Privacy policy

 

I. Preliminary note
We, company Xavannah GmbH & Co. KG, Karl-Oldewurtel-Str. 40, 33659 Bielefeld, take data protection concerns seriously and want to ensure that your privacy is protected when using our website under the domain http://www.xavannah.com.
We have therefore created this privacy policy to explain how we handle your data.
We reserve the right to adapt the content from time to time. It is therefore recommended that you take note of our data processing statement again at regular intervals.

About the structure of the data protection declaration:
Under II. you will find general information on the scope of the processing of your personal data, the legal basis for data processing, the storage period as well as deletion and, in particular, your rights as a data subject.
Under III. we provide information on the responsible person as well as the contact details of our data protection officer.
Under IV, we explain what personal data is collected when you visit our website.
If you wish to use our website for more than purely informational purposes, you will generally be required to provide further personal data, which we use to provide the service in question. We deal with the special forms of use of the website (the contact form, etc.) and the associated data processing under V.

II. General information on data processing
General data processing
“Personal data” is any data that contains information about the personal and factual circumstances of an identified or identifiable natural person. This includes, for example, the name, e-mail address, residential address, gender, date of birth, telephone number or age. A legal definition can be found in Art. 4 No. 1 of the General Data Protection Regulation (hereinafter DS-GVO).

“Processing” of personal data includes, but is not limited to, its collection, recording, organization, ordering, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. A legal definition can be found in Art. 4 No. 2 DS-GVO.

2. scope of the processing of personal data
We process your personal data only with your consent or if permitted by a legal provision.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

3 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a DS-GVO serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c DS-GVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DS-GVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of us or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f DS-GVO serves as the legal basis for the processing.

4 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

5. rights of the data subject
a. Overview
If personal data is processed by you, you are a data subject within the meaning of the GDPR.
You have the following rights vis-à-vis the controller (i.e. us if the data is processed by us) with regard to the personal data concerning you:
– Right to information (Art. 15 DS-GVO),
– Right to rectification or erasure (Art. 16, Art. 17 DS-GVO),
– Right to restriction of processing (Art. 18 DS-GVO),
– Right to object to processing (Art. 21 DS-GVO, for details see II. 5. b. of this Privacy Policy),
– Right to withdraw consent to data processing (Art. 7 para. 3 DS-GVO, for details see under II. 5. b. of this Privacy Policy),
– Right to data portability (Art. 20 DS-GVO).
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by the controller (i.e. if the data is processed by us) (Art. 77 DS-GVO).

b. Objection or revocation against the processing of your data
If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time.
You can inform us of your (advertising) objection using the contact details provided below:

III. Name and address of the person responsible
The responsible party within the meaning of the DS-GVO and other national data protection laws of the member states as well as other data protection regulations is:

Xavannah GmbH & Co. KG
Managing Director: Peter Dixen

Karl-Oldewurtel-Str. 40
33659 Bielefeld

Phone: +49 521 329 363 43
Fax: +49 521 25 25 594
E-Mail: Peter.Dixen@a-w.com

IV. Collection of personal data when visiting our website

1. informative website use
a. Description and scope of data processing
In the case of merely informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. These are:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request comes
– browser
– Operating system and its interface
– language and version of the browser software.

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

b. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of data processing
The collection of personal data described above when you visit our website is technically necessary to display our website to you and to ensure its stability and security.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DS-GVO.

d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

e. Possibilities of objection and elimination
Since the collection of personal data described above is technically necessary when you visit our website in order to display our website and to ensure its stability and security, you do not have the option of objecting to this.

2. Use of cookies
a. Description and scope of data processing
In addition to the previously mentioned data, cookies are stored on your computer when you use our website.
Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and through which certain information flows to the entity that sets the cookies (in this case by us).
Cookies cannot execute programs or transmit viruses to your computer.

There are different types of cookies, namely:
– Transient cookies (temporary use).
– Persistent cookies (temporary use)
– Third-party cookies (from third-party providers)
– Flash cookies (permanent use).

This website uses the aforementioned cookies to the following extent:
– Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
– Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie.
– We will go into more detail about third-party cookies as part of the description of the web analytics and social media plug-ins we use.
– The Flash cookies used are not collected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects that are stored on your terminal device. These objects store the required data independently of the browser you are using and have no automatic expiration date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better-Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and browser history manually.

We use cookies on the one hand to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after switching pages. Cookies used in this regard store, for example, language settings or log-in information.
On the other hand, we also use cookies that enable an analysis of the surfing behavior of the users of our website. In this way, for example, data about the search terms entered, the frequency of page views or the use of website functions can be transmitted. The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.
When calling up our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

b. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of our website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 p. 1 lit. f DS-GVO.

d. Duration of storage, possibility of objection and elimination
Since cookies are stored on the user’s computer, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies (e.g. refuse to accept third-party cookies or all cookies). Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all website functions to their full extent.
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash player.

3. use of Google Analytics
a. Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the case of activation of IP anonymization on this website, however, your IP address will be truncated beforehand by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. For these exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.
The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
b. Legal basis for data processing
The legal basis for the processing of personal data using Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of data processing
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p. 1 lit. f DS-GVO.

d. Duration of storage, possibility of objection and removal.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

e. Information of the third party provider
Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User terms and conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.

4. use of Matomo (formerly Piwik)
a. Description and scope of data processing
This website uses the web analytics service Matomo (formerly Piwik) provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Cookies are used and stored on your computer. Regarding the functioning of cookies, we refer to our presentation under IV. 2. of this privacy policy. The information collected by Matomo is stored exclusively on our server in Germany. This website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person.
The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.

b. Legal basis for data processing
The legal basis for the processing of personal data using Matomo is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of data processing
We use Matomo to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p. 1 lit. f DS-GVO.

d. Duration of storage, possibility of objection and elimination
You can adjust the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use this website in full. Preventing the storage of cookies is possible through the setting in your browser. Preventing the use of Matomo is possible by removing the following checkmark and thus activating the opt-out plug-in: […]
e. Information of the third party provider
The Matomo program is an open source project. You can obtain information from the third-party provider on data protection at: https://matomo.org/privacy-policy/.

5.. Use of social media plug-ins by means of “Shariff
a. Description and scope of data processing
We use social media plug-ins from Facebook, Google+, Twitter, T3N, LinkedIn, Flattr and Xing on our website.
To protect your data, we make use of “Shariff” buttons. “Shariff” is a development by the staff of the computer magazine c’t. It enables greater privacy on the web, prevents links to the servers of social networks from being established or data from being transmitted without your express consent and replaces the usual “Share” buttons. For more information on “Shariff”, please visit: https://heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
If you click on the “Shariff” buttons, a pop-up window appears in which you can log in to the respective provider with your data. Only then will a direct connection to the social networks be established. By logging in, you give your consent to the transfer of your data to the respective social media provider. This provider then receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under IV. 1. of this data protection declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. When you log in to the respective social media provider, your personal data is transmitted to them and stored there (in the case of US providers, in the USA). If you are simultaneously connected to one or more of your accounts with social networks, the collected information will also be assigned to your corresponding profiles. You can only prevent this assignment by logging out of your social media accounts before visiting our website and activating the buttons.
We expressly point out that the full extent of the data collection/data processing by the social media providers is unknown to us.

b. Legal basis for data processing
The legal basis for the use of the social media plug-ins by means of “Shariff” is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of data processing
The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular for the display of needs-based advertising and to inform other users of the social network about your activities on our website.
We offer you the opportunity to interact with the social networks and other users via the plug-ins, so that we can improve our offer and make it more interesting for you as a user. In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 p. 1 lit. f DS-GVO.

d. Duration of storage, possibility of objection and elimination
We have no influence on the collected data and data processing operations, nor are we aware of the storage periods. We also have no information on the deletion of the collected data.
We recommend that you log out regularly after using a social network, but especially before activating the aforementioned buttons.
You have the right to object to the creation of user profiles by the social media providers, whereby you must contact the respective provider to exercise this right. Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

e. Adressen der jeweiligen Plug-in-Anbieter und URL mit deren Datenschutzhinweisen:
– Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.

– Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.

– Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.

– Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

– T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Deutschland; https://t3n.de/store/page/datenschutz.

– LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.

– Flattr Network Ltd. mit Sitz in 2 nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Großbritannien; https://flattr. com/privacy.

V. Special forms of use of our website

1. contact form and e-mail contact
a. Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask (name, e-mail address, subject) is transmitted to us and stored.
At the time the message is sent, the following data is also stored: Company, first name, last name, street and house number, postal code and city, telephone number, e-mail address, subject and the message text.
During the sending process you will be referred to this privacy policy. By sending your message, you consent to the processing of the transmitted data.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
If you use our contact form or the e-mail address provided for contacting us for the purpose of a (price) inquiry for a configured glass product, we will store your transmitted data and forward it to a suitable craftsman company that is contractually affiliated with us, so that he can contact you directly on the basis of the information you have provided, in order to check the acceptance and execution of the order or to submit a concrete price offer on the basis of a measurement that may be necessary and taking into account any necessary installation work.
However, the forwarding will only take place after successful completion of the so-called double-opt-in procedure.
This means that we will first send you an electronic message to the e-mail address you provided, which contains the data you entered and in which we ask you to confirm that you wish the same data to be forwarded to a suitable craftsman’s company contractually associated with us for the aforementioned purposes (acceptance/execution of order or preparation of concrete price quotation/measurement, etc.).
If you do not confirm the forwarding within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of your request and confirmation of your wish to forward the data.
In this respect, too, no data is passed on to third parties except for forwarding to the craftsman’s company.
The entry of your data and its confirmation or the confirmation of the wish to forward your data to a craft enterprise is not a concrete offer. You, the craft enterprise and we are not bound by this. The described double-opt-in procedure rather serves the data protection as well as your protection against the sending of unwanted advertising.

b. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 p. 1 lit. a DS-GVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f DS-GVO.

c. Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data processing within the scope of the double-opt-in procedure serves data protection and your protection against the sending of unwanted advertising.
The data transfer to the craftsman company takes place in order to answer your inquiry.
The collection of the IP addresses used and the times of the inquiry as well as the confirmation of the request for data forwarding serves to prevent or clarify any misuse of the services or the e-mail address used.

d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The data collected/processed in the context of a (price) inquiry regarding a product or service will be deleted after 6 months at the latest.

e. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. You can declare the revocation by clicking on the link provided in our e-mail sent to you as part of the double-opt-in procedure, by e-mail to […] or a message to the contact details given under III. If the storage/processing of personal data of the user is based on Art. 6 para. 1 p. 1 lit. f DS-GVO, the user may object to the storage/processing at any time. In such a case, the conversation cannot be continued. Insofar as it concerns a (price) inquiry regarding a configured glass product and the data has not yet been forwarded to a craftsman’s company, in the case of revocation, no further forwarding can take place.
You can inform us of your objection using the contact details provided under III. of this data protection declaration.
All personal data stored in the course of contacting you will be deleted in this case.

2. newsletter
a. Description and scope of data processing
On our website, there is the possibility to subscribe to a free newsletter after you have given your consent. The goods about which the newsletter should behave in the future are named in the declaration of consent.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Mandatory information for sending the newsletter is only your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter.
The data processed for sending newsletters will not be passed on to third parties.
b. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a DS-GVO.

c. Purpose of the data processing

The collection of the user’s e-mail address serves to deliver the newsletter.
Any further data provided serves to be able to address the user personally in the newsletter.
The collection of other personal data (IP addresses used and times of registration and confirmation) serves to prevent or clarify any misuse of the services or the e-mail address used.

d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address is stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is usually deleted after a period of seven days.

e. Possibility of objection and removal
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to support@xavannah.com or a message to the contact details given under III.

End of the privacy policy.