Privacy Policy


your Personal Data

is Extremely Important to Us!

Privacy Policy

1.    General Information

Protecting your personal data pursuant to Art. 4 (1) (GDPR) is extremely important to XEPTUM Consulting AG and its subsidiaries (hereafter: XEPTUM). The confidential treatment of your data by XEPTUM is a top priority and complies with the provisions of data protection law. Your data will not be disclosed to third parties. Your personal data is stored on servers of the company commissioned for this purpose (data processing) by XEPTUM. This company is also obliged to comply with the aforementioned provisions.

2.    Controller

XEPTUM is responsible for processing, collection, and use of your personal data. The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR), and the German Telemedia Act (TMG).

3.    Data Protection Officer

If you have any questions regarding data protection, please do not hesitate to send them to the following e-mail address:

4.    Collection, Processing, and use of Personal Data

Personal data will be processed, collected and used only for the following purposes:

Technical functionality for accessing and optimizing the website; answering your questions via the contact form; job applications; statistical evaluations; and for the use of newsletters.

     4.1. Calling Up the Website

For technical reasons, when you visit the XEPTUM website, you transmit data to the XEPTUM website web server via your Internet browser. During an active connection, the following data is recorded for communication between your Internet browser and XEPTUM’s web server:

  • Date and time of the request
  • Name of the file requested
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser used
  • Volume of data transferred

This use does not allow any conclusions to be drawn regarding your identity. This information is required only to maintain the connection and to process your navigation requests.

     4.2. Use of Cookies

Where necessary and subject to consent, XEPTUM uses cookies that are stored locally in the visitor’s browser when a website is called up. In addition to strictly necessary cookies that are used to display the XEPTUM website and security-related functions to protect your privacy, other optionalcookies may be used in order to customize the site to your individual interests. The sole purpose is to tailor the offer on the XEPTUM website as closely as possible to your preferences and to make using the site as easy as possible. The legality of the processing is based on Art. 6 (1b) of the GDPR. Session cookies are deleted after you close your browser.


     4.3. Contact Form

The following personal data is requested via the contact form:


  • Title
  • First name
  • Last name
  • E-mail address


  •  All further information in the free text field

This data is collected for communication purposes pursuant to Art. 6 (1b) (GDPR). This data is received by the assistants to the management. If you do not provide this required information, you will not be able to communicate via the contact form. Alternatively, you have the option of using the e-mail address in the Imprint section of the website to contact XEPTUM. For further information, see point 5 “Security”.

     4.4. Advertising

XEPTUM uses data for advertising purposes and has a legitimate interest pursuant to Art. 6 (1f) GDPR. The legal basis here is Sec. 7 (3) of the German Act Against Unfair Competition (UWG).

You have a right to object at any time and can submit your objection to the contact address provided in the Imprint section of this website, by post, or in a short e-mail.

     4.5. Job Applications

Your application documents will be filed with XEPTUM only for the purpose of the anticipated conclusion of an employment contract (Sec. 26 BDSG (new), Art. 6 (1a) GDPR). This data is received by the Head of Sourcing and the management. Furthermore, the data may be forwarded and made available to the relevant head of department for the purposes of the selection procedure. XEPTUM has implemented technical and organizational measures to ensure that the data cannot be illegally passed on to or read by unauthorized persons or third parties and that the data is deleted within 6 months if an employment contract is not concluded. The only exception to this is a list containing “surname, first name, age, and reason for rejection”, which is required for identification purposes if the same person reapplies.

 5.    Security

We use technical and organizational security measures to safeguard your data against manipulation (accidental or intentional), loss, destruction, and against access by unauthorized persons. Your personal data on the XEPTUM website is transmitted securely in encrypted form. We use the current hybrid encryption method TLS (Transport Layer Security).

XEPTUM points out that non-encrypted data transfer over the Internet (e.g. communication by e‑mail) can give rise to security vulnerabilities, and the data can be read in plain text. It is therefore not possible to protect the data completely against third-party access (for example, if the data is sent by normal e-mail).

 6.    Web Analysis with Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses text files saved on your computer (cookies) to analyze your use of the website, provided that you have given your consent to this. The information created by the cookie concerning your use of this website is generally transmitted to a Google server in the United States and stored there. We would like to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on our website to ensure anonymous collection of IP addresses (“IP masking”). That means that, at our request, your IP address is recorded by Google only in a shortened form, which ensures anonymization and does not allow any conclusions to be drawn about your identity. If IP anonymization is activated on the XEPTUM web pages, your IP address will first be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to analyze your use of the website, to create website activity reports for the website operators, and to provide additional services in connection with the use of the website and the internet. The IP address transmitted by your browser in connection with Google Analytics is not merged with other Google data. Google transfers this data to third parties only if this is required by law or within the scope of order data processing. Under no circumstances will Google bring your data together with other data collected by Google. You can prevent cookies from being stored by adjusting the cookie settings or settings in your browser software. However, we would like to point out that you might then be unable to make full use of all the features on this website. You also have the option of preventing data (including your IP address) that is created by the cookie and relates to your use of the website from being registered and processed by Google by downloading and installing the browser plug-in available via the following link: Google Analytics Opt-out Browser. An opt-out cookie is set to prevent future collection of your data when you visit this website. More information on the Terms of Service and Privacy Policy can be found at the following link: Terms of Service | Google Analytics or at Privacy & Terms – Google.

 7.    Use of Social Media Buttons (Facebook, LinkedIn, YouTube & Instagram)

XEPTUM does not use “Like” functions of social media providers. Access to the XEPTUM website is therefore not registered by the linked social media providers. By clicking on from linked provider buttons, you merely leave XEPTUM’s website. When you use these services, the respective provider is responsible as defined by Art. 4 (7) (GDPR).
The privacy policies and settings of the respective providers can be found below:


Data Policy (


Privacy Policy | LinkedIn


Privacy Policy – YouTube


Privacy Policy – Instagram

8.    Newsletter

If you subscribe to the XEPTUM newsletter, the data that you enter in the form will be transmitted to the controller. Newsletter registration requires a double opt-in, meaning that, after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent registrations with an unknown e-mail address. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. The purpose of this is to prevent misuse of the services or the e-mail address of the data subject. Your data will not be disclosed to third parties unless disclosure is required by law. The data will be used exclusively for sending the newsletter. The newsletter subscription may be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be withdrawn at any time. A link is included with each newsletter for this purpose. The legal basis for the processing of data following the user’s registration for the newsletter and provision of consent to data processing is Art. 6 (1a) GDPR. The legal basis for sending the newsletter in connection with the sale of services is Section 7 (3) of the German Act Against Unfair Competition (UWG).

9.    Use of SAP Sales Cloud

Description and purpose: XEPTUM uses SAP Sales Cloud for the sending out of its newsletters. The provider is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany. SAP Sales Cloud is used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter is stored on the servers of SAP SE. If you do not want your data to be analyzed by SAP Sales Cloud, you must unsubscribe from the newsletter. An unsubscription link is provided with each newsletter e-mail. All e-mails sent using SAP Sales Cloud contain a tracking pixel for the purpose of analysis, which connects to the SAP Sales Cloud servers when the e-mail is opened. This is used to determine whether a newsletter e-mail has been opened. In addition, XEPTUM can use SAP Sales Cloud to determine whether any of the links in the newsletter e-mail are clicked on and, if so, which ones. All links in the e-mail are tracking links, which can be used to count your clicks. Depending on the font used in the newsletter, a connection will be made to external servers such as Google Fonts.

10.    Right of Access, Erasure, and Rectification of your Data

There is a right to data access pursuant to Sec. 34 BDSG (new) and Art. 15 GDPR – right of access by the data subject at: Offizielles Kurzpapier der DSK (German only). In addition, under certain conditions, there is a right to rectify incorrect personal data (Art. 16 GDPR), to restrict its processing (Art. 18 GDPR), and to have it erased (Art. 17 GDPR), insofar as this does not conflict with statutory retention obligations.
Furthermore, we draw your attention to your right to object pursuant to Art. 21 (1-6) GDPR, your right to lodge a complaint (Art 77 GDPR) to the competent supervisory authority, and your right of appeal (German Injunctions Act: UKlaG) to a consumer association.

If you have any questions or wish to exercise any of your rights, please contact us:

Last updated: March 2024