XTH | SENSE - Privacy Policy

Last Update: 2023-11-05

PRIVACY | POLICY

1. DEFINITIONS

“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

”GDPR“ is the General Data Protection Regulation, which regulates the treatment of Personal Data within the European Union.

“Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

”Controller“ (in the following also referred to as „we“, „us“, or „ours“) is the company XTHSENSE, Owner: Ramón Szellatis, Friedhofstraße 5, 46045 Oberhausen, Germany.

”Data Subject“ (in the following also referred to as „you“, „your“, or „yours“) is the natural person which is addressed by the underlying Privacy Policy and of which we may process Personal Data.

”Processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the us.

”Platform“ is a generic term which refers to any web software of third parties on which users can create a user profile and possibly interact with other users, such as social media networks, messenger apps, apps for video conferences, online business directories, etc.

2. WEBSITE

With the exception of data that you provide to us via the contact form, any personal data relating to your visit and use of our website will not be processed on our own devices or through our own systems. Any personal data relating to your visit and use of our website will be processed by a Processor whose systems we used to create and provide our website, and, if possibly, by vicarious agents of this processor. This Processor is:

Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (in the following referred to as “Wix”)

2.1. Cookies

a) Cookies are stored on the device from which you access our website and transmitted to Wix from this device. Therefore, you also have control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies. You can at any time delete cookies that have already been saved.

b) Permanent cookies and session cookies can be used. Session cookies are deleted when you close your web browser. Permanent cookies remain on your device until they are no longer necessary to achieve their purpose and are deleted. First party cookies are used, for example, to obtain information about your usage behavior. Third party cookies do not come from Wix, but from third parties. These cookies may be used for marketing activities, e.g. for personalized advertising on other websites.

c) When you visit our website, your personal data will be processed at least as part of the cookies that are necessary for your use of our website. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website. When using necessary cookies, we rely on Article 6 Paragraph 1 Letter b GDPR if the cookie providers are located in the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter b GDPR.

d) At the beginning of your visit to our website, you have the possibility to set whether you agree that your data will also being processed with extended cookies. These are usually used for advertising purposes. This processing is based on Article 6 Paragraph 1 Letter a GDPR if the cookie providers are located in the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter a.

e) You can find out which cookies process data in third countries outside the European Union under the respective cookie category in the Wix “Cookie Policy”. When processing your data based on these cookies, it is possible that the European level of data protection cannot be guaranteed. If you agree to the processing through these cookies, you also agree to the transfer and processing of your data in these third countries.

f) For more information on how and where your data is processed in connection with your visit to our website, please see Wix's “Privacy Policy”. You can also opt-out of Wix marketing cookies via the Cookie Policy.

You can find Wix's “Privacy Policy” at the following link:

https://www.wix.com/about/privacy

The Wix “Cookie Policy” is linked in the Wix “Privacy Policy”, but you can find the Wix “Cookie Policy” also at the following direct link:

https://www.wix.com/about/cookie-policy

Wix's "Cookie Table" is linked in the Wix "Cookie Policy", but you can also find the " Cookie Table " from Wix at the following direct link:

https://www.wix.com/about/cookie-table

g) If for any reason, one or more of the links listed in Letter f of this section, should be unavailable at a given time, please visit the Wix home page of Wix’s website. At the bottom of the homepage, you will find the label “Privacy Policy” or similar, and clicking on it will take you to the relevant section. The home page of Wix’s website is:

https://www.wix.com/

h) Additional information about data security at Wix can be found at the following link:
https://support.wix.com/en/article/wix-security-measures-overview

i) You can configure your cookie settings for your respective web browser or operating system using the following links:

Firefox:
http://support.mozilla.com/en-US/kb/Enabling%20and%20disabling%20cookies

Internet Explorer (Edge):
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=en&sjid=3783258408301464235-EU

Safari (OS X):
http://support.apple.com/kb/PH17191?viewlocale=en_US&locale=en_US

Safari (iOS):
https://support.apple.com/en-us/HT201265

Android:
https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DAndroid&hl=en

2.2. Contact Form

a) If you enter personal data into the contact form on our website and successfully submit the data, this data will first be temporarily stored on Wix's servers before being forwarded from there to our email address and then processed in accordance with Section 3 "Emails". You can also find out how long your data will be stored on Wix servers in the Wix privacy policy.

b) Wix's server structure is located worldwide and therefore your data may also be stored on servers in third countries (possibly also outside the European Union). In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of June 4, 2021, Wix has concluded corresponding standard contracts. The extent to which these standard contracts apply to the processing of your data and which other legal standards apply to the processing of your data, depends on your IP address and if applicable, also other factors that enable Wix to make the processing dependent on your location.

c) In particular, if you visit or use our website with an IP address other than your own (e.g. Virtual Private Network) and this IP address does not belong to your actual location, your data might not be processed in accordance with the data protection standards which apply for your actual location.

d) The processing of data that you submit via the contact form is based on Article 6 Paragraph 1 Letter b GDPR, insofar as the processing takes place in the European Union, and otherwise on Article 49 Paragraph 1 Letter b GDPR.

2.3. Google Maps

a) We use a Google Maps widget on our website. This serves the purpose of informing you at which locations we can provide certain services, such as assembly services. We rely on Article 6 Paragraph 1 Letter f GDPR if the processing takes place within the European Union and otherwise on Article 49 Paragraph 1 Letter c GDPR. Google has its headquarters at the following address:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

b) You can control yourself the extent to which Google Maps collects and processes personal data in connection with your visit to our website. If you are logged in with your Google account when you visit our website or if you have allowed Google cookies in your web browser, Google may collect and process personal data in connection with your visit to our website. If you have activated GPS in your operating system in relation with Google or in your Google settings, then Google may also collect and process your location data.

c) In addition, other third parties for whom you have permitted cookies in connection with Google Maps may collect and process personal data in connection with your visit to our website.

d) You can find more information about when, how and under what conditions Google (or third parties) collects and processes which personal data (or location data) and how you can make settings via the following links:

Privacy:
https://policies.google.com/privacy?hl=en

Location Data:
https://policies.google.com/technologies/location-data?hl=en

Location History and Personalized Advertising:
https://support.google.com/My-Ad-Center-Help/answer/12155964?hl=en&sjid=2703428967592892005-EU#how-does-google-use-info-about-where-ive-been-to-personalize-ads

Conditions under which Google collects and uses data:
https://policies.google.com/terms?hl=en

Conditions under which third parties may collect and use location data:
https://cloud.google.com/maps-platform/terms/?hl=en

How Google uses Cookies:
https://policies.google.com/technologies/cookies?hl=en

How Google may use data relating to your visit to our website:
https://policies.google.com/technologies/partner-sites?hl=en

Cookies that Google uses for advertising:
https://business.safety.google/adscookies/?hl=en

e) If for any reason, one or more of the links listed in Letter d of this section should be unavailable at a given time, then please visit the home page of the Google website. At the bottom of the Google homepage, you will find the label “Data Protection”, “Privacy”, or similar or “Terms of Use”, “Terms” or similar, and if you click on it, you can navigate to the corresponding topics and from there to the respective subcategories. You can also access other aspects related to Google Maps via the Google website. The home page of the Google website is:

https://www.google.com/

3. EMAILS

3.1. Basic E-Mail-Processing

The basic processing of email data is necessary to technically enable the receipt of emails at server and domain level. For the basic processing of data that you send by email as described in this section, we rely on Article 6 Paragraph 1 Letter b GDPR. The basic processing of email data takes place in the following ways:

a) If you send us an email to an email address with the domain “xthsens.com” (e.g. info@xthsens.com or other email addresses with this domain), the personal data that you transmitted with this email will be processed.

b) Any emails (including any personal data contained therein) that you send to us will first be processed by a Processor (and possibly by their vicarious agents) that we commission with providing for us the servers and systems for receiving emails, hosting emails and for our retrieval of emails. Emails that, as well as, if applicable, vicarious agents of this processor. This Processor is:

STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany

c) You can find out under which conditions we have commissioned STRATO AG to process emails and how STRATO AG processes email data under the following links:

Terms and Conditions of STRATO AG:
https://www.strato-hosting.co.uk/terms-and-conditions/

Data Processing Agreement of STRATO AG *:

https://www.strato.de/agb/avv/

Technical and Organisational Security Measures of STRATO AG *:

https://www.strato.de/agb/tom/

* if English is not shown there, you can switch to English by clicking "EN" right under the main menu

d) If for any reason, one or more of the links listed in Letter c of this section should be unavailable at a given time, then please visit the home page of the STRATO AG website. At the bottom of the homepage of the STRATO AG, you will find the label “Privacy Policy”, “Privacy”, or similar or “Terms of Use”, “Terms” or similar, and if you click on it, you can navigate to the corresponding topics and from there to the respective subcategories. The home page of the STRATO AG website is: https://www.strato-hosting.co.uk/

e) STRATO AG sends and receives email data using current transport encryption. STRATO AG's data centers are located in the Federal Republic of Germany and are subject to the GDPR. Further information about STRATO AG’s data centers and data processing can be found at:

https://www.strato-hosting.co.uk/faq/product/questions-about-contract-data-processing-cdp-and-the-new-eu-general-data-protection-regulation-gdpr/

f) For maintenance and support of the STRATO AG servers, the company Hewlett-Packard-Enterprise may conduct remote access in the event of malfunction. This takes place on a case-by-case basis and is closed again after the end of the operation. For this purpose, STRATO AG has concluded the EU standard data protection clauses with Hewlett-Packard Enterprise in accordance with Article 46 Paragraph 2 Letter c GDPR.

g) Wenn Sie uns eine E-Mail senden, werden grundsätzlich alle in dieser E-Mail übermittelten Daten verarbeitet, d.h. auch persönliche Daten, soweit diese darin enthalten sind. Unter anderem können folgende Daten aus E-Mails verarbeitet werden:

Email address of the sender, the recipient and, if applicable, of other recipients (e.g. CC and BCC);

Subject line, as well as the plain text of emails and, if applicable, any links (i.e. URLs) in emails;

Any elements of technical languages used in the email, such as markup languages (such as HTML), vector markup languages (such as MSO), stylesheet languages (such as CSS), and, if applicable, programming languages (such as JavaScript or others);

Any media or files (e.g. documents, images, videos, audio files or other files, in the respective file formats), if necessary as external media (e.g. linked via URL or embedded via code), or as attached media (eventually embedded via content ID), or as encoded media (e.g. via MIME type as a base64 string);

Any metadata of transmitted media or files, i.e. extended information about the media or files, such as creation date, change dates, device name of the creator, file size, read or write permissions, information on licenses and authors or copyrights, and if necessary others metadata;

Date, time and time zone of sending and receiving, or of the sender and recipient of emails;

Host name, domain, IP address and port of the sender or sender server, from which location data may also be derived;

Information about the success of sending or receiving emails (e.g. mail delivery failures), and possibly automatic replies;

Information on the amounts of data transmitted or received;

Possibly, message ID, MIME version, content type, content disposition, X-Mailer, message priority, SPF records, return path, -ID of the sender server, and possibly other data or header data.

3.2. E-Mail-Archiving

a) If you send us an email, this email (including any personal data transmitted therein) may be automatically archived. Archiving takes place at least for the statutory retention periods to which we are subject as a company based in Germany. Since we are legally obliged to store business correspondence emails, email archiving (unless otherwise described) takes place on the basis of Article 6 Paragraph 1 Letter c GDPR.

b) Archiving may involve that emails are stored on servers other than STRATO AG's mail servers and processed by other systems, e.g. also by STRATO AG's vicarious agents. These vicarious agents are, for example:

Dropsuite Ltd., PTE, Ltd. 01-12 Block 71 , Ayer Rajah Crescent, Singapore 139951

Software to archive email data is developed and operated by Dropsuite In support cases there is the option of remote access from Singapore. Processing is based on the EU standard data protection clauses between STRATO AG and Dropsuite in accordance with Article 46 Paragraph 2 Letter c GDPR. Email archiving is encrypted in accordance with the IDW PS 880 standard. More information about how Dropsuite is involved in email archiving can be found on the Dropsuite website:
https://dropsuite.com/
https://dropsuite.com/products/email-archiving/

Ionos SE, Elgendorfer Straße 7, 56410 Montabaur, Germany
STRATO AG commissions the company IONOS SE to provide the operating environment for email archiving. For more information about how Ionos SE is involved in email archiving, please visit the Ionos SE website:
https://www.ionos.de/
https://www.ionos.de/office-loesungen/email-archivierung
https://www.ionos.de/hilfe/e-mail/e-mail-archivierung/e-mail-archivierung-im-ueberblick/

3.3. Spam-Filter und Malware

a) If you send us an email, STRATO AG or our respective email client will check if it is spam and whether it contains harmful data (e.g. malware). If your email is classified as spam or malicious, it will either be moved to another folder on the mail server or possibly deleted. Unless otherwise described, we rely on Article 6 Paragraph 1 Letter f GDPR if the processing takes place within the European Union and otherwise on Article 49 Paragraph 1 Letter c GDPR.

b) STRATO AG commissions the following vicarious agents to check emails for spam and malware:

SiteLock LLC , 8701 East Hartford Drive, Suite 200, Scottsdale, AZ 85255 USA
The company SiteLock LLC in the USA checks email data for malware and deletes affected emails or data from emails. Email data is transmitted to SiteLock LLC and SiteLock LLC retains email data for seven days. The data transfer to SiteLock LLC takes place on the basis of the EU standard data protection clauses between STRATO AG and SiteLock LLC in accordance with Article 46 Paragraph 2 Letter c GDPR. For more information about how SiteLock LLC is involved in checking malicious email, please visit the SiteLock LLC website:
https://www.sitelock.com/
https://www.sitelock.com/malware-scanning/
https://www.sitelock.com/malware-removal/

Cyren GmbH, Heidestraße 10, 10557 Berlin, Germany
The company Cyren GmbH provides the spam filter and the mechanisms for detecting spam emails. We base this on Article 6 Paragraph 1 Letter f GDPR. For more information about how Cyren GmbH is involved in checking spam emails, please visit the Cyren GmbH website:
https://www.cyren.com/de

3.4. Address Books and Contact Lists

a) If you send us an email and that email contains personal information, the email clients we use may automatically create a record from that information and store it in our address books or contact lists. This can be the case, for example, if you send an email signature or contact file such as a vcf-file or if you have stored personal data in your email client that are transmitted in outgoing emails. We can also create the data records manually.

b) The storage of such data sets in address books or contact lists can take place on STRATO AG servers as well as on other clouds or on our own devices. For more information about processing on clouds, please view Section 5 and for more information about processing on our own devices, please view Section 7.

c) We rely on Article 6 Paragraph 1 Letter f GDPR for processing in the context of address books and contact lists if the processing takes place within the European Union, and otherwise on Article 49 Paragraph 1 Letter c GDPR.

4. PLATFORMS

4.1. Profile-Data and Messages

a) We may process personal data that you send to us via Platforms and possibly also personal data that you make publicly available on your user profiles on Platforms. Profile data may also include personal data that you make available to us by connecting with us on a Platform or accepting our request to connect with you. When processing profile data, we rely on our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR. When processing data in messages you send to us via Platforms, we rely on Article 6 Paragraph 1 Letter b GDPR.

b) We process profile data, for example (i) to assess whether and to what extent we can assign as a vicarious agent for orders, and (ii) to eventually send you advertising or inquiries, e.g. if you are a potential customer, vicarious agent a freelancing craftsman.

c) Messages and data about interactions between you and us on Platforms may be stored not only on the servers of the respective Platforms, but also on the device with which we use the respective Platforms at a given time. To the extent that the respective Platform allows us to do this, we can download and process all of the data that the Platform stores about us (including interactions with you).

4.2. Links and Cookies

a) On our website, in our email signatures, and possibly also in our profiles on Platforms, we may use symbols linked to links (e.g. “icons”), or text links, or QR codes representing links, which may redirect you to our user profile on the respective Platform or to our website, when you click on them or scan the respective QR code. We may also use QR codes in documents that you receive from us, e.g. in offers, order documents, or invoices.

b) Depending on which cookies (whether from us, from our processors, from the processors' vicarious agents, or from the Platforms) you have allowed in your web browser, and whether you are logged in to a Platform at a given time or what settings you have configured in your user account on a platform; the respective Platform may process your data in connection with your visit to our website or in connection with websites, applications or other Platforms from which you access our user profile on the Platform, e.g. your usage behavior for the purpose of market research and advertising. This processing is mostly beyond our control, but you can usually take own measures to control these activities. However, since some of the Platforms can also be used without registration, it is not excluded that you will also be affected by data processing by some Platforms even though you are not registered there.

c) The links may contain extensions (so called “tags”, such as UTM tags), which collect personal data in a categorized manner and forward it to us or to the respective Platform and can then be further processed by us or the respective Platform (hereinafter referred to as “tag data”).

d) We mostly have no influence on the extent to which Platforms themselves add tags to links and process tag data. To the extent that we set the tags ourselves, we may process tag data using Google Analytics. Information about how and what data is processed by Google itself can be found in the terms and conditions of Google Analytics, where you can also find information on data protection regarding Google Analytics. The terms and conditions of Google Analytics can be found at the following link:
https://marketingplatform.google.com/about/analytics/terms/us/

e) To reduce processing, you can also take measures yourself with regard to tag data to influence the processing, e.g. in the cookie settings and other settings in your web browser or by first copying a link, removing the tags from the link and then access this link without the tags.

f) In the context of tags, links and cookies from Platforms, data is processed based on our legitimate interests and in accordance with Article 6 Paragraph 1 Letter f GDPR, where the processing takes place in the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter c GDPR.

4.3. Platform Types

In connection with your personal information, we may use, among others (if applicable), one, more that one, or all of the following Platforms:

a) Social Media:

Address:

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
Privacy:

https://www.linkedin.com/legal/privacy-policy
Opt-Out:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter („X“)

Address:

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy:

https://twitter.com/en/privacy
Opt-Out:

https://twitter.com/i/flow/login?redirect_after_login=%2Fsettings%2Faccount%2Fpersonalization

Facebook

Address:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy:

https://www.facebook.com/privacy/policy
Cookies:

https://www.facebook.com/privacy/policies/cookies
Opt-Out:

https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%3Ftab%3Dads

b) Messenger Apps:

Address:

WhatsApp LLC, 1601 Willow Road, Menlo Park, California 94025, USA
Privacy:

https://www.whatsapp.com/legal/privacy-policy-eea?lang=en
Processing:

https://www.whatsapp.com/legal/business-data-processing-terms?lang=en
Transfer:

https://www.whatsapp.com/legal/business-data-transfer-addendum?lang=en
Security:

https://www.whatsapp.com/legal/business-data-security-terms?lang=en
ToS:

https://www.whatsapp.com/legal/terms-of-service?lang=en

c) Video Conference Apps:

Skype & Microsoft Teams

Addresses:

Skype Communications SARL, 23-29 Rives de Clausen, L-2165 Luxembourg
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:

https://privacy.microsoft.com/en-us/privacystatement
Opt-Out:

https://account.microsoft.com/privacy/third-party-ads?lang=en-US
https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-US
ToS:

https://www.skype.com/en/legal/
https://www.microsoft.com/en-us/legal/terms-of-use

Zoom

Address:

Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA
Privacy:

https://explore.zoom.us/en/privacy/
Opt-Out:

https://explore.zoom.us/en/cookie-policy/
ToS:

https://explore.zoom.us/en/terms/

d) Other Platforms:

We may use other Platforms, which, however, have no relevance to our processing if you do not interact with us on these Platforms, i.e. if you are not active on these Platforms yourself or do not have a user profile or user account there, and if you do not send us message via such a Platform. We have no influence on whether these Platforms process your data, but you can influence if these Platforms process your data through your browser settings and possibly the settings in your user account, if you have a user profile at such a Platform.

5. CLOUD SERVICES

5.1. We may process your personal data via one or more cloud services. This can take place, for example, when we synchronize data between different clouds with each other or with our own devices, or by creating backups, or when we use data processing software on cloud systems.

5.2. Where the use of cloud services ensures or significantly improves the information security of your personal data, or enables or significantly facilitates us to fulfill legal obligations, we rely (if applicable) on Article 6 Paragraph 1 Letter c GDPR, provided that the processing is carried out in of the European Union, and otherwise on Article 49 Paragraph 1 Letter c GDPR.

5.3. Where the use of cloud services is necessary to fulfill pre-contractual measures or contractual obligations (e.g. if we have integrated the use of cloud services as a regular part of relevant work processes), this will take place (if applicable) on the basis of the Article 6 Paragraph 1 Letter b GDPR, if the processing takes place in the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter b GDPR.

5.4. Where the use of cloud services benefits or may benefit the facilitation of our work, the improvement of our services or the success of our business, we rely on Article 6 Paragraph 1 Letter f GDPR if processing takes place in the European Union , and otherwise on Article 49 Paragraph 1 Letter c GDPR.

5.5. In relation with your personal data, we may commission (eventually among others), the cloud services of one, more than one, or all of the following Processors:

Google
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
https://cloud.google.com/terms/cloud-privacy-notice?hl=en
https://cloud.google.com/terms?hl=en

Samsung Cloud & Samsung Contacts
Samsung Electronics Co., Ltd., 129, Samsung-ro, Yeongtong-gu,, Suwon-si, Gyeonggi-do 16677, Republic of Korea
https://account.samsung.com/membership/terms/privacypolicy?paramLocale=en_UK
https://account.samsung.com/membership/policy/terms
https://www.samsung.com/uk/info/legal/
https://www.samsung.com/uk/info/privacy/

One Drive
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
https://privacy.microsoft.com/en-gb/privacystatement
https://www.microsoft.com/en-us/legal/terms-of-use

Drop-Box
Dropbox, Inc., 333 Brannan Street, San Francisco, CA 94107, USA
https://www.dropbox.com/privacy
https://www.dropbox.com/terms

6. PERSONAL DOCUMENTS

In some cases, we may need one or more personal documents from you (e.g. digital copies of your ID card) so that we can fulfill our contractual obligations towards you and you can fulfill your contractual obligations towards us. This may be necessary, for example, in the following cases:

6.1. Access to Construction Sites

a) The need to receive digital copies of your identity card occurs, for example, if we have commissioned you to provide assembly services or if we have placed an order for assembly services with you and it is necessary for your access (or the access of your fitters) to the construction site. In this case, we have to forward the digitized ID card copies to the respective customer so that they can register you (or your fitters) with the organizers in advance (e.g. exhibition hall). In certain cases, this may also have legal reasons for the customer. In this context, we rely on Article 6 Paragraph 1 Letter b GDPR, if the processing takes place within the European Union, and otherwise on Article 49 Paragraph 1 Letter b GDPR.

b) The data transmission to the customer usually takes place via email. The transmission from the customer to the organizer usually takes place either by email or via an app from the organizer. In the respective contract documents you will always find out which of our customers and organizers are involved. The customers and organizers may be located in third countries. If we do not inform you about the country of the headquarters of the customer or organizer in the respective order document, you can receive this information at any time (and also before the respective order is placed) by sending us an email to info@xthsens.com. Usually, these are located in the European Union or the United Kingdom. The organizer is usually located in the same country as the construction site.

c) The organizers may, after checking the digital ID copies, create access documents (e.g. exhibitor badges, fitter cards or similar), which may contain data from the digital ID copies. After the creation of such access documents, these are usually transmitted by the organizer to the client, and by the client to us, so that we can send them to you. If access to the construction site is arranged via an app, you (or your fitters) may receive access data to this app and the personal data stored in it.

6.2. CV and Qualification Data

a) If you are a self-employed person and we have agreed with you or have a common intention that we mediate clients to you or arrange orders for you, then we may process personal data that is necessary for this or that facilitate this ("CV and Qualification Data"). We therefore process CV and qualification data on the basis of Article 6 Paragraph 1 Letter b GDPR, insofar as the processing takes place within the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter b GDPR.

b) CV and qualification data include, for example: name, date of birth, level of education, educational and professional background, skills, technical skills, language skills, further trainings, references, milestones, tools, driving licenses, second residences or possible service locations, nationality, information about mobility, qualifications, certificates, work permits, and possibly other data.

c) We may obtain reviews from thirds (e.g. statements from customers or people who work with you as part of your assignment) on any information related to your services, which is suitable to enable us assessing the success of your performance and the success of future orders with you. We can combine and process such reviews with your CV and qualification data and with other reviews in order to determine our own quality rating of your performance. For collecting reviews making performance ratings, we rely on Article 6 Paragraph 1 Letter f GDPR, if the processing takes place within the European Union, and otherwise on Article 49 paragraph 1 letter c.

d) If we commission you as vicarious agent to operate performances for us within an order we have from one of our clients, or if we have mediated you a client for whom you will directly operate performances; we may transmit CV and qualification data to the respective client. If we do not inform you in the respective order document about the country of headquarters of the client, you can receive this information at any time (and also before order conclusion) by sending us an email to info@xthsens.com. Usually, these are located in the European Union or the United Kingdom. We do not transmit more to the respective customers than necessary for the order conclusion or success of order fulfillment. In this context we rely on Article 6 Paragraph 1 Letter b GDPR if we are transferring the data to a country within the European Union, and otherwise on Article 49 Paragraph 1 Letter b GDPR.

6.3. Licensing

a) If you grant us a license to intellectual property whose author is a natural person (e.g. yourself as a freelancer or an author you act on behalf of), we may need a digital ID copy of you or this author, for the purpose of identifying the author in order to carry out appropriate checks and references in the event of copyright claims or copyright infringements by third parties. We justify this procedure on our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR. If we have to transfer personal data to third countries outside the European Union, we rely on Article 49 Paragraph 1 Letter c GDPR.

b) We only collect, store and process basic data from digital ID card copies, i.e. first name, last name, address, date of birth and possibly the ID card number. The digital ID card copy itself will not be transmitted to third parties, with the exception of the servers and systems required for the respective communication channel via which you send us the digital ID card copy (e.g. by email), under the according provisions as set out in the underlying Privacy Policy.

c) Alternatively, we may enable you to perform identification yourself through a third-party software. In this case, the entire processing is also subject to the privacy policy of the respective third-party, which we will refer before you start such an identification process.

6.4. Mediation of Bank Accounts and Payment Processors

a) If you have commissioned us to mediate you a bank account that will enable you to receive credit card payments, or a payment processor that will provide you with the technical or legally compliant infrastructure to integrate payment methods, then we may require personal documents and other personal data from you and other relevant persons within your company group, e.g. owners, managers, shareholders, managing directors and owners of legal entities who are shareholders, and if applicable, also from the ultimate beneficial owners (“UBOs). Such personal documents can be digital copies of ID cards, company formation documents, and utility bills, e.g. electricity bills, gas bills, internet provider bills, or similar.

b) The processing of such personal documents and other personal data is based on the respective contractual agreement between you and us. We usually have to transmit such personal documents and other personal data to the banks and payment processors (and if applicable also to the intermediaries), and eventually upload such data to their technical systems. This is necessary for the banks and payment processors to carry out important checks to determine whether they are legally allowed to provide you their financial services and if they are willing to do so under economic and possibly ethical aspects. Therefore, the processing and transmission is made on the basis of Article 6 Paragraph 1 Letter b if the processing takes place within the European Union, and otherwise on the basis of Article 49 Paragraph 1 Letter b.

c) Before we transmit personal documents and other personal data to banks, payment service providers or intermediaries, we will provide to you their privacy policies, so that you can decide and consent in advance and individually.

7. HOW WE PROCESS DATA

As described in the underlying Privacy Policy, a significant part of processing personal data is based on technical infrastructures and software solutions of third parties, such as email servers, website servers, cookies, clouds, platforms, etc. In connection with this or by being able through this, we also process data on our own devices and with filing system and software we use on these devices. In this section, we will inform you about the essential circumstances and conditions for this processing. If no other basis for processing is given by law or the underlying Privacy Policy, then we rely on Article 6 Paragraph 1 Letter f GDPR, provided the processing takes place within the European Union, and otherwise on Article 49 paragraph 1 Letter c GDPR.

7.1. Software

To process personal data, we may use different (i) operating systems, e.g. Windows, Android, iOS, Linux, Ubuntu, etc., and (ii) applications for data processing, e.g. Microsoft Office 365, Apache Open Office, Adobe Acrobat Readers, individual software, etc., and (iii) databases e.g. folder-based, SQL-based or document-based, and (iv) file formats, e.g. vcf, csv, json, sql, xls, txt, doc, xml , py, js, etc., and (v) web browsers, e.g. Google Chrome, Mozilla Firefox, Microsoft Edge, etc.

7.2. Hardware and Locations

Our processing takes place on our own local and mobile devices and storage media, which are usually located in Germany, although the processing can also take place in other European countries and, in exceptional cases, also outside of the European Union for a small proportion of the total processing time . Processing outside Germany can also take place via IP addresses or internet access from third parties.

7.3. Cross-System-Processing

a) We may process personal data on different combined and connected devices and systems. For example, we may download data that you send us by email from the email servers and process it on our own devices, and we may also upload processed data back to these email servers, for example by responding to your email. If you send us SMS or MMS, we may also process the data contained therein on our other devices or on cloud infrastructures etc.

b) We may digitize documents that you send to us by postal mail and process them on our devices or in cloud systems, and we may print out digital correspondence and process it in paper form. Further cross-system-processing between different devices and systems which are mentioned in the underlying Privacy Policy is not excluded.

7.4. Security

a) On our part, only our Controller has access and insight to your personal data, i.e. neither employees nor vicarious agents will gain access, insight or authorizations for access or insight to your personal data, unless set out otherwise in the underlying Privacy Policy.

b) We do not leave third parties unattended in a room with our processing devices and we also ensure at any time that the screen lock of the operating system is activated on the relevant device before leaving the workplace, or that the respective device is switched off. Will prevented with appropriate measures any attempt of unauthorized access by any third party who may be physically present at a given time.

c) Any access to our user accounts (e.g. to devices, operating systems, platforms, websites or similar) is protected with strong passwords and, if possible and appropriate, also by multi-factor-authentication.

d) We use current antivirus programs that regularly scan our devices for harmful data and also check new files for harmful data before downloading or adding it. Where we discover harmful data, we take reasonable steps to mitigate the damage, remove the data, and prevent such occurrences in the future.

e) To prevent data loss, we carry out regular backups on external storage media, which we keep inaccessible to third parties. Digitized ID card copies are only stored for a short time and are therefore excluded from backups.

f) To an extent which does not create a disproportionate impairment to the fulfillment or exercise of our legal or contractual duties and obligations, or to the perpetuation or protection of our legitimate interests, we select and configure any security settings in our operating systems, web browsers, software, platforms, and online services we use, at the strictest levels of security, and at least within the scope of legal requirements.

g) We strive to avoid unnecessary data processing, inconsistencies, and inappropriate redundancies, and to correct or delete them when we become aware of them, and we also endeavor to being able taking note of them.

h) In an appropriate relation to our available temporal, financial and professional resources, and taking into account priorities for risk potentials, we take suitable measures to ensure the security of your personal data at all times and endeavor to successively optimize it.

7.5. Individual Decision Automation

We do not make fully automated individual decisions (including profiling), according to Article 22 GDPR.

8. REASONS FOR PROCESSING

8.1. Processing always takes place on the basis of Article 6 paragraph 1 letter a GDPR if you have given us your consent to the processing for the respective purpose, provided your consent is necessary for the lawful processing or the processing is not permitted for any reason other than your consent. Such purposes can be, for example:

a) Voluntary cookies when you visit our website;

b) Advertising or market research purposes;

c) Send you information about our products, services, milestones, news, blog articles, or contractually non-essential upgrades or updates, or using data for surveys.

8.2. The provision of personal data may be partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information of the contractual partner). For entering a contract, you usually have the obligation to provide us the personal data required for the contract conclusion. A contract may not be concluded, if you do not provide to us the required personal data. However, the provision and processing of personal data may also be part or prerequisite for particular contractual services or obligations during the contractual term. Processing always takes place on the basis of Article 6 Paragraph 1 Letter b GDPR when it is necessary to fulfillment of a contract between you and us or in order to take steps at your request prior to entering into a contract. Such a processing can take place, for example:

a) as the pre-contractual measure to make information about our services available to you when you visit our website as a company and accept the essential cookies required for this purpose;

b) upon your request to create for you and send to you a quote;

c) to make payments and to create and send invoices to you;

d) to perform services for which you commissioned us, that may include working with personal data, e.g. data about you or about your users or employees;

e) in order to otherwise enable or improve fulfillment of contractual obligations.

8.3. Processing always takes place on the basis of Article 6 Paragraph 1 Letter c GDPR when it is necessary to fulfill our legal obligations. Such a processing can take place, e.g. for enabling us to:

a) comply with our tax reporting and filing obligations;

b) comply with statutory retention periods for data or documents,

c) fulfill information legal security obligations;

d) fulfill legal obligations that arise from a contract that we have concluded with you;

e) fulfill other legal obligations or to not violate any applicable law.

8.4. Processing always takes place based on the provisions of Article 6 Paragraph 1 Letter f GDPR if it is necessary to protect or exercise the legitimate interests of us or thirds, provided such interests comply these provisions. We may carry out such processing, for example to:

a) carry out creditworthiness and risk checks;

b) prevent possible damages or to try preventing or mitigating damages;

c) exercise or enforce contractual or legal rights (e.g. assignment of claims);

d) adequately maintain, expand, facilitate or improve our operations;

e) fulfill our obligations to third parties (e.g. Processors);

f) carry out measures beyond legal obligations to improve or facilitate the security or organization of our personal data processing;

g) perform measures to facilitate our compliance with legal obligations;

h) facilitate negotiation, administration, execution or quality of eventual follow-up orders;

i) protect us or thirds for other reasons or to perpetuate other legitimate interests of us or thirds.

8.5. Processing always takes place on the basis of Article 6 Paragraph 1 Letter d GDPR when it is necessary to protect the vital interests of a natural person. Such a processing may take place, e.g. if:

a) we discover information (e.g. through collection or analyzing) that, if further processed, can protect vital interests of a natural person;

b) we transmit data to you or to third parties (e.g. authorities) that contribute to the protection of vital interests of a natural person;

c) the processing can otherwise protect the life of a natural person, or protect, ensure, restore, or significantly improve the health, the physical safety or the fundamental rights of a natural person.

8.6. Processing always takes place on the basis of Article 6 Paragraph 1 Letter e GDPR if it is in the public interest or in the exercise of official authority vested in us. Such a processing may take place, if:

a) we are obliged, upon official order, to delete data, restrict access to data, or provide data to a responsible authority;

b) it can prevent a threat to public peace or democracy;

c) it can prevent a crime or contribute to the investigation of a crime, and (i) the prosecution is a current concern in public interest, or (ii) the (possibly) injured party is in particular need of protection, or (iii) to protect the position of the (possibly) injured party in public life, or (iv) because of relevant previous entries of the (possibly) accused party in a domestic or foreign criminal record, or (v) if the crime and is or could result in an official offence.

8.7. If we transmit data to or prompt processing in a third country outside the European Union without appropriate guarantees in accordance with Article 46 GDPR (e.g. standard contractual clauses) or an adequacy decision in accordance with Article 45 paragraph 3 GDPR, and if the processing is for a purpose under:

a) Section 8.1, then the processing is not justified by Article 6 Paragraph 1 Letter a GDPR, but by Article 49 Paragraph 1 Letter a GDPR.

b) in Section 8.2, then the processing is not justified by Article 6 Paragraph 1 Letter b GDPR, but by Article 49 Paragraph 1 Letter b GDPR.

c) in Section 8.3, then the processing is not justified by Article 6 Paragraph 1 Letter c GDPR, but by Article 49 Paragraph 1 Letter c GDPR.

d) Section 8.4, then the processing is not justified by Article 6 Paragraph 1 Letter f GDPR, but by Article 49 Paragraph 1 Letter c GDPR, but if the data transfer is necessary for the establishment, exercise or defense of legal claims, then by Article 49 Paragraph 1 Letter e GDPR.

e) Section 8.5, then the processing is not justified by Article 6 Paragraph 1 Letter d GDPR, but by Article 49 Paragraph 1 Letter e GDPR.

f) Section 8.6, then the processing is not justified by Article 6 Paragraph 1 Letter e GDPR, but by Article 49 paragraph 1 letter d GDPR, or where applicable by Article 49 Paragraph 1 Letter g GDPR.

9. CATEGORIES OF RECIPIENTS AND THIRDS

The transfer of personal data takes place within the scope of legal regulations and the underlying Privacy Policy to recipients or third parties (and where applicable) in one, in more than one, or in all of the following categories:

9.1. Legal Service Providers

Where serving or required to protect or exercise our legitimate interests or to fulfill our contractual or legal rights or obligations, personal data may be transmitted to lawyers and tax advisors, and processed by them.

9.2. Financial Service Providers

Where serving or required to protect or exercise our legitimate interests or to fulfill our contractual or legal rights or obligations, personal data may be transmitted to payment providers, banks, credit check or rating companies, intermediaries of financial services, and debt collection companies, and processed by them.

9.3. Authorities

Where required by law (e.g. reporting obligations, tax obligations, security, criminal prosecution), we must transmit personal data to authorities, e.g. tax office, police, public prosecutors, courts, tax investigations, and customs administration.

9.4. Clients and Orderers

Where serving or required to protect or exercise our legitimate interests or to fulfill our contractual or legal rights or obligations, we may transmit personal data to our clients or to orderers that we have mediated to you, insofar as the coordination or communication between you and these clients or orderers can contribute to the success or quality of the order fulfillment.

9.5. Vicarious Agents and Contractors

Where serving or required to protect or exercise our legitimate interests or to fulfill our contractual or legal rights or obligations, we may transmit personal data to our vicarious agents or to contractors that we have mediated to you, insofar as the coordination or . Communication between you and these vicarious agents or contractors can contribute to the success or quality of the fulfillment of the order and if:

a) we have commissioned or mediated them to provide services as part of a project or task in which we have also commissioned or mediated you, or

b) you have commissioned us and we have commissioned vicarious agents or mediated contractors for in this context.

9.6. Suppliers

Where you have given your consent, or where it is serving or required to protect or exercise our legitimate interests or to fulfill our contractual or legal rights or obligations, we may transfer personal data to suppliers of:

a) IT services, such as the provision, maintenance or upkeeping of technical infrastructure, hardware or software serving necessary business processes or improvements to business processes (e.g. email software, cloud services, internet presence, database software, management software, analysis tools, invoicing, etc.);

b) Marketing and market research services, such as data collection, surveys and sending advertising material;

c) Information security services, such as the suitable disposal of data carriers.

10. PROCESSING DURATION

10.1. We only process personal data as long as the respective processing purpose exists or as long as it is required by law.

10.2. If there are no legal obligations or processing rights and no remaining obligations (e.g. contractual) or claims (e.g. collectibles or damages) between you and us that would justify further processing, then the processing purpose ends once you inform us, that you do not have the intention of future orders with us or if you inform us that you do not agree anymore with the further processing.

10.3. In accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO), the statutory retention period of:

a) 6 years applies to business correspondence, and to order and payment history.

b) 10 years applies contractual data.

10.4. Statutory retention periods may be extended by official orders until the relevant matter has been clarified.

10.5. Newsletters will be deleted after two weeks at the latest. We store information related to your use of the newsletter not longer than 365 days.

10.6. In respect of access to construction sites, in accordance with Section 6.1, we delete digital ID card copies within five working days of receipt, but no later than the day on which the fitting services start. Due to our agreements the clients are obliged to delete digital ID copies (as well as any personal data extracted from ID cards) within two working days after the fitting services have been completed (or after the event has ended, if the construction site is at an event ), and also to oblige organizers to the same extent, whereby statutory retention periods may remain unaffected. The processing time for access documents created by organizers using data from digital ID card copies is identical to the processing time for digital ID card copies.

10.7. We delete within five working days of receipt, digital ID card copies that were sent to us for the purpose of identity verification in the context of licensing. We delete data processed from digitalized personnel copies at the end of the license period, provided that there are no remaining legal obligations or contractual obligations or claims that would justify further processing.

10.8. When personal documents and other personal data that were transmitted for the purpose of mediating bank accounts or payment processors will be deleted, depends on the provisions of the respective agreement you have with us, but ends at the latest after we have achieved successful mediation for you and there are no legal obligations that would justify further processing, although third parties to whom the personal documents and other personal data were transmitted may be subject to other retention periods - whether contractual or statutory.

11. YOUR PRIVACY RIGHTS

You can exercise the following data protection rights:

11.1. Right to Access

In accordance with Article 15 GDPR, you have the right to request information from us whether we are processing your personal data, and if this is the case, you have the right to access this data, and to receive information (i) about the purpose of the processing, and (ii) about the data categories, and (iii) about the recipients or recipient categories (particularly when data were transmitted to third countries), and (iv) about the planned storage period or criteria for the storage period, and (v) about your further data protection rights, and (vi) about the origin of the personal data, to the extent that we have not received the data from you, and (vii) about if we perform automated individual decision-making (including profiling) and if this is the case, then also about the type and scope to the extent it affects on you.

11.2. Right to Object

a) For reasons arising from your particular situation and in accordance with Article 21 Paragraph 1 GDPR, you have the right to object at any time the processing of your personal data, if it is based on Article 6 Paragraph 1 Letter e or f GDPR, and then we will then no longer process this personal data unless the processing serves to assert, exercise or defend our legal claims or if we have obligatory legitimate reasons for the processing which outweigh your interests, rights and freedoms.

b) You have the right to object at any time the processing of your personal data where it serves the purpose of direct marketing, and we will then no longer process this personal data for these purposes.

11.3. Right to Withdraw

Where the processing of personal data is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR, you have the right to withdraw your consent to the processing at any time in accordance with Article 7 Paragraph 3 GDPR. Withdrawing from your consent does not affect the lawfulness of any processing carried out prior to your withdrawal.

11.4. Right to Rectification

In accordance with Article 16 GDPR, you have the right to request that we immediately correct your personal data processed by us where it is incorrect, and taking into account the purposes of the processing, you also have the right to request the completion of your personal data processed by us where it is incomplete, if necessary also by means of a complementing declaration.

11.5. Right to Restriction

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing. According to Article 18 Paragraph 1 GDPR, you have the right to request restriction of processing if one of the following criteria is given:

a) You contest the accuracy of your personal data for a period enabling us to verify the accuracy of your personal data; or

b) The processing of your personal data is unlawful and you object deletion of your personal data and instead request restriction of processing; or

c) We no longer need the personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims; or

d) You have objected the processing in accordance with Article 21 Paragraph 1 GDPR and it is not yet clear whether our legitimate reasons outweigh your legitimate interests.

11.6. Right to Erasure

In accordance with Article 17 GDPR, you have the right to request that we delete your personal data immediately, and taking into account your right to restriction, we are obliged to delete it immediately if one of the following reasons applies:

a) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed; or

b) You withdraw your consent on which the processing was based and there is no other legal basis for the processing; or

c) You object the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate grounds of higher importance for the processing, or you object the processing in accordance with Article 21 Paragraph 1 GDPR; or

d) We have processed your personal data unlawfully; or

e) The deletion of your personal data is necessary to comply with a legal obligation under European Union law or the laws of the Member State to which we are subject; or

f) The personal data was collected in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR.

11.7. Right of Data Portability

a) You have the right to receive your personal data which we process in a structured, commonly used and machine-readable format.

b) Unless the processing is necessary for carrying out a task in public interest or in the exercise of official authority vested in us in accordance with Article 6 Paragraph 1 Letter e, you also have the right that we transmit your personal data to another Controller without inhibition by us, provided that the processing is based (i) on consent in accordance with Article 6 Paragraph 1 Letter a GDPR, or (ii) on Article 9 Paragraph 2 Letter a GDPR, or (iii) on Article 6 paragraph 1 letter b GDPR and the processing is carried out using automated procedures.

c) When exercising your right to data portability in accordance with Article 20 Paragraph 1 GDPR, you have the right to have the personal data transferred directly from one Controller to another Controller, to the extent that this is technically feasible and to the extent that this does not infringe the rights and freedoms of others persons.

11.8. Right of Complaint

If you believe that our processing of your personal data is not lawful, you have the right to complain to the data protection supervisory authority responsible for you or us in accordance with Article 77 GDPR. The data protection supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information,
North Rhine-Westphalia,
PO Box 20 04 44,
40102 Düsseldorf

Phone: 0049 211 / 38424 0;
Fax: 0049 211 / 38424 10;
Email: poststelle@ldi.nrw.de

The complaint can also be made using the following URL:
https://www.ldi.nrw.de/kontakt/ihre-beschwerde

12. LINKS

12.1. If links to the data protection guidelines of our processors or other links that we provide in the underlying Privacy Policy should not be available at a given time or if you cannot access the sources or information we have referenced in another way, then you can contact us via email, requesting these information and we will provide you with the information in a timely manner. Please send such requests to: info@xthsens.com

12.2. To content on third-party websites to which we may refer via links (e.g. in this Privacy Policy, or in our general terms and conditions, or on our website, or in our emails, or in contractual documents, or in invoices, or in any other way), we have no influence. We are not responsible for this content or for the privacy practices of these websites.

12.3. We would like to point out that you can take your own security measures (e.g. through cookie settings and other settings in your web browser, and through firewall settings and other security settings in your operating system, as well as through privacy and anto-virus software), to ensure your data security before accessing linked third-party websites.

12.4. If you access linked websites, we recommend that you first read the privacy policies of the respective websites. Our privacy policy and privacy practices do not apply to your visit and use of third-party websites.

13. CHANGES

13.1. We reserve the right to change this privacy policy at any time. The last date of change can be found at the top of this Privacy Policy.

13.2. Please check the date of last change regularly, especially if you have a business relationship with us or if you know that we are processing your personal data, and also when you visit our website or if we refer to this privacy policy, e.g. when we respond to you in emails.

13.3. If you notice that the last date of change has been updated since you last read this Privacy Policy, please read the Privacy Policy again to be aware of the changes.

13.4. Changes to this Privacy Policy will be effective immediately when an update of this Privacy Policy is posted on our website.

13.5. We will inform you once we have made material changes to this privacy policy if we process your personal data and if the changes materially affect the processing of your personal data, provided we have your contact details that enable us to inform you.

13.6. If you disagree with any material changes to this Privacy Policy that actually affect you or may affect you in the future without any action of you, then you can inform us and we will not apply the disputed changes to the processing of your personal data or we will restrict the processing or delete your personal data to the legally permitted extent.

13.7. If you respond to us after we have notified you of the Privacy Policy without objecting to any changes, we will assume that you agree to the changes.

14. RESPONSIBILITY

The responsible Controller of data processing is XTHSENSE itself:

Ramón Szellatis, Friedhofstraße 5, 46045 Oberhausen, Germany

Contact Data of the Controller:

Postal Mail:

to the above mentioned address

E-Mail:

info@xthsens.com

When you contact the Controller, your personal data may be processed (as described in this data protection declaration), whereby advertising purposes are excluded and the type and scope of processing is limited to the requirements to fulfill your privacy request, taking into account our rights.