Disclaimer

We are pleased about your visit to our website.

Below, we would like to inform you about the processing of your data pursuant to Article 13 of the General Data Protection Regulation (GDPR).

Table of Contents

  1. Name and Contact Details of the Controller

  2. Definitions

  3. Legal Basis for Processing Personal Data

  4. Disclosure of Personal Data

  5. Storage Duration and Deletion

  6. TLS Encryption

  7. Cookies Generally

  8. Tracking
    a) DoubleClick
    b) Google AdServices
    c) Google Analytics
    d) Google Maps
    e) Google Tag Manager
    f) WPML
    g) Popup Maker
    h) Microsoft Clarity
    i) Facebook
    j) Google reCAPTCHA
    k) Instagram
    l) OpenStreetMap
    m) Cloudflare Turnstile
    n) Vimeo
    o) X (formerly Twitter)
    p) YouTube

Collection and Storage of Personal Data and Their Purpose of Use
a) During Website Visit
b) Contact via Email, Phone or Fax
c) Use of Contact Form
d) Use of Borlabs Cookies

e) Register for the Webcast

10. Download Remote Support

11.Rights of Data Subjects

12. Automated Decision-Making/Profiling

13. Changes and Updates to This Privacy Policy

1. Name and Contact Details of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

XTRAS forward thinking GmbH & Co. KG
Dr. Maciej Suchomski, Norbert Harren
Bergiusstraße 1
28816 Stuhr-Brinkum

Phone: 0421 408948 – 0
Email: info@xtras-log.de

Our Data Protection Officer can be reached at the above address or by email at:
datenschutz@xtras-log.de

 

2. Definitions

We have designed our Privacy Policy according to the principles of clarity and transparency. Should there still be any uncertainties regarding the use of various terms, the corresponding definitions can be found in Article 4 GDPR.

 

3. Legal Basis for Processing Personal Data

We only process your personal data if there is a legal basis for it. The following regulations particularly apply under the GDPR:

Art. 6(1)(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes.

Art. 6(1)(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or for taking steps at the request of the data subject prior to entering into a contract.

Art. 6(1)(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.

Article 6 Paragraph 1 Sentence 1 Letter d GDPR: Processing is necessary to protect the vital interests of the data subject or of another natural person.

Article 6 Paragraph 1 Sentence 1 Letter e GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Article 6 Paragraph 1 Sentence 1 Letter f GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

4. Disclosure of Personal Data

When visiting our website, your user data is forwarded exclusively to our hosting provider: Mittwald CM Service GmbH & Co. KG, with the cloud server located in Germany. No further data disclosure takes place.

 

5. Storage Duration and Deletion

We store all personal data you transmit to us only for as long as it is required to fulfill the purposes for which these data were transmitted, or as long as this is prescribed by law. Upon fulfillment of the purpose and/or expiry of statutory retention periods, the data will be deleted or blocked by us.

 

6. TLS Encryption

To protect your data from unauthorized access as comprehensively as possible, we implement technical and organizational measures. We use an encryption procedure on our website. Your data is transmitted from your computer to our server and vice versa over the internet using TLS encryption. You can recognize this by the closed padlock symbol in your browser’s status bar and the address bar starting with https://.

 

7. Cookies Generally

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit to an online offering.

The following cookie types and functions are distinguished:

Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.

Persistent Cookies: Persistent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Similarly, user interests used for reach measurement or marketing purposes can be stored in such a cookie.

First-Party Cookies: First-party cookies are set by us ourselves.

Third-Party Cookies (also: Third-Party Provider Cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: Essential or Strictly Necessary) Cookies: Cookies may be strictly necessary for the operation of a website on the one hand (e.g., to save logins or other user inputs or for security reasons).

Statistics, Marketing, and Personalization Cookies: Furthermore, cookies are regularly used in the context of reach measurement and when a user’s interests or behavior (e.g., viewing certain content, using functions, etc.) is stored in a user profile on individual websites. Such profiles serve to display content to users that corresponds to their potential interests, for example. This procedure is also referred to as “tracking,” i.e., tracking the potential interests of users. To the extent we use cookies or “tracking” technologies, we inform you separately in our Privacy Policy or in the context of obtaining consent.

General Notes on Revocation and Objection (Opt-Out): Depending on whether processing is based on consent or legal permission, you have the option at any time to revoke given consent or object to the processing of your data by cookie technologies (summarized as “opt-out”). You can initially declare your objection via your browser settings, e.g., by deactivating the use of cookies (though this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, on the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can find further objection notices in the context of the information on the providers and cookies used.

Processing of Cookie Data Based on Consent: Before we process or have data processed in the context of using cookies, we ask users for revocable consent at any time. Before consent is given, only cookies that are necessary for the operation of our online offering may be used. Their use is based on our interest and the users’ interest in the expected functionality of our online offering.

8. Tracking

The cookies set on our website are used to support the following service programs:

a) DoubleClick

Our website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. DoubleClick uses cookies to serve relevant ads to users, improve campaign performance reports, or prevent a user from seeing the same ads multiple times.

Due to the marketing tools used, your browser establishes a connection to a Google server as soon as you allow this in the settings and grant us consent for data processing. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our online presence or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or not logged in, there is the possibility that the provider learns and stores your IP address.

You can prevent participation in this tracking procedure in various ways:

  • by appropriate settings of your browser software – suppressing third-party cookies ensures that you do not receive ads from third-party providers;

  • by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain (https://www.google.de/settings/ads). This setting is deleted when you delete your cookies;

  • by deactivating interest-based ads from providers that are part of the self-regulatory campaign “About Ads” (via the link https://www.aboutads.info/choices). This setting is deleted when you delete your cookies;

  • by permanent deactivation in your browsers Firefox, Internet Explorer, or Google Chrome (plugins available at the link https://www.google.com/settings/ads/plugin).

The legal basis for processing your data is the consent you have given via the cookie consent tool (Article 6 Paragraph 1 Sentence 1 Letter a EU-GDPR). Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick, and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy.

b) Google AdServices

We use the Google service AdServices on our website. Within the EEA, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for data processing. Further information can be found in Google’s Privacy Policy at the following link: https://policies.google.com/privacy?hl=de&gl=de.

The Google AdServices service is an online advertising program from Google and serves to present our products through advertisements as soon as you enter them in the Google search engine, thereby allowing us to optimize our service performance.

Your data is processed only with your consent (Article 6 Paragraph 1 Letter a EU-GDPR) in connection with our legitimate interest (Article 6 Paragraph 1 Letter f EU-GDPR) for marketing purposes and stored only until you object to your consent.

In doing so, we process the following personal data:

  • IP address

  • Device data

  • Access time and duration

  • Access location

  • Access statistics

  • Navigation behavior

  • Click behavior

If you additionally provide us with your data such as first name, last name, and email address, this data will also be processed.

To enable Google AdServices to display tailored advertising, cookies are set among other things. Cookies are small text files that store certain information on your computer.

We use the following cookies for this service:

  • _gcl_au: This cookie is stored for 90 days and serves to link conversions. This is a 1st party cookie and contains a randomly generated user ID.

c) Google Analytics

We use “Google Analytics” on our website, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google uses cookies, i.e., small text files stored on your end device, to enable analysis of your use of our website.

The following cookies are set by Google Analytics with your consent:

  • _ga: This cookie stores your domain for 2 years and is a 1st party cookie. It contains a randomly generated user ID. Based on this ID, Google Analytics can recognize returning users on this website and aggregate data from previous visits.

  • _gid: This cookie stores your domain for 24 hours and is a first-party cookie. It contains a randomly generated user ID. Based on this ID, Google Analytics can recognize returning users on this website and aggregate data from previous visits.

    The information about your use of our website generated by the cookie is generally transmitted to a Google server in the United States and stored there. If IP anonymization is activated on the website (“IP anonymization”), your IP address will be truncated by Google beforehand within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use this information on our behalf to evaluate your use of our website, compile reports on website usage, and provide us with other services related to website usage and internet usage. Pseudonymous usage profiles can be created from the processed data. The IP address transmitted in connection with Google Analytics will not be merged with other Google data.

    We use Google Analytics for the purpose of analyzing the use of our website and continuously improving individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offering and make it more interesting for you as a user. For this purpose, we obtain your consent for data processing pursuant to Article 6 Paragraph 1 Letter a EU-GDPR. You can object to your consent at any time with effect for the future.

    Furthermore, we process your data based on our legitimate interest in the processing of the aforementioned data by Google, which is based on Article 6 Paragraph 1 Letter f EU-GDPR to that extent.

    You can prevent the storage of cookies generated by Google Analytics by making appropriate settings in your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. If you wish to prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google, you can download and install the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

    To obligate Google to process the transmitted data only in accordance with our instructions and to comply with applicable data protection regulations, we have concluded a data processing agreement with Google. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the rules for the protection of personal data within and outside the EU, the standard contractual clauses https://ec.europa.eu/info/law/law-topic/data-protection, and has certified itself. This obligates Google to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://policies.google.com/privacy/frameworks?hl=en.

    Further information on data usage by Google, settings and objection options, and data protection can be found on the following Google websites:

    If you wish to generally block Google Analytics, we recommend using the browser add-ins “NoScript” or “Ghostery”.

    Data collection by Google Analytics can be prevented by setting an opt-out cookie:
    <a href="javascript:gaOptout()">Disable Google Analytics</a>

d) Google Maps

Our website uses the Google Maps mapping service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”).

The use of Google Maps provides a service for you so that you can precisely identify our location and, if necessary, better plan your visit to us. The use of Google Maps is based on your consent pursuant to Article 6 Paragraph 1 Sentence 1 Letter a EU-GDPR.

Through the use of Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the United States and stored there. Google will forward the information obtained through Google Maps to third parties if required by law or insofar as third parties process this data on behalf of Google. However, your IP address will never be associated with other Google data. Nevertheless, we must point out to you that it is technically possible for Google to identify individual users based on the data received. We also have no influence on whether your personal data and personality profiles are processed by Google for other purposes.

Google has subjected itself to the standard contractual clauses https://ec.europa.eu/info/law/law-topic/data-protection.

Further information on data protection at Google can be found at https://www.google.com/policies/privacy/?hl=de.

e) Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags via a single interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal data of users. Regarding the processing of users’ personal data, reference is made to the following details on Google services.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Websitehttps://marketingplatform.google.com;
Privacy Policyhttps://policies.google.com/privacy;

We have concluded a data processing agreement with Google: https://business.safety.google/adsprocessorterms/.

Further information on data processing by Google can be found at the following link: https://business.safety.google/adsservices/.

f) WPML (WordPress Multilingual Plugin)

We use the WPML (WordPress Multilingual Plugin) plugin on our website from the company OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong. WPML serves to provide our website in multiple languages and to store visitors’ language selections.

WPML enables:

  • Provision of our website in various languages

  • Automatic display of the appropriate language based on user settings

  • Storage of the language selected by the user

  • Technical functionality of multilingualism

Without WPML, a multilingual presentation of our website would not be possible.

WPML sets technically necessary cookies to:

  • Store the language selected by the user

  • Display the website in the correct language

  • Maintain the language preference across multiple page visits

These cookies do not contain any personal data, but only language information.

Typical WPML cookies are:

Cookie Purpose Storage Duration
_icl_visitor_lang_js Stores the user’s preferred language 1 day
wpml_browser_redirect_test Checks if browser redirects function Session
wp-wpml_current_language Stores the current language 1 day

 

Since these cookies are technically necessary, processing is based on:
Article 6 Paragraph 1 Letter f GDPR (legitimate interest in a functional, multilingual website).

Consent is not required as WPML does not process tracking or marketing data.
WPML itself does not transmit personal data to third parties. Processing occurs exclusively on our own servers or our hosting provider’s server.

Further information can be found in the WPML/OnTheGoSystems Privacy Policy: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

g) Popup Maker

We use the Popup Maker plugin on our website, a tool for creating and displaying pop-ups. These pop-ups may contain notices, offers, or newsletter registrations, for example.

Popup Maker itself does not process personal data in the standard configuration that can be directly attributed to individual users. However, the following data may be technically collected or stored during use:

Cookie-based information: Popup Maker sets cookies to determine:

  • whether a pop-up has already been displayed

  • how often a pop-up has been displayed

  • whether a user has closed a pop-up

These cookies serve exclusively to control pop-up functionality and do not contain personal data such as IP address, name, or contact information.

Interaction data: The plugin can record whether a pop-up was opened or closed. This information is stored anonymously and serves to optimize the pop-up function.

Popup Maker typically uses the following cookies:

Cookie-Name Purpose Storage Duration
pum- Stores whether a specific pop-up has already been displayed up to 1 month

 

Processing is based on:
Article 6 Paragraph 1 Letter f GDPR (legitimate interest in user-friendly presentation of our website)
Article 6 Paragraph 1 Letter a GDPR, if pop-ups are connected with tracking or marketing cookies requiring consent (e.g., newsletter pop-ups with external tools).

Popup Maker does not transmit data to third parties. All data remains on our server or within our WordPress installation.

We have configured Popup Maker so that only technically necessary cookies are set unless additional user consent is given. Pop-ups containing marketing or tracking tools are loaded only after consent via our consent management tool.

h) Microsoft Clarity

We use the web analytics service Microsoft Clarity from Microsoft Corporation on our website. Clarity enables us to better understand usage behavior on our website to improve user-friendliness. Processing is based on our legitimate interest pursuant to Article 6 Paragraph 1 Letter f GDPR and, where necessary, on your consent pursuant to Article 6 Paragraph 1 Letter a GDPR.

Microsoft Clarity collects, among other things:
Usage data

  • Mouse movements, clicks, scroll behavior

  • Interactions with individual elements

  • Session duration and navigation paths

Technical data

  • Browser type and version

  • Operating system

  • Screen resolution

  • Anonymized IP address

Cookies and similar technologies: Clarity sets cookies to recognize returning visitors and analyze sessions.

The data is used to:

  • Improve the user-friendliness of the website

  • Identify technical problems

  • Optimize content and layouts

Clarity does not create personal profiles and does not use the data to identify individual users.

Microsoft Clarity may transfer data to the USA. Microsoft is certified under the EU-US Data Privacy Framework. Additionally, standard contractual clauses exist pursuant to Article 46 GDPR.

If Microsoft Clarity uses cookies or tracking technologies that are not technically necessary, they are activated only after your consent via our consent management tool.

i) Facebook

We maintain a company page (Facebook Page) on the Facebook platform, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Additionally, Facebook functions may be integrated on our website (e.g., Like button, Share button, social plugins, or embedded content).

Processing occurs to:

  • Communicate with users, prospects, and business partners

  • Present our company, products, and services

  • Obtain reach analyses and statistical evaluations

  • Evaluate interactions (e.g., likes, comments, profile views)

When you visit our Facebook page or use Facebook plugins, Facebook processes personal data to provide the platform and analyze user behavior.

Depending on usage, the following data may be processed:

  • Profile data (e.g., name, gender, age, interests)

  • Communication content (e.g., messages, comments, interactions)

  • Technical data (e.g., IP address, browser information, device information)

  • Location data (if shared)

  • Data about your user behavior on Facebook and linked pages

If you are logged into Facebook, Facebook can assign your behavior to your profile.

Processing is based on:

  • Article 6 Paragraph 1 Letter f GDPR (legitimate interest) – Our interest lies in professional external presentation and communication.

  • Article 6 Paragraph 1 Letter a GDPR, if you activate Facebook plugins on our website or use consent-required functions.

For processing so-called Insights data, there is joint controllership between us and Meta pursuant to Article 26 GDPR. Meta assumes primary responsibility for data processing on the platform.

Further information on Facebook Insightshttps://www.facebook.com/legal/terms/information_about_page_insights_data

Facebook may transfer data to the USA or other third countries. The transfer is based on:

  • EU standard contractual clauses (SCC)

  • Additional security measures by Meta

You can adjust your privacy settings directly on Facebook: https://www.facebook.com/settings

If you do not want Facebook to collect data about you, you should log out of your Facebook account and delete cookies before visiting our Facebook page.

Facebook’s Privacy Policy can be found at: https://www.facebook.com/privacy/policy

j) Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is used to check whether data entry on our websites (e.g., in a contact form) is made by a human or by an automated program. To do this, reCAPTCHA analyzes the website visitor’s behavior based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, dwell time of the website visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The use of Google reCAPTCHA is based exclusively on your express consent pursuant to Article 6 Paragraph 1 Letter a GDPR. You can revoke your consent at any time with effect for the future. Revocation does not affect the lawfulness of processing that has taken place up to that point.

Further information on Google reCAPTCHA and Google’s Privacy Policy can be found at the following links:
https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

k) Instagram

We maintain a company presence on the Instagram platform, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Additionally, Instagram functions may be integrated on our website (e.g., social plugins, embedded posts, images, or videos).

Processing occurs to:

  • Communicate with users, prospects, and business partners

  • Present our company, products, and services

  • Obtain reach analyses and statistical evaluations

  • Evaluate interactions (e.g., likes, comments, profile views)

When you visit our Instagram page or use Instagram plugins, Instagram processes personal data to provide the platform and analyze user behavior.

Depending on usage, the following data may be processed:

  • Profile data (e.g., name, username, interests, follower information)

  • Communication content (e.g., messages, comments, interactions)

  • Technical data (e.g., IP address, browser information, device information)

  • Location data (if shared)

  • Data about your user behavior on Instagram and linked pages

If you are logged into Instagram, Instagram can assign your behavior to your profile.

Processing is based on:

  • Article 6 Paragraph 1 Letter f GDPR (legitimate interest) – Our interest lies in professional external presentation and communication.

  • Article 6 Paragraph 1 Letter a GDPR, if you activate Instagram plugins on our website or use consent-required functions.

For processing so-called Insights data, there is joint controllership between us and Meta pursuant to Article 26 GDPR. Meta assumes primary responsibility for data processing on the platform.

Further information on Instagram Insightshttps://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram may transfer data to the USA or other third countries. The transfer is based on:

  • EU standard contractual clauses (SCC)

  • Additional security measures by Meta

You can adjust your privacy settings directly on Instagram: https://www.instagram.com/accounts/privacy_and_security/

If you do not want Instagram to collect data about you, you should log out of your Instagram account and delete cookies before visiting our Instagram page.

Instagram’s Privacy Policy can be found at: https://privacycenter.instagram.com/policy

l) OpenStreetMap

We use map material from the OpenStreetMap (OSM) service on our website, provided by the OpenStreetMap Foundation (OSMF). The maps serve to display locations, routes, or geographic information. The use is based on our legitimate interest in an appealing presentation of our online offerings pursuant to Article 6 Paragraph 1 Letter f GDPR.

When calling a page containing an OSM map, the following data may be processed:

  • User’s IP address

  • Browser and device data

  • Date and time of access

  • Referrer URL (previously visited page)

  • Usage data (e.g., zoom level, map movements)

This data is transmitted directly to servers of the OpenStreetMap Foundation.

OSM may set cookies to:

  • Enable map display

  • Store user settings (e.g., zoom level)

Since OSMF servers may be operated outside the EU, transfer to third countries is possible. The OSMF commits to compliance with European data protection standards.

Further information on data processing by the OpenStreetMap Foundation can be found in the privacy policy at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

m) Cloudflare Turnstile

We use Cloudflare Turnstile on our website, a service of Cloudflare, Inc., to secure forms and prevent spam and bot requests. Turnstile serves as a privacy-friendly alternative to traditional CAPTCHA systems and enables verification of whether an input originates from a human or an automated system.

The use is based on our legitimate interest pursuant to Article 6 Paragraph 1 Letter f GDPR in ensuring the security of our website and protection against abusive access and spam, as well as Article 6 Paragraph 1 Letter a GDPR if Turnstile is used within a form that loads additional tracking or marketing services (in this case, activation occurs only after consent).

Cloudflare Turnstile is designed to process as few personal data as possible. Nevertheless, the following data may be collected during use:

IP address (shortened or complete, depending on region and Cloudflare configuration)

Browser and device information

  • Browser type and version

  • Operating system

  • Screen resolution

  • Language settings

Usage data

  • Mouse movements or interactions (not used for profiling)

  • Timestamp

  • Referrer URL

Technical telemetry data

  • Information about the connection to the Cloudflare network

  • Security-relevant signals for bot detection

Cloudflare states that Turnstile does not use personal data for advertising purposes and does not set tracking cookies.

Cloudflare may transfer data to the USA or other third countries. Cloudflare is certified under the EU-US Data Privacy Framework and additionally implements standard contractual clauses pursuant to Article 46 GDPR to ensure an adequate level of data protection.

Processing occurs exclusively for the following purposes:

  • Protection against automated attacks and spam

  • Ensuring the functionality of forms

  • Improving website security

No profiling takes place.

Further information on data processing by Cloudflare can be found in the official privacy policy:
https://www.cloudflare.com/privacypolicy/

n) Vimeo

We embed videos from the provider Vimeo on our website. Vimeo is a service of Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA. The embedding is used to present video content in an appealing and performant manner. This constitutes a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If consent is obtained via a consent tool, Article 6 Paragraph 1 Letter a GDPR serves as the legal basis.

When accessing a page containing an embedded Vimeo video, a connection to the Vimeo servers is established. The following data may be processed in this process:

  • User’s IP address

  • Browser and device information

  • Date and time of access

  • Referrer URL (the previously visited page)

  • Usage data (e.g., starting, pausing, or playing the video)

  • Cookies and similar technologies, if you permit them in the consent banner

Vimeo can link this data with other services, particularly if you have a Vimeo account and are logged in.

Vimeo sets various cookies to:

  • Enable video playback

  • Store user interactions

  • Create statistical evaluations

If you reject tracking or marketing cookies in the consent banner, Vimeo videos are loaded only after your active consent (e.g., by clicking on a placeholder graphic).

As Vimeo is a US provider, personal data may be transferred to the USA. Vimeo relies on standard contractual clauses pursuant to Article 46 GDPR to ensure an adequate level of data protection.

Further information on data processing by Vimeo can be found in the official privacy policy:
https://vimeo.com/privacy

o) X (formerly Twitter)

We maintain a company presence on the X platform (formerly Twitter), operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Additionally, X functions may be integrated on our website (e.g., tweet embeddings, share buttons, or social plugins).

Processing occurs to:

  • Communicate with users, prospects, and business partners

  • Present our company, products, and services

  • Obtain reach analyses and statistical evaluations

  • Evaluate interactions (e.g., likes, reposts, comments, profile views)

When you visit our X page or use X plugins, X processes personal data to provide the platform and analyze user behavior.

Depending on usage, the following data may be processed:

  • Profile data (e.g., username, name, interests, follower information)

  • Communication content (e.g., messages, comments, interactions

  • Technical data (for example IP address, browser information, device information)

  • Location data (if shared)

  • Data about your user behaviour on X and linked pages

  • If you are logged in to X, X can associate your behaviour with your profile.

    Processing is based on:

    • Article 6 paragraph 1 letter f GDPR (legitimate interest) – our interest lies in a professional external presentation and communication.

    • Article 6 paragraph 1 letter a GDPR, insofar as you activate X plugins on our website or use functions requiring consent.

    X may transfer data to the USA or other third countries. The transfer is based on:

    • EU standard contractual clauses (SCC)

    • Additional security measures implemented by X

    As X is a US‑based company, it cannot be ruled out that US authorities may gain access to the data.

    You can adjust your privacy settings directly on X:
    https://twitter.com/settings/privacy

    If you do not want X to collect data about you, you should log out of your X account and delete cookies before visiting our X page.

    X’s Privacy Policy can be found at:
    https://twitter.com/privacy

    p) YouTube

    Our website uses components of the YouTube video portal, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access a page containing an embedded YouTube video, a connection to YouTube’s servers is established.

    When loading a YouTube video, the following data may be processed depending on settings and your user behaviour:

    • IP address of the accessing device

    • Information about the browser and operating system used

    • Page of our website accessed

    • Date and time of access

    • Cookies and similar technologies, if you have permitted them

    • If you are logged into your Google account: Attribution of your surfing behaviour to your personal profile

    YouTube or Google may use this data for its own purposes such as profile building, market research, or personalised advertising.

    The embedding is based on Article 6 Paragraph 1 Letter a GDPR, provided you have consented to the use (e.g., via a cookie banner or consent management platform). Without your consent, YouTube content will not be loaded.

    Google may also transfer personal data to the USA. The transfer is subject to the protection mechanisms implemented by Google in accordance with GDPR.

    Further information on data processing by YouTube can be found in Google’s Privacy Policy:
    https://policies.google.com/privacy

    We use YouTube in extended data protection mode where available. According to YouTube, this results in less data being transferred to Google before you actively play the video. Nevertheless, data transfer cannot be completely ruled out.

    9. Collection and Storage of Personal Data and Their Nature and Purpose of Use

    a) During Website Visit

    When you access our website, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in what is known as a log file. To improve the quality of our website, the following information is therefore collected without your intervention and stored until automatic deletion:

    • IP address of the requesting computer

    • Date and time of access

    • Name and URL of the retrieved file

    • Website from which access is made (referrer URL)

    • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

    These data cannot be attributed to specific persons. No merging of this data with other data sources takes place.

    b) Contact via Email, Phone or Fax

    If you contact us by email, telephone, or fax, your inquiry including all personal data resulting from it (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

    Processing of this data is based on Article 6 GDPR. The content of your inquiry determines which legal basis for data processing applies.

    The data you send us via contact requests remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

    c) Use of Our Contact Form

    If you send us inquiries via the contact form, your details from the inquiry form including the contact details you provided there will be stored by us for the purpose of processing the inquiry and for follow-up questions. We do not pass on this data without your consent.

    The legal basis for processing the data entered into the contact form is our legitimate interest in processing your inquiry pursuant to Article 6 Paragraph 1 Sentence 1 Letter f GDPR. If your contact aims at concluding a contract, the legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR. Processing of voluntary data entered into the contact form is based on your consent pursuant to Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can revoke this consent at any time. A simple notification by email to us is sufficient. The lawfulness of data processing operations carried out until revocation remains unaffected by the revocation.

    When submitting the form, the following data is also stored: your IP address, date and time of submission. The legal basis for this is our legitimate interest pursuant to Article 6 Paragraph 1 Sentence 1 Letter f GDPR. We have a legitimate interest in preventing or proving abuse of our contact form.

    The data will be deleted as soon as it is no longer required for the purpose for which it was collected and statutory retention obligations do not preclude deletion.

    d) Use of Borlabs Cookie

    We use the consent management tool Borlabs Cookie from provider Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, on our website to obtain your consent for the use of third-party services and storage of certain cookies in your browser and to document this in a data protection-compliant manner.

    When you enter our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are stored. This data is not forwarded to the Borlabs Cookie provider. You can change the cookie settings at any time via the button at the bottom left on every page.

    The collected data will be stored until you request us to delete it or delete the Borlabs Cookie itself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

    The use of Borlabs Cookie is based on Article 6 Paragraph 1 Sentence 1 Letter c GDPR to obtain the legally required consents for the use of cookies and other technologies.

     

    e) Register for the Webcast

     

    Processing of Personal Data in the Context of Webcasts via Microsoft Teams

    Subject Matter of Processing
    In the course of conducting webcasts via the “Microsoft Teams” platform, we process personal data of participants to the extent necessary for the preparation, execution, follow-up, and documentation of the event.

     

    Categories of Personal Data
    (1) For registration and participation in the webcast, the following personal data are collected and processed:

    • First name,

    • Last name,

    • Organization / Company,

    • Position / Function,

    • E-mail address,

    • Consent to the privacy policy.

    (2) During participation in the webcast, the following data may additionally be processed:

    • Technical usage and metadata (e.g., participation time, technical log data),

    • Chat or question contributions from participants, if actively used,

    • Visibility in the participant list (accessible exclusively to speakers and moderators),

    • Image and audio data of the speakers.

    (3) Participants’ cameras are disabled by default. No processing of participants’ image data occurs.

     

    Recording and Publication
    (1) The webcast is fully recorded. The recording includes, in particular, presentation content, image and audio recordings of speakers, and displayed content.
    (2) The recording is further processed and provided for the following purposes:

    • Sending to registered participants via e-mail,

    • Publication on our YouTube channel,

    • Publication on our website.
      (3) The legal basis for the recording and publication is

    • Consent pursuant to Art. 6(1)(a) GDPR or, where applicable,

    • Our legitimate interest pursuant to Art. 6(1)(f) GDPR in external presentation, knowledge transfer, and documentation.

     

    Use of Data for Marketing Purposes
    (1) Following the webcast, the provided contact details may be used to inform participants about related offers, events, or information.
    (2) Processing occurs exclusively on the basis of consent pursuant to Art. 6(1)(a) GDPR or – where legally permissible – on the basis of our legitimate interest in direct marketing pursuant to Art. 6(1)(f) GDPR.
    (3) Objection to use for marketing purposes is possible at any time.

     

    Use of Microsoft Teams
    (1) For conducting the webcast, we use the “Microsoft Teams” service provided by Microsoft Corporation (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland).
    (2) Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.
    (3) In connection with volume licensing and program agreements, data protection regulations are established with Microsoft to ensure data security. These regulations (Online Services Terms (OSTs) and Data Protection Addendum for Online Services (DPA)) include, among others, EU Standard Contractual Clauses and further GDPR provisions (https://www.microsoft.com/de-de/licensing/product-licensing/products.aspx).

    (4) Microsoft processes data in accordance with European data protection standards. Further information on Microsoft’s data protection is available at: https://privacy.microsoft.com/de-de/privacystatement.

    (5) If you log in with an existing Microsoft account, the agreements between you and Microsoft apply.

    The controller may transmit personal data to courts, supervisory authorities, or law firms where a legal obligation exists pursuant to Art. 6(1)(c) GDPR or where necessary pursuant to Art. 6(1)(f) GDPR for the assertion, exercise, or defense of legal claims, and no reason exists to assume that participants have an overriding legitimate interest in not disclosing the data.

    (6) Transmission of your provided data to a third country or international organization cannot be ruled out, as Microsoft is an international company headquartered in the USA, and access from the USA or other third countries for maintenance or support services may occur. Furthermore, U.S. authorities may legally access personal data on Microsoft’s systems without our or your knowledge.
    Microsoft Corporation holds certification under the “EU-US Data Privacy Framework” (DPF). The list of certified companies is available at https://www.dataprivacyframework.gov/list, where you can search for the provider and view the certification directly.

     

    Technical and Organizational Security Measures
    We implement appropriate technical and organizational measures pursuant to Art. 32 GDPR to ensure the security of processed personal data. These include, in particular:

    • Encrypted data transmission,

    • Role-based access restrictions for moderators and administrators,

    • Secure storage of recordings,

    • Regular review and updating of IT security measures,

    • Data-minimizing configuration of the webcast environment.

     

    Storage Duration
    (1) Personal data are stored only as long as necessary for conducting the webcast, providing the recording, or fulfilling legal retention obligations.
    (2) Consents may be revoked at any time with effect for the future.

     

    10. Download Remote Support

    By clicking ‘Download Remote Support’, our client application for installing AnyDesk is downloaded to your computer. XTRAS forward thinking does not collect any personal data in this process. Only connection IDs are stored for the purpose of efficient connection between the client and server.

    Data protection information on the use of AnyDesk can be found at the following link: https://anydesk.com/de/datenschutz

    11. Rights of Data Subjects in General

    When processing your personal data, the GDPR grants you the following rights as a website user:

    a) Right of Access (Article 15 GDPR)

    You have the right to request confirmation as to whether personal data concerning you is being processed; if so, you have the right to access this personal data and the information specified in detail in Article 15 GDPR.

    b) Right to Rectification and Erasure (Articles 16 and 17 GDPR)

    You have the right to request immediate rectification of inaccurate personal data concerning you and, if necessary, completion of incomplete personal data. You also have the right to request erasure of personal data concerning you without undue delay if one of the reasons specified in detail in Article 17 GDPR applies, for example if the data is no longer needed for the purposes pursued.

    c) Right to Restriction of Processing (Article 18 GDPR)

    You have the right to request restriction of processing if one of the prerequisites specified in Article 18 GDPR is met, for example if you have objected to processing pursuant to Article 21 GDPR, for the duration of any examination as to whether our legitimate interests override yours.

    d) Right to Data Portability (Article 20 GDPR)

    In certain cases specified in detail in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, common, and machine-readable format or to request transmission of this data to a third party.

    e) Right to Object (Article 21 GDPR)

    If data is collected based on Article 6 Paragraph 1 Sentence 1 Letter f GDPR (data processing for legitimate interests), you have the right to object at any time to processing on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that override your interests, rights, and freedoms, or processing serves the establishment, exercise, or defense of legal claims.

    f) Right to Withdraw Consent (Article 7 Paragraph 3 GDPR)

    If data is processed based on your consent pursuant to Article 7 GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent carried out until withdrawal.

    g) Right to Lodge a Complaint with a Supervisory Authority

    Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that processing of personal data concerning you infringes data protection provisions. The right to lodge a complaint may in particular be exercised with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.

    12. Existence of Automated Decision-Making/Profiling

    We do not engage in automated decision-making or profiling.

    13. Changes and Updates to This Privacy Policy

    We reserve the right to change or supplement this Privacy Policy at any time to ensure it always complies with current legal requirements or to implement changes to our services in the Policy. The respective updated version will apply on your subsequent visit. We therefore recommend that you read this Privacy Policy regularly.