Data Protection

Data privacy statement

1. General Information
The protection of your personal data pursuant to Art. 4, para. 1 (GDPR) is very important to XEPTUM Consulting AG and its subsidiaries (hereinafter referred to as XEPTUM). The confidential handling of your data by XEPTUM is of utmost importance and complies with the provisions of data protection law. Data will not be passed on to third parties under any circumstances. The personal data is stored on servers of the company commissioned by XEPTUM for this purpose (order data processing), which is also obliged to comply with the aforementioned provisions.

2. Responsible Body
XEPTUM is responsible for the processing, collection and use of your personal data. The legal basis for data protection can be found in the Federal Data Protection Act (BDSG), in the General Data Protection Regulation (GDPR) and the Telemedia Act (TMG).

3. Data Protection Officer
If you have any questions about data protection, please feel free to send them to the following e-mail address: datenschutz@xeptum.com.

4. Collection, processing and use of personal data
Personal data will only be processed, collected and used for the following purposes:
Technical function for accessing and optimizing the website, for answering your inquiries via the contact form, application, statistical evaluations or for the use of newsletters.

4.1. Accessing the website
For technical reasons, when you access the XEPTUM website, you transmit data to the web server that provides the XEPTUM website via your internet browser.

The following data is recorded during an ongoing connection for communication between your internet browser and the XEPTUM web server:
– Date and time of the request
– Name of the requested file
– Page from which the file was requested
– Access status (file transferred, file not found, etc.)
– Web browser used
– Amount of data transferred

This use does not allow any conclusions to be drawn about your person. This information is only required to maintain the connection and process your navigation requests.

4.2. Use of cookies
XEPTUM uses so-called cookies, which, depending on necessity and consent, are stored locally in the visitor’s browser when a website is accessed. With the exception of required cookies, which serve to display the XEPTUM website and security-relevant functions to protect your privacy, further optional cookies can be used to display information tailored to individual interests. The sole purpose is therefore to adapt the offer of the XEPTUM website to your wishes as best as possible and to make the use of the site as comfortable as possible. The lawfulness of the processing is based on Art. 6 Para. 1b of the GDPR. The session cookies are deleted after you close your browser.

4.3. Contact form

The following personal data is requested via the contact form:

Mandatory:
– Title
– First name
– Last name
– E-mail address

Voluntary:
– All other information in the free text field

This data is collected for communication purposes in accordance with Art. 6 Para. 1b (GDPR). The recipient of this data is the management assistant. If you do not provide this aforementioned required data, communication via the contact form cannot take place. Alternatively, you have the option of using the e-mail address provided in the legal notice to contact XEPTUM. For further information, see point 5 “Security”.

4.4. Advertising
XEPTUM uses data for advertising purposes and has a legitimate interest in accordance with Art. 6 Para. 1f (GDPR). The legal basis here is based on §7 Para. 3 (UWG).
You have a right to object at any time, which you can send informally by post or e-mail to the contact address provided in the legal notice.

4.5. Application
Your application documents will be stored exclusively for the purpose of a prospective conclusion of an employment contract (§26 BDSG (new) | Art. 6 Para. 1a (GDPR) at XEPTUM. The recipients of the data are the Head of Sourcing and the Management Board. Furthermore, the data may be forwarded and made available to the respective department head for the purpose of the selection process. XEPTUM has implemented technical and organizational measures to ensure that the data cannot be illegally passed on or read by unauthorized persons or third parties and that the data is deleted within 6 months if no employment contract is concluded. Excluded from this is a list with “name, first name, age and reason for rejection” which is necessary for the purpose of identification in the event of a renewed application by the same person.

5. Security
In order to protect your data against manipulation (accidental or intentional), loss, destruction or against access by unauthorized persons, we use technical and organizational security measures. Your personal data on the XEPTUM website is securely transmitted using encryption. We use the current hybrid encryption method TLS (Transport Layer Security).
XEPTUM points out that security gaps can occur during non-encrypted data transmission on the internet (e.g. when communicating by e-mail) or the data can be read in plain text. Complete protection of the data against access by third parties (for example, in the case of normal e-mail dispatch) is therefore not possible.

6. Use of Google Search Console
XEPTUM uses Google Search Console, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Search Console is used for the technical optimization of our website with regard to visibility in the Google search results. Via this service, we receive exclusively statistical and technical evaluations from Google (e.g. on search queries, clicks, displays in the search results or indexing errors).
The legal basis for processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the analysis and optimization of our website in order to guarantee its findability and functionality.
No personal data of website visitors is processed by us within the framework of the Google Search Console. Google only provides us with aggregated, non-personal information.
Further information on data processing by Google can be found in Google’s data protection information: https://policies.google.com/privacy

7. Use of etracker
XEPTUM uses services from etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. The etracker consent manager module is used for consent management. Script codes from other tools can be integrated via the etracker tag manager module. In combination, the etracker tag manager and consent manager enable the control of certain cookies and services with appropriate consent. Even if statistical cookies are rejected, usage data is collected in accordance with the legal requirements of the EU General Data Protection Regulation (EU-GDPR) and the Telecommunications-Digital Services-Data Protection Act (TDDDG). Data processing is based on the legal provisions of Art. 6 Para. 1 lit. f (legitimate interest) of the EU-GDPR. Our concern within the meaning of the EU-GDPR (legitimate interest) is the optimization of our online offer as well as legally compliant integration and management of further services on our website. If corresponding consent has been given, other technologies are played out on the basis of Art. 6 Para. 1 lit. a of the EU-GDPR. Consent can be revoked at any time.

The web analysis data generated with etracker is processed and stored exclusively in Germany by etracker on behalf of the provider of this website and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and has been awarded the ePrivacyseal data protection seal of approval. Since the privacy of our visitors is important to us, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, is anonymized or pseudonymized as early as possible. Any other use, merging with other data or disclosure to third parties does not take place.

You can object to the data processing described above at any time by clicking on the slider. The objection has no adverse consequences. If no slider is displayed, data collection has already been prevented by other blocking measures.

8. Use of social media buttons (Facebook, LinkedIn, YouTube & Instagram)
XEPTUM does not use “Like” functions from social media providers. Accessing the XEPTUM website is therefore not recorded by the linked social media providers. When you click on the linked provider buttons, you only leave the XEPTUM website. When using these offers, the respective provider is responsible within the meaning of Art. 4 Para. 7 (GDPR).

You can find the data protection declarations and settings of the respective providers below:

9. Use of Brevo
XEPTUM uses the add-in Brevo, a newsletter dispatch service. The provider for Brevo is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is used to send newsletters to customers, interested parties and partners and to statistically evaluate their delivery and interactions (e.g. opening and click rates).
In particular, the following data can be processed: name, first name, e-mail address, newsletter preferences, interactions (openings, clicks) and technical metadata (e.g. log data, timestamps).
If the XEPTUM newsletter is subscribed to, the data in the respective input mask is transmitted to the controller. Registration for the newsletter takes place using a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else’s e-mail address. When registering for the newsletter, the user’s IP address as well as the date and time of registration are saved. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be terminated by the person concerned at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 Para. 1 lit. a) GDPR if the user has given their consent. The legal basis for sending the newsletter as a result of the sale of services is § 7 Para. 3 UWG.

10. Use of ASSISTGO
XEPTUM uses ASSISTGO, a CRM/sales software. The provider of ASSISTGO is ProTeam Business Solutions GmbH, Lise-Meitner-Straße 14, 74074 Heilbronn, Germany. ASSISTGO is used for internal support of business processes and communication.
The data within ASSISTGO is processed exclusively within XEPTUM. The data is passed on to Brevo for the purpose of sending newsletters. Data is only stored in ASSISTGO for as long as it is necessary for use.

11. Right to information, deletion and correction of your data
There is a right to data information in accordance with § 34 BDSG-neu and Art. 15 GDPR – Right to information of the data subject under: Official short paper of the DSK. In addition, under certain conditions, there is a right to correct incorrect data (Art. 16 GDPR), restriction of processing (Art. 18 GDPR) and deletion (Art. 17 GDPR) of your personal data, provided that there are no legal storage obligations to the contrary.
Furthermore, we would like to draw your attention here to your right of revocation (in accordance with Art. 21 1-6 GDPR), your right to complain (Art. 77 GDPR) to the responsible supervisory authority and your right to take legal action (UKlaG) with a consumer association.

If you have any further questions or would like to exercise one of your rights, please contact: datenschutz@xeptum.com.

Status: November 2025