your Personal Data
is Extremely Important to Us!
1. General Information
Protecting your personal data pursuant to Art. 4 (1) (GDPR) is extremely important to XEPTUM Consulting AG and its subsidiaries (hereafter: XEPTUM). The confidential treatment of your data by XEPTUM is a top priority and complies with the provisions of data protection law. Your data will not be disclosed to third parties. Your personal data is stored on servers of the company commissioned for this purpose (data processing) by XEPTUM. This company is also obliged to comply with the aforementioned provisions.
XEPTUM is responsible for processing, collection, and use of your personal data. The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR), and the German Telemedia Act (TMG).
3. Data Protection Officer
If you have any questions regarding data protection, please do not hesitate to send them to the following e-mail address: firstname.lastname@example.org.
4. Collection, Processing, and use of Personal Data
Personal data will be processed, collected and used only for the following purposes:
Technical functionality for accessing and optimizing the website; answering your questions via the contact form; job applications; statistical evaluations; and for the use of newsletters.
4.1. Calling Up the Website
For technical reasons, when you visit the XEPTUM website, you transmit data to the XEPTUM website web server via your Internet browser. During an active connection, the following data is recorded for communication between your Internet browser and XEPTUM’s web server:
- Date and time of the request
- Name of the file requested
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser used
- Volume of data transferred
This use does not allow any conclusions to be drawn regarding your identity. This information is required only to maintain the connection and to process your navigation requests.
4.3. Contact Form
The following personal data is requested via the contact form:
- First name
- Last name
- E-mail address
- All further information in the free text field
This data is collected for communication purposes pursuant to Art. 6 (1b) (GDPR). This data is received by the assistants to the management. If you do not provide this required information, you will not be able to communicate via the contact form. Alternatively, you have the option of using the e-mail address in the Imprint section of the website to contact XEPTUM. For further information, see point 5 “Security”.
XEPTUM uses data for advertising purposes and has a legitimate interest pursuant to Art. 6 (1f) GDPR. The legal basis here is Sec. 7 (3) of the German Act Against Unfair Competition (UWG).
You have a right to object at any time and can submit your objection to the contact address provided in the Imprint section of this website, by post, or in a short e-mail.
4.5. Job Applications
Your application documents will be filed with XEPTUM only for the purpose of the anticipated conclusion of an employment contract (Sec. 26 BDSG (new), Art. 6 (1a) GDPR). This data is received by the Head of Sourcing and the management. Furthermore, the data may be forwarded and made available to the relevant head of department for the purposes of the selection procedure. XEPTUM has implemented technical and organizational measures to ensure that the data cannot be illegally passed on to or read by unauthorized persons or third parties and that the data is deleted within 6 months if an employment contract is not concluded. The only exception to this is a list containing “surname, first name, age, and reason for rejection”, which is required for identification purposes if the same person reapplies.
We use technical and organizational security measures to safeguard your data against manipulation (accidental or intentional), loss, destruction, and against access by unauthorized persons. Your personal data on the XEPTUM website is transmitted securely in encrypted form. We use the current hybrid encryption method TLS (Transport Layer Security).
XEPTUM points out that non-encrypted data transfer over the Internet (e.g. communication by e‑mail) can give rise to security vulnerabilities, and the data can be read in plain text. It is therefore not possible to protect the data completely against third-party access (for example, if the data is sent by normal e-mail).
6. Web Analysis with Google Analytics
7. Use of Social Media Buttons (Facebook, LinkedIn, YouTube & Instagram)
XEPTUM does not use “Like” functions of social media providers. Access to the XEPTUM website is therefore not registered by the linked social media providers. By clicking on from linked provider buttons, you merely leave XEPTUM’s website. When you use these services, the respective provider is responsible as defined by Art. 4 (7) (GDPR).
The privacy policies and settings of the respective providers can be found below:
If you subscribe to the XEPTUM newsletter, the data that you enter in the form will be transmitted to the controller. Newsletter registration requires a double opt-in, meaning that, after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent registrations with an unknown e-mail address. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. The purpose of this is to prevent misuse of the services or the e-mail address of the data subject. Your data will not be disclosed to third parties unless disclosure is required by law. The data will be used exclusively for sending the newsletter. The newsletter subscription may be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be withdrawn at any time. A link is included with each newsletter for this purpose. The legal basis for the processing of data following the user’s registration for the newsletter and provision of consent to data processing is Art. 6 (1a) GDPR. The legal basis for sending the newsletter in connection with the sale of services is Section 7 (3) of the German Act Against Unfair Competition (UWG).
9. Use of SAP Sales Cloud
Description and purpose: XEPTUM uses SAP Sales Cloud for the sending out of its newsletters. The provider is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany. SAP Sales Cloud is used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter is stored on the servers of SAP SE. If you do not want your data to be analyzed by SAP Sales Cloud, you must unsubscribe from the newsletter. An unsubscription link is provided with each newsletter e-mail. All e-mails sent using SAP Sales Cloud contain a tracking pixel for the purpose of analysis, which connects to the SAP Sales Cloud servers when the e-mail is opened. This is used to determine whether a newsletter e-mail has been opened. In addition, XEPTUM can use SAP Sales Cloud to determine whether any of the links in the newsletter e-mail are clicked on and, if so, which ones. All links in the e-mail are tracking links, which can be used to count your clicks. Depending on the font used in the newsletter, a connection will be made to external servers such as Google Fonts.
10. Right of Access, Erasure, and Rectification of your Data
There is a right to data access pursuant to Sec. 34 BDSG (new) and Art. 15 GDPR – right of access by the data subject at: Offizielles Kurzpapier der DSK (German only). In addition, under certain conditions, there is a right to rectify incorrect personal data (Art. 16 GDPR), to restrict its processing (Art. 18 GDPR), and to have it erased (Art. 17 GDPR), insofar as this does not conflict with statutory retention obligations.
Furthermore, we draw your attention to your right to object pursuant to Art. 21 (1-6) GDPR, your right to lodge a complaint (Art 77 GDPR) to the competent supervisory authority, and your right of appeal (German Injunctions Act: UKlaG) to a consumer association.
If you have any questions or wish to exercise any of your rights, please contact us: email@example.com.
Last updated: August 2023