Data Protection Guideline

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the EU member states and other data protection regulations is: 
XignSys GmbH
Neidenburger Str. 43
45897 Gelsenkirchen
Germany

Ust.-ID DE 308 760 457
Managing Director: Markus Hertlein, Pascal Manaras

The protection of your data is our concern

The protection of your personal data is one of the declared goals of XignSys GmbH. Therefore we comply with the relevant data protection laws and would like to inform you comprehensively about the handling and processing of your data by the following data protection information.

1. Personal data

Personal data is any information relating to an identified or identifiable natural person. This includes information such as name, address, telephone number, e-mail address. The processing of this information is always in accordance with the requirements of the GDPR as well as with other data protection regulations applicable to XignSys GmbH.
In principle, it is not necessary for you to disclose personal data in order to use our website. In certain cases, personal data may be processed, for example to provide a requested service or in our legitimate interest.
The same applies, for example, to sending information material or answering individual questions. Where this is necessary, we will point this out to you.
If there is no legal basis for the processing of your personal data, we will obtain the appropriate consent from you.
Furthermore, we only save and process data that we automatically collect when you visit our website (e.g. your IP address, data and time of access, search engine used).

2. Legal basis of the processing

If you have given us your consent to process your personal data for a specific purpose, the processing will be carried out on the basis of Art. 6 para. 1 a GDPR. If such processing is necessary to fulfil a contract with you or to initiate such a contract, the processing is based on Art. 6 para. 1 b DSGVO. In some cases, e.g. to fulfil tax obligations, we may be subject to a legal obligation to process personal data. The legal basis for this in such cases is Art. 6 para. 1 c GDPR. In rare cases, processing may also take place to protect vital interests of you or another natural person. In this exceptional case, processing is carried out on the basis of Art. 6 para. 1 d GDPR. Finally, processing may also be based on Art. 6 para. 1 f DSGVO. This is the case if the processing is carried out to protect a legitimate interest for our company or a third party, provided that your interests, fundamental rights and freedoms do not prevail. Such a legitimate interest can already be assumed if you are one of our customers. If the processing of personal data is based on Art. 6 para. 1 f GDPR, our legitimate interest is the performance of our business activities.

3. Security measures

As the controller for processing, XignSys GmbH has taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation and unauthorized disclosure. All our employees and all persons involved in data processing are obliged to comply with the general data protection regulation and other laws relevant to data protection and to handle personal data confidentially.
In the case of the collection and processing of personal data, the information is stored and transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in accordance with technical developments.

4. Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this will only take place on the basis of a legal authorization (e.g. if a transfer of the data to third parties, such as payment service providers, is required in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 
If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.

5. External hosting of the website

The website of XignSys GmbH is hosted by an external service provider (Hoster). The personal data collected on this website is stored on the servers of the hoster. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by the website. The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.
In order to guarantee data protection compliant processing, we have concluded a contract for order processing with our hoster.

Hoster:
1&1 Telecommunication SE
Elgendorfer Str. 57
56410 Montabaur
Germany
+49 (0) 721 96 00
info@1und1.de

6. External hosting of Xign.Me

In order to provide our authentication services, it is necessary to host our products and the associated infrastructure via external service providers, especially external cloud providers.

Our cooperation partners process personal data exclusively on behalf of XignSys GmbH and based on order data processing agreements. Any use beyond this, especially for purposes of advertising or market research, does not occur.

When selecting our service providers, we always ensure that the processing takes place in secure data centers in Germany or the EU. The requirements of our cooperation partners are also considered.

7. Authentication via Xign.Me

Within the scope of the authentication services offered by XignSys GmbH, by the App Xign.Me, it is necessary to collect, process or use personal data. This data can include, depending on the procedure agreed upon with the cooperation partner, the following data:

  • Name
  • first name(s)
  • E-mail address
  • Street
  • House number
  • Zip code
  • Place
  • Place of birth
  • Date of birth
  • User ID

The type and scope of the respective processing or use of personal data depends on the relevant legal regulations and the contractual agreements with our cooperation partners regarding our authentication services. XignSys GmbH acts as an order data processor according to Art. 28 lit. f GDPR.

XignSys GmbH processes and uses your personal data exclusively for the purpose agreed upon with the cooperation partners, as far as this is necessary for the legally compliant provision of our authentication service and for compliance with security standards.

XignSys GmbH does not directly collect personal data for the provision of its authentication services. It receives the data within the scope of data processing contracts with its cooperation partners. Any use beyond this, especially for purposes of advertising or market research, does not occur.

By agreeing to this privacy policy, the user declares his consent to the collection, use and disclosure of the required identity attributes within the scope of the authentication.

8. No transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special requirements of Art. 44 ff. GDPR are fulfilled. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

9. Rights of the data subjects

To exercise any of the rights mentioned below, you may contact our data protection officer or any other employee directly.

Our data protection officer is:

Tomasz Nowotarski

E-Mail: datenschutz@xignsys.com

You have the following rights with respect to the personal data concerning you:

  • Right to information (Art. 15 GDPR),
  • Right of correction or deletion (Art. 16 and 17 GDPR),
  • Right to limit processing (Art. 18 GDPR),
  • Right to withdraw your consent (Art. 7 GDPR),
  • Right to data transferability (Art. 20 GDPR), and
  • Right of objection within the framework of the legal requirements (Art. 21 GDPR).

10. Right of withdrawal and objection

You have the right to revoke any consent given to us at any time, with effect for the future. We will no longer carry out the processing based on this consent in the future.

Should the data processing by us be based on a legitimate interest, you have the right to object to the processing of your data at any time for reasons arising from your particular life situation.

To make use of your right of revocation and objection, please send us an informal notification.

11. Deletion of data

We process personal data of affected persons only if it is necessary to achieve the underlying purpose or as long as it is required by legal regulations to which XignSys GmbH is subject. If the purpose of storage ceases to apply or if a legal storage period provides for this, personal data will be deleted in accordance with the legal regulations, unless the XignSys GmbH is legally obliged to store this data. In these cases the data will be blocked.

12. Social networks

XignSys GmbH is only liable for intent or gross negligence. We are not able to control or permanently observe the behavior of social networks (e.g. Facebook, XiNG, LinkedIn) or their providers.

13. Making contact

Due to legal regulations, our website contains information that enables quick electronic contact with us and direct communication with us. This includes the indication of an e-mail address as well as a contact form if necessary.

If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically. This data, which you provide to us on a voluntary basis, is stored for the purpose of processing your request or contacting you. Your data will not be passed on to third parties.

We delete your requests and the associated personal data in accordance with our deletion concept.

14. Google Analytics

If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Scope of processing:
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the function 'anonymizeIP' (so-called IP-Masquerading): Due to the activation of the IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google.

During your visit to our website, the following data, among others, is collected:

  • the pages you call up, your "click path”
  • Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
  • Your user behavior (for example clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing:
On behalf of XignSys GmbH, Google will use this information to evaluate your use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

Receiver:
Receiver of the data is

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as an order processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.

Transfer to third countries and storage period:
A transfer of data to the USA cannot be excluded.

Data sent by us and stored Data whose storage period has been reached is automatically deleted once a month.

Exclusion of processing:
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

  1. not giving your consent to the setting of the cookie or
  2. download and install the browser add-on to disable Google Analytics HERE.

You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, this may limit the functionality of this and other websites.

You can find more information on the terms of use of Google Analytics and on data protection at Google at marketingplatform.google.com/about/analytics/terms/de/ and policies.google.com.

15. Adobe TypeKit Fonts

For the uniform display of fonts, we use so-called web fonts, which are provided by Adobe. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use must connect to the Adobe servers. This enables Adobe to know that our website was accessed via your IP address. The use of Adobe TypeKit fonts is in the interest of a uniform and appealing presentation of our online offers. The legal basis is Art. 6 para. 1 lit. f GDPR.

The use of Adobe TypeKit fonts does not exclude the possibility of data transfer to the USA. Provider of these services is the

  • Adobe Systems Incorporated: 345 Park Avenue, San Jose, California 95110-2704, USA
  • Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland

With regard to the use of Adobe TypeKit fonts, an adequate level of data protection is guaranteed by Adobe Inc. and the measures taken by Adobe on data protection and data security in the EU. Please also see the following information on Adobe TypeKit Fonts.

For more information about Adobe TypeKit Fonts, please see Adobe's privacy policy: www.adobe.com/de/privacy/policies/typekit.html

You can set your browser so that the fonts are not loaded from the Adobe servers (e.g. by installing add-ons like Ghostery). If your browser does not support the Adobe fonts or if you prevent access to the Adobe servers, the text will be displayed in the default font of the system.

16. Changes of our data protection regulations

We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.

If you have any questions regarding data protection, simply send us an e-mail to the above address.

Status: Friday, December 4, 2020