your Personal Data
is Extremely Important to Us!
your Personal Data
is Extremely Important to Us!
1. General Information
Protecting your personal data pursuant to Art. 4 (1) (GDPR) is extremely important to XEPTUM Consulting AG and its subsidiaries (hereafter: XEPTUM). The confidential treatment of your data by XEPTUM is a top priority and complies with the provisions of data protection law. Your data will not be disclosed to third parties. Your personal data is stored on servers of the company commissioned for this purpose (data processing) by XEPTUM. This company is also obliged to comply with the aforementioned provisions.
XEPTUM is responsible for processing, collection, and use of your personal data. The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR), and the German Telemedia Act (TMG).
3. Data Protection Officer
If you have any questions regarding data protection, please do not hesitate to send them to the following e-mail address: datenschutz(at)xeptum(.)com.
4. Collection, Processing, and use of Personal Data
Personal data will be processed, collected and used only for the following purposes:
Technical functionality for accessing and optimizing the website; answering your questions via the contact form; job applications; statistical evaluations; and for the use of newsletters.
4.1. Calling Up the Website
For technical reasons, when you visit the XEPTUM website, you transmit data to the XEPTUM website web server via your Internet browser. During an active connection, the following data is recorded for communication between your Internet browser and XEPTUM’s web server:
- Date and time of the request
- Name of the file requested
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser used
- Volume of data transferred
This use does not allow any conclusions to be drawn regarding your identity. This information is required only to maintain the connection and to process your navigation requests.
4.3. Contact Form
The following personal data is requested via the contact form:
- First name
- Last name
- E-mail address
- All further information in the free text field
This data is collected for communication purposes pursuant to Art. 6 (1b) (GDPR). This data is received by the assistants to the management. If you do not provide this required information, you will not be able to communicate via the contact form. Alternatively, you have the option of using the e-mail address in the Imprint section of the website to contact XEPTUM. For further information, see point 5 “Security”.
XEPTUM uses data for advertising purposes and has a legitimate interest pursuant to Art. 6 (1f) GDPR. The legal basis here is Sec. 7 (3) of the German Act Against Unfair Competition (UWG).
You have a right to object at any time and can submit your objection to the contact address provided in the Imprint section of this website, by post, or in a short e-mail.
4.5. Job Applications
Your application documents will be filed with XEPTUM only for the purpose of the anticipated conclusion of an employment contract (Sec. 26 BDSG (new), Art. 6 (1a) GDPR). This data is received by the Head of Sourcing and the management. Furthermore, the data may be forwarded and made available to the relevant head of department for the purposes of the selection procedure. XEPTUM has implemented technical and organizational measures to ensure that the data cannot be illegally passed on to or read by unauthorized persons or third parties and that the data is deleted within 6 months if an employment contract is not concluded. The only exception to this is a list containing “surname, first name, age, and reason for rejection”, which is required for identification purposes if the same person reapplies.
We use technical and organizational security measures to safeguard your data against manipulation (accidental or intentional), loss, destruction, and against access by unauthorized persons. Your personal data on the XEPTUM website is transmitted securely in encrypted form. We use the current hybrid encryption method TLS (Transport Layer Security).
XEPTUM points out that non-encrypted data transfer over the Internet (e.g. communication by e‑mail) can give rise to security vulnerabilities, and the data can be read in plain text. It is therefore not possible to protect the data completely against third-party access (for example, if the data is sent by normal e-mail).
6. Web Analysis with Google Analytics
7. Use of Social Media Buttons (XING, Facebook, LinkedIn, YouTube)
XEPTUM does not use “Like” functions of social media providers. Access to the XEPTUM website is therefore not registered by the linked social media providers. By clicking on from linked provider buttons, you merely leave XEPTUM’s website. When you use these services, the respective provider is responsible as defined by Art. 4 (7) (GDPR).
The privacy policies and settings of the respective providers can be found below:
8. Right of Access, Erasure, and Rectification of your Data
There is a right to data access pursuant to Sec. 34 BDSG (new) and Art. 15 GDPR – right of access by the data subject at: Offizielles Kurzpapier der DSK (German only). In addition, under certain conditions, there is a right to rectify incorrect personal data (Art. 16 GDPR), to restrict its processing (Art. 18 GDPR), and to have it erased (Art. 17 GDPR), insofar as this does not conflict with statutory retention obligations.
Furthermore, we draw your attention to your right to object pursuant to Art. 21 (1-6) GDPR, your right to lodge a complaint (Art 77 GDPR) to the competent supervisory authority, and your right of appeal (German Injunctions Act: UKlaG) to a consumer association.
If you have any questions or wish to exercise any of your rights, please contact us: datenschutz(at)xeptum(.)com.
Last updated: January 2021