling takes place.

Storage period:

Your personal data is only stored for a period of 72 hours. Afterwards, they will be deleted automatically, unless data is required as evidence in the context of an event or in the context of asserting any legal claims.

Recipients:

In the course of the real-time monitoring of our business premises, we make use of an external service provider (security/doorman service). We have concluded an order processing agreement with this service provider, which obliges it to comply with legal requirements. Apart from this, personal data may also be transferred to third parties (law enforcement agencies, legal and public prosecution authorities, courts or insurance carriers) in order to assert any legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21 GDPR. You can find more information on this in the section on the right of objection (Art. 21 GDPR) of this data protection declaration.

5.2 Visitor management

If you visit us in person at one of our locations, we would like to draw your attention to the fact that personal data will be processed in the course of the security briefing or the completion of the initial non-disclosure agreement and the associated inclusion in the contact data management, furthermore the issue of visitor passes or the provision of our guest WLAN. The processing is carried out within the framework of joint responsibility pursuant to Article 26 of the European General Data Protection Regulation. The companies affected by this have determined by means of an agreement which responsible party within the meaning of the EU Data Protection Regulation fulfills which obligations under data protection law. The essential content of this agreement can be made available to the data subject upon request.

In connection with your visit to one of our business premises, we process the following personal data:

  • Personal master data (surname, first name, title)
  • Company name
  • Communication data (availability by telephone, e-mail address)
  • Log files and time recording data in connection with the use of the visitor badge (including access logs, badge logs, alarm logs)
  • IP address / Mac address, duration of connection and services used, if they should use our guest WLAN.

The above personal data is processed for the following purposes:

  • Unique identification of the visitor, to protect house rights and business and trade secrets (signing of a non-disclosure agreement (GHV) and documentation of its validity in the contact data management) and to be able to register you with your contact person.
  • Provision of the guest WLAN, if there is a need for you to use our guest WLAN
  • Enforcement of claims

Legal basis:

The processing of your personal data for the former and latter purposes is carried out on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR (inter alia to ensure security) and is therefore necessary.

The processing of your personal data regarding the use of our guest WLAN is based on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR. The provision of your personal data is not required. If you do not wish to give your consent in this regard, we cannot offer you access to our guest WLAN.

There is no automatic decision-making or profiling.

Storage period

Any storage of your personal data related to the visitor badge will be stored for the following periods after the purpose ceases to apply:

  • Access logs: 180 days
  • Badge logs: 3650 days
  • Alarm logs: 90 days

Personal data related to the GHV will be stored for 30 years. Personal data related to the provision of our guest WLAN based on their consent will be stored for a period of 30 days.

Recipients:
IT service providers for the purpose of maintenance/support of the data processing equipment used. An order processing contract has been concluded with these service providers, which obliges them to comply with legal requirements.
Third parties if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (including courts, authorities, legal advisors).

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. You can find more information on this, but also on the other rights you have, in section B of this privacy policy.

Section D – Notice of change to the privacy policy

XeelTech, as the operator of this website, reserves the right to constantly adapt this data protection declaration, whether in order to always comply with the current and legal requirements or – resulting from new processing activities – to include these in the data protection declaration, e.g. in the context of the provision of new services.

If you visit our website again, the new data protection declaration will apply from this point on.

The currently valid version is dated 30.09.2022.