Legal
Privacy
In the following, we would like to explain for you which data we collect about your person and what we do with this data. We also inform you about your data protection rights and explain who you can contact with questions about the protection of your data.
About us
Entity responsible for the processing of your data:
XAMIT Bewertungsgesellschaft mbH
Data Protection Officer
Monschauer Str. 12
40549 Düsseldorf
info@xamit.de
Scope
This privacy policy applies to the website nawida.de, app.praidict.de, praidict.de and contentscoring.de. It is addressed to the visitors of our website.
On our pages, further links are offered that lead to the websites of other operators to which this data protection declaration does not apply.
The responsibility of inserting advertising banners, text advertising or advertising films before or during embedded videos lies with the respective operator.
Do I have to provide my data?
When you visit our website, user data is automatically stored. Part of the collected data is necessary for the use of a website. In addition, we also process your data to protect our legitimate interests after a balancing of interests. This enables us to continuously improve the services we offer you. On the following pages you will learn the background of our interests and whether or how you can object to the use of your data or deactivate the use yourself.
In order to use one of our offers or to send a request, you will be asked to provide your personal data. You can decide for yourself whether to take advantage of these offers and provide your data for them. We also offer services for which we process your data only if you have given us your consent to do so. The granting of consent is always voluntary. Once given, consent can be revoked at any time.
Please note that if you provide information about other individuals, you must have obtained their consent before doing so and informed them of the purposes of the disclosure as set forth in this Privacy Policy.
We also ask that you share this information with those you involve in using our services, such as family members or authorized representatives.
Data processing on the website and in our app
We distinguish between different types of processing, which we describe below together with the legal basis for the processing. In tables we describe the data processed for this purpose.
Service provision
In order to visit and use our website, your data must be collected. We process this data to protect our legitimate interest in providing a functioning website (Art. 6 para. 1 lit. f) DS-GVO).
Data security
Every access to our Internet offer is stored and evaluated in a log file. We process this data for data security purposes. The processing is carried out to protect our legitimate interest in being able to guarantee data security (Art. 6 (1) f) DS-GVO).
Inquiry processing
We process the data you give us when you have a question or concern. This also includes, for example, the data that you send us by e-mail. The processing of your data is necessary so that we can handle your request. It is done to protect our legitimate interest in answering your questions and concerns (Art. 6 para. 1 lit. f) DS-GVO).
Optimization of the Internet offer incl. Profiling
We are constantly improving our website to provide you with the best user experience. We use your data to evaluate the usability, functionality and attractiveness of our website as well as user behavior. For this purpose, your data is aggregated into statistics without personal reference. By doing so, you enable us to troubleshoot, optimize the user experience, and further develop our website and marketing activities. A linkage of your visit data with your name or other personal data (if you give us these) does not take place.
The processing is based on the protection of our legitimate interests in optimizing and improving our Internet offer (Art. 6 para. 1 lit. f) DS-GVO).
Information about cookies
If we use cookies required for the operation of the website, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f) DS-GVO) in a functioning provision of the website. Otherwise, cookies are only set if you have given us your consent (Art. 6 para. 1 lit. a) DS-GVO).
Processed data
Data | Service provision | Data security | Inquiry processing | Optimization of the Internet offer incl. Profiling |
IP number | X | X | ||
Name of the retrieved file | X | |||
Amount of data transferred | X | |||
Web page called | X | X | ||
Referrer URL (the previously visited website) | X | X | ||
Terminal | X | |||
User agent sent by your browser | X | X | X | |
Cookies (see information about cookies) | X | |||
Date and time of retrieval | X | X | X | X |
Date and time of last user activity (for session timeout). | X | |||
Click ID | X | |||
Operating system | X | |||
Session duration | X | |||
Information about the browser used (type, version, resolution (inner window size), language). | X | X | ||
Screen format, screen resolution incl. Color depth | X | |||
Status code | X | X | X | |
Page path | X | X | X | |
Java script on/off | X | |||
Salutation, name | X | |||
Contact information (e-mail address, address, phone, fax) | X | |||
Subject, topic, concern | X | |||
Message content | X | |||
Time of receipt of the message/application | X |
Customer data processing
This section explains which data we process for which purposes and on which legal basis the processing is based in the context of the customer relationship. tables, we describe the data processed for this purpose.
Contact person of business customers
If a contract is not concluded with you personally, but you serve as a contact person for a business customer, we process your data for communication and for the fulfillment of the processing purposes stated in the further course of this data protection information. This is done to protect our legitimate interest in fulfilling these purposes (Art. 6 para. 1 lit. f) DS-GVO). Unless you have given us your data yourself as part of the business relationship with your employer, we have received it from them.
Processing of inquiries, orders and creation of the customer account
We process your data within the framework of the business relationship for the following purposes: to create your customer data in our customer base, to process inquiries and orders, to arrange individual appointments, cancellations, returns or complaints and for complaint management . The legal basis for processing your data for these purposes is the initiation or fulfillment of a contract (Art. 6 para. 1 lit. b) DS-GVO).
Payment processing
We process your payment information for the purpose of payment processing. For this purpose, your data will be forwarded to our payment service provider Stripe (Stripe Payments Europe Limited). The legal basis for the processing of your data for these purposes is the fulfillment of the contract (Art. 6 para. 1 lit. b) DS-GVO).
Information and advertising purposes
We process your personal data for the purpose of advertising our own products and services. In order to be able to inform you about the contents which also correspond to your interests, we create a customer profile about you. The advertising approach is carried out by e-mail or telephone.
The processing of your data for profiling purposes is carried out to protect our legitimate interests in the targeted advertising of our products and services (Art. 6 para. 1 lit. f) DS-GVO). The promotional approach about our products and services by telephone and e-mail is based on your consent (Art. 6 para. 1 lit. a) DS-GVO). If there is no consent, we base the advertising approach by e-mail on a legal permission (Art. 6 para. 1 lit. c) DS-GVO in conjunction with. § 7 para. 3 UWG (Unfair Competition Act)); however, the telephone address is based on Art. 6 para. 1 lit. c) DS-GVO in conjunction with. § 7 para. 2 No. 2 UWG.
Processed data
Data | Contact person of business customers | Processing of inquiries, orders and creation of the customer account | Payment processing | Information and advertising purposes |
Salutation, name, username | X | X | X | X |
Contact information (e-mail address, address, phone, fax) | X | X | X | X |
Subject, topic, concern | X | X | ||
Contents of the message or from our online contact sections | X | X | ||
Time of receipt of the message/application | X | X | ||
Order details, order date and number | X | X | ||
Receivables and incoming payments | X | |||
Conditions | X | X | ||
Date and time of the message | X | |||
Contract period | X | |||
Dates | X | |||
Status | X | X | X | |
Planned activities | X | |||
Granted advertising consent | X | |||
Name and contact details of authorizing officers | X | X | ||
Contact details of the data protection contact | X | X | ||
Reporting address for security incidents | X | X |
Other processing purposes
In addition, the above-mentioned data will be used for the following purposes in the context of balancing interests (Art. 6 para. 1 lit. f) DS-GVO). The interests are named below:
- As it is in our interest to ensure the security of our systems, we regularly conduct security and effectiveness tests, during which your data mentioned above may be processed.
- If a security incident occurs in our company in which your data is affected, we are obliged to report the case to the data protection supervisory authority responsible for us (Art. 33 DS-GVO). As it is our legitimate interest to comply with this legal reporting obligation as quickly as possible, it may happen that data relating to you is processed as part of the clarification of the corresponding security incident. The notifications of these security incidents to data protection supervisory authorities do not include any of your personal data.
- We conduct audits, internal reviews and other control measures (e.g., monitoring by the data protection officer) because it is our legitimate interest to comply with legal requirements, to create transparency about our business processes, to constantly optimize these processes and to prevent and detect actions that are harmful to our business. In the process, documents or files containing your personal data may be processed.
- We conduct internal and external audits to acquire and maintain certifications and to meet customer requirements and quality standards. Furthermore, our customers or funders conduct their own audits. Documents and files containing personal data can also be processed in this process.
- We process your data for the purposes of managing our business, identifying and tracking financial risks, bundling sales activities and fulfilling (contractual) obligations to our customers. For this purpose, the processed data is evaluated into reports. The processing is carried out to safeguard our legitimate interests in corporate and sales management as well as the fulfillment of our obligations to our customers.
- In order to comply with our tax obligations, we use tax consultants. We also use auditors to fulfill our duty under commercial law to audit the annual financial statements in accordance with Section 316 (1) of the German Commercial Code (HGB). 1 of the German Commercial Code (HGB). Furthermore, it is in our interest to cooperate with auditors of the tax authorities and to provide evidence of proper invoicing and annual financial statements. Documents viewed in the process, such as receipts and invoices, may contain your personal data.
- Since it is in our interest to resolve legal disputes, we process your data for a specific purpose in such a case. It is also in our interest, in the event of legal disputes, to retain evidence until all relevant statutory periods of limitation pursuant to §§ 195 et seq. BGB have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The deletion periods cannot be predicted as a general rule, as they result from the respective subject matter of the dispute and the corresponding statutory limitation period, which can be up to 30 years. The regular limitation period is 3 years.
- Furthermore, it is in our interest to follow up on suspicious cases and to pass on relevant information to law enforcement authorities in the event of a concrete criminal suspicion.
- We process your data to test IT systems and software products and to perform migrations. The processing is carried out to fulfill our legitimate interest in verifying the correctness of new products or the correctness and completeness of migrations.
- Errors can happen to anyone and occur in any operational process. To help us optimize these processes and reduce our error rate, we process the data available in our company to identify sources of error. This processing is done to protect our legitimate interest in improving our processes.
Deletion periods (or storage period)
The data processed for the purpose of data security are deleted after 7 days.
Data processed in response to requests will be deleted as soon as the request has been finally processed.
Origin of the data
No data is collected from third parties.
Information about automated individual decisions
No automated individual decisions are made.
Which entities receive your data?
The following list represents which entities receive your data (“Data Recipients”). You can read about the specific data involved in the corresponding chapters of this declaration. A transfer of your data occurs partly due to legal or contractual obligations. In other cases, we use selected vicarious agents and service providers who act for us as processors (pursuant to Art. 28 DS-GVO) and may have access to your data to the extent necessary in each case. Processors are subject to numerous contractual obligations and may, in particular, only process your personal data on our instructions and exclusively for the fulfillment of orders received from us.
- Auditors
- Call Center
- Data Protection Officer
- Service provider for the destruction of data media
- Service provider for individual appointments
- Service provider for mail dispatch
- Service provider for optimization of our Internet presence
- E-mail provider of the recipient (for communication by e-mail)
- Financial authorities
- IT service provider
- Attorneys, law enforcement agencies, prosecutors, courts, opposing counsel, state or federal criminal investigation agency (in cases of litigation and specific criminal suspicion)
- Tax consultant
- Telecommunications service provider (if we communicate by telephone)
- Shipping service provider (for written communication)
- Certified Public Accountant
- Payment service providers and banks
Data recipients in non-EU countries
Our IT service providers in the EU have affiliates or subcontractors outside the EU that may access your data. The EU Commission determines which non-EU/EEA countries (third countries) have an adequate level of data protection. Our service provider is responsible for the use of EU standard contractual clauses in accordance with Commission Decision No. (EU) 2021/914. A sample of these EU standard contractual clauses can be found on the websites of the EU Commissioner for Justice and in the Official Journal of the EU.
Your rights
You have the legal right to:
- Information about the personal data stored about you (Art. 15 DS-GVO)
- Correction and completion of your data available to us (Art. 16 DS-GVO)
- Deletion (Art. 17 DS-GVO)
- Restriction of processing (Art. 18 DS-GVO)
- Data portability (Art. 20 DS-GVO)
- Revocation of consent given (Art. 7 DS-GVO) with effect for the future. The lawfulness of the processing of the data carried out up to the time of the revocation remains unaffected.
- You also have the right to express your point of view and to challenge a decision based on automated processing (Article 22 GDPR).
______________________________________________________________
You have the right to object against the processing of your data for the protection of our legitimate interests or the legitimate interests of third parties (Art. 21 DS-GVO) – you have the right to object to such processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions within the meaning of Art. 4 para. 4 GDPR.
Objection to direct marketing – You have the right to object at any time and without giving reasons to the processing of your data for the purpose of direct marketing.
______________________________________________________________
To exercise these rights, you can contact us in particular via the above contact details.
You also have the statutory right to lodge a complaint with a data protection supervisory authority (Art. 77 DS-GVO).