PRIVACY POLICY

With this privacy policy, we would like to give the users of our website an overview of the processing of their personal data and their rights under data protection law. Which data is processed in detail and how it is used depends largely on the services used on this website in each case. Therefore, not all parts of this information will apply to the individual user. Furthermore, we only handle personal data to the extent that this is possible in accordance with data protection regulations. We also endeavour to take all necessary technical and organisational security measures to adequately protect personal data from unauthorised access and misuse at all times.

Responsible body

Xantaro Deutschland GmbH

An der Alster 3

20099 Hamburg

T: +49 (0)40 413 498-0

F: +49 (0)40 413 498-444

E-Mail: datenschutz@xantaro.net

As data protection officer, we have appointed:

Dr. Evelyne Sørensen

datenschutz@xantaro.net

Xantaro UK Ltd

20 St Dunstan’s Hill

London

EC3R 8HL

T: +44 (0)20 3795 2348

E-Mail: dataprotection@xantaro.net

As data protection officer,we have appointed:

Dr. Evelyne Sørensen

dataprotection@xantaro.net

Your rights as a data subject

As a data subject, you have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.

The right of access and the right to erasure restrictions apply according to:

  • Crime prevention and taxation purposes

DPA 2018 Schedule 2, Part 1, para 2(3)(c) and DPA 2018 Schedule 2, Part 2, para 6(c)

  • Effective immigration control

DPA 2018 Schedule 2, Part 1, para 4(2)(c)

  • Disclosures required by law or made in connection with legal proceedings. DPA 2018 Schedule 2, Part 1, para 5

If you have given us your consent, you can object at any time with effect for the future.

In addition, you can complain at any time to a supervisory authority.

 

Right of object

Information on your right of object under Article 21 of the General Data Protection Regulation (GDPR)

You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation.

If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of objection

You can object (form-free) with the subject “objection” stating your name, address and your company name to the below address:

Xantaro UK Ltd

20 St Dunstan’s Hill

London

EC3R 8HL

Or by email to: unsubscribe@xantaro.net

 

Deletion or Blocking of Data

We adhere to the principles of data avoidance and data economy. We therefore only store personal data for as long as it is necessary to achieve the purposes stated here or as provided for in the various storage periods provided for by law. After the respective purpose or expiry of these periods, the corresponding data will be blocked or deleted as a matter of routine and in accordance with statutory regulations.

Access Data / Server Log Files

Purpose, legal basis of data processing and legitimate interest

Our web space provider, Host Europe GmbH, collects data about every access to the website (so-called server log files). Server log files are general information, such as the type of web browser, the operating system used, the domain name of your internet service provider and so on. In addition, our web space provider uses an access log to access our website, which uses the IP address and an error log, which also uses the IP address and serves to report problems that occur on the website.

This information is technically necessary for the correct delivery of requested content from websites and is mandatory when using the internet. They are processed in particular for the following purposes:

– Ensuring a trouble-free connection of the website,

– Ensuring a smooth use of our website,

– Evaluation of system security and stability

– To defend us against and prosecute cyber-attacks, and

– For other administrative purposes.

The processing takes place in accordance with Art. 6 Para. 1 Lit f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website as well as security.

Recipient of the data

We and our web space provider Host Europe GmbH process the personal data as described above.


Contact Form

Purpose, legal basis of data processing and legitimate interest

By providing the contact form on our website, we want to make it easy for users to contact us. The entered data such as name, company and e-mail address are stored for the purpose of individual contact (for example by e-mail) as well as for possible follow-up questions. We will use the data only to respond to your inquiry and subsequently to support any business relationship that may have arisen or may potentially arise.

We process the data entered in the contact form on the basis of a legitimate interest (Art 6 Para. 1 Lit f GDPR).

Recipient of the data

We process the personal data internally.


Use of Cookies

“Cookies” are sometimes used on our website. This standard technology conceals small text files which are stored on the device used by the user and which, among other things, make it possible to make visiting a website more comfortable or safer. Cookies can also be used to better match the offer on a website to the interests of visitors or to improve it in general on the basis of statistical evaluations.

Each user can decide for themselves whether or not the browser they use allows cookies. However, it should be noted that the functionality of websites may be restricted or even disabled if cookies are not permitted.

If we are allowed to use cookies due to browser settings or consent, the following cookies may be used on our websites:

 

Name   Purpose   Expiration date
_icl_current_language

_icl_visitor_lang_js

This cookie contains information about the language version used. 24 hours
_ga This cookie used for Google Analytics is used to distinguish between users and sessions. 2 years
_gid This cookie used for Google Analytics is used to distinguish between users and sessions. 24 hours
_gat This cookie contains information to support Google Analytics and serves to reduce the frequency with which data on usage statistics is collected/ transmitted. 1 minute
wordpress_test_cookie This cookie is set when you navigate to the login page. The cookie is used to check whether the web browser accepts or rejects cookies. End of session
wpml_browser_redirect_test This cookie is set to see whether the web browser accepts or rejects cookies. End of session
cookieconsent_status

 

This cookie is the display of the cookie hint, it is stored whether the cookie banner was clicked on with “Understand”. 1 year

If the “do not track” option is activated in the user’s browser (also: private mode), this website will not deliver cookies from third party providers.

In addition to its own cookies, this website only uses cookies from Twitter. These cookies are only set if sub-pages are called upon which Twitter content is displayed (e.g. “Latest News”), the browser does not block the Twitter script and the browser is not in private mode (or the “do not track” option is activated).

Deletion of Cookies

The browser settings can be used to delete individual cookies or the entire cookie inventory. Depending on the browser provider, the necessary information can be found under the following links:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

Internet Explorer: https://support.microsoft.com/en-ie/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome: https://support.google.com/accounts/answer/61416?hl=en

Opera: https://www.opera.com/help

Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=en_US


Google Analytics

Purpose, legal basis of data processing and legitimate interest

This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses “cookies”, which are text files placed on the user’s computer, to help the website analyse, how users use the site. The information generated by the cookie about the use of this website is usually transferred to a Google server in the USA and stored there. However, since the “anonymizeIP” extension is implemented on this website, Google first reduces the IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases, will Google transmit the full IP address to a server in the USA and shortened it there. On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activities and to provide us with further services relating to website and Internet use. The IP address of the user transmitted by the browser within the framework of Google Analytics is not merged with other Google data.

The purposes of data processing are to evaluate the use of the website and to compile reports on activities on the website. Other related services will then be provided based on the use of the website and the Internet. The data is processed based on a legitimate interest (Art 6 Para 1 Lit f GDPR).

Opt-Out

The user may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if they do this, the user may not be able to use the full functionality of this website. The user can also prevent the collection by Google Analytics by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout. In addition or as an alternative to the browser add-on, the user can prevent tracking by Google Analytics on our pages by clickingon this link. An opt-out cookie is installed on the user’s device. This will prevent Google Analytics from collecting data for this website and for this browser in future as long as the cookie remains installed in the browser.

You can find further information on terms of use and data protection at https://www.google.com/analytics/terms/gb.htmland https://policies.google.com/?hl=en&gl=de.

Recipient of the data

Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, will process the personal data.


Use of social media plug-ins

This website uses plugins that allow users to communicate with social media platforms. To protect the privacy of the user, however, the Shariff plugin prevents the scripts of the social media platforms from being executed when the page is loaded, but only activates it when the user explicitly clicks on the corresponding button. This applies to all social media plugins with the exception of the direct integration of Twitter content on the “Latest News” page. Furthermore, this website only initiates data exchange between the user’s browser and social media platforms if the user initiates this data exchange themselves. The user can find information about the collection and use of the data in the social networks in the respective terms of use of the respective provider.

We have integrated the social media buttons of the following companies on our website:

Facebook Inc.(1601 S. California Ave – Palo Alto – CA 94304 – USA/ Ltd. 4 Grand Square, Grand Canal Harbour, Dublin 2, Irland)
Twitter Inc.(795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)
Google Plus/Google Inc.(1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA)
LinkedIn Corporation(2029 Stierlin Court – Mountain View – CA 94043 – USA/ Wilton Plaza, Wilton Place, Dublin 2, Ireland)


Facebook

Purpose, legal basis of data processing and legitimate interest

Facebook Button as a Social Plugin

This website uses social plugins (“plugins”) of the social network facebook.com, the plugins are recognisable by one of the Facebook logos (grey “f” on dark blue tile with the addition “share”).

Only when a user clicks on such a plugin, their browser establishes a direct connection to the Facebook servers. The provider has no influence on the amount of data Facebook collects with the help of this plugin and therefore informs users according to it´s level of knowledge:

By activating the plugin, Facebook receives information that a user has called up the corresponding page of the offer, the date of the visit and some information in connection with the browser used. If the user is logged into Facebook, Facebook can assign the visit to the users Facebook account. Every interaction with the plugin, for example the sharing of a post, causes the corresponding information from the user’s browser to be transmitted directly to Facebook and stored there. If the user is not a member of Facebook, it is still possible for Facebook to obtain and store the user’s IP address. According to Facebook, only an anonymised IP address is stored in Germany.

If a user is a Facebook member and does not want Facebook to use this offer to collect data about him or her and link it to his or her membership data stored on Facebook, he or she may not press the button of the social media plugin. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.

Facebook-Fanpage

Facebook uses the “Facebook Insight” function on the fan page we use. This function is an indispensable part of our user relationship. This allows Facebook to receive anonymised statistical data of users. The data is collected using cookies, each of which contains a unique user code that is active for two years. Facebook collects and processes the user code on the fan page.

The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

Recipient of the data

Facebook Ireland Ltd. 4 Grand Square, Grand Canal Harbour, Dublin 2, Ireland and Facebook .1601 S. California Ave – Palo Alto – CA 94304 – USA processes the personal data of the user.


Twitter

Purpose, legal basis of data processing and legitimate interest

This website uses web page elements (https://dev.twitter.com/web/overview), such as buttons or integrated content of the Twitter service. With the help of the website elements it is possible, for example, to share a contribution or page of this offer on Twitter or to follow the provider on Twitter. The Twitter plugin can be recognised by the grey Twitter logo on light blue tile with the addition “tweet”. As further contents individual tweets can be merged into the website.

When the user calls up a subpage on which Twitter content is integrated, the browser establishes a direct connection to the Twitter servers. On all other areas of the website, the plugin is not activated until the user clicks on it.

The provider has no influence on the amount of data Twitter collects with the help of the website elements and informs users according to their level of knowledge. After this, only the IP address of the user as well as the URL of the respective website is transmitted when using the button, but is not used for purposes other than the presentation of the website element.

Further information can be found in Twitter’s privacy policy at https://twitter.com/en/privacy.

 

Recipient of the data

Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA („Twitter“) processes the user’s personal information.


Google Plus / Google Inc.

Purpose, legal basis of data processing and legitimate interest

This website uses social plugins of the social network “Google Plus”. The plugins of Google Plus can be recognized by the grey “g+” on red tile and the addition “share”.

Only when a user clicks on such a plugin, the plugin establishes a connection between the user’s browser and the Google + server. The provider has no influence on the amount of data Google + collects with the help of this plugin and therefore informs the users according to it´s level of knowledge:

By activating the plugin, Google + receives the information that a user has called the corresponding page of the offer, from which page they come and to which page they change. In addition, further information (e.g. device identifier, operating system, web browser, installed add-ons, proxy server, ISP and if applicable, location data) is collected about the user’s terminal device. If the user is logged in to Google +, Google + can associate the visit with his Google + account. Every interaction with the plugins results in the corresponding information from the user’s browser being transmitted directly to Google + and stored there. Even if the user is not a member of Google +, this user data is collected and stored by Google +.

Recipient of the data

Google +, 1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA processes the personal data of the user.


LinkedIn

Purpose, legal basis of data processing and legitimate interest

This website uses social plugins of the social network “LinkedIn”. The plugins of LinkedIn can be recognised by the grey “in” on blue tile and the addition “communicate”.

Only when a user clicks on such a plugin, the plugin establishes a connection between the user’s browser and the LinkedIn server. The provider has no influence on the amount of data, LinkedIn collects with the help of this plugin and therefore informs the user according to their level of knowledge

By activating the plugin, LinkedIn receives the information that a user has called the corresponding page of the offer, from which page they come and to which page they change. In addition, further information (e.g. device identifier, operating system, web browser, installed add-ons, proxy server, ISP and, if applicable, location data) is collected about the user’s terminal device. If the user is logged into LinkedIn, LinkedIn can assign the visit to the users LinkedIn account. Every interaction with the plugins, for example by pressing the “Share” button, results in the corresponding information from the user’s browser being transmitted directly to LinkedIn and stored there. Even if the user is not a member of LinkedIn, this user data is collected and stored by LinkedIn.

Recipient of the data

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA processes the user´s personal data. Privacy matters outside the USA are the responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.


Newsletter

Purpose, legal basis of data processing and legitimate interest

The newsletter is compiled by paper.li, a platform that collects news from various other platforms. Paper.li uses web page elements, such as buttons or integrated content of multiple publishers. With the help of the website elements, it is possible, for example, to share a contribution or page of this offer on the publisher or to follow the provider of the published materials. When the recipient of the newsletter calls up a subpageon content that is integrated within the newsletter, the browser establishes a direct connection to the publisher’s servers. On all other areas of the website, the plugin is not activated until the user clicks on it.

Xantaro UK Ltd. has no influence on the amount of data the publisher of the content collects, with the help of the website elements, and informs the recipients of the newsletter according to it’s level of knowledge. After this, the IP address of the user as well as the URL of the respective website is transmitted when using the button, but is not used for purposes other than the presentation of the website element.

Further information can be found in Paper.li’s privacy policy at https://paper.li/privacy.html#collecting.

The data is processed based on the given consent of the data subject (Art 6 Para 1 Lit a GDPR).

Recipient of the data

Recipient of the data are Paper.li, a service operated by Finity SA (“Finity”), incorporated in Switzerland at Innovation Park EPFL, 1015 Lausanneand Xantaro UK Ltd. 20 St Dunstan´s, London EC3R 8HL.


 

Changes to our privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply for your next visit.