ENGLISH

Privacy Policy.

DATA PRIVACY POLICY OF XeNTiS COMPOSITE DEVELOPMENT AND PRODUCTION GMBH

Effective date: September 24, 2019 XeNTiS Composite GmbH. (“us”, “we”, or “our”) operates the https://xentis.com/ website (hereinafter referred to as the “Service”).

This page contains information about the ways in which we collect, use and disclose personal data when you use our Service and the choices available to you in connection with this data.

We use your data to provide and improve our service, and by using the service you consent to the collection and use of data by us in accordance with this policy. Unless otherwise stated in this Privacy Policy, the terms used in this Privacy Policy shall have the same meaning as in our Terms and Conditions.

definitions

Service

The service is the website https://xentis.com/ operated by XeNTiS Composite GmbH.

Personal data

Personal data means data relating to a living individual who is identifiable from those data (or from those data in combination with other information already in our possession or likely to come into our possession)

Usage data

Usage data is data that is automatically collected as part of the use of the service or within the service infrastructure itself (for example, for the duration of a page visit). Personal data is data that relates to a living individual who is identifiable from that data (or from that data in combination with other information already in our possession or likely to come into our possession).

Cookies
Cookies are small files that are stored on your device (computer or mobile device).

Data controller

The data controller is a natural or legal person who (either alone or together with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.For the purposes of this Privacy Policy, we are the data controller in relation to your personal data.

Data processor (or service provider)

A data processor (or service provider) is a natural or legal person who processes the data on behalf of the data controller. We may use the services of various service providers to process your data in a more efficient manner.

Data subject (or user)

A data subject is a living individual who uses our service and is the subject of personal data.


Collection and use of data

We collect different types of data for a number of purposes to improve the service we provide to you.


Types of Information Collected

Personally Identifiable Information

In the course of using our Service, we may ask you to provide certain personally identifiable information that we use to contact or identify you (“Personal Information”). Personally Identifiable Information may include (but is not limited to) the following data:


• E-mail address

• First and last name

• Telephone number

• Address, state, province, postal code, city

• Cookies and usage data


We may use your personal data to send you newsletters, marketing or promotional materials and other information that may be of interest to you. You can opt-out of some or all of our such communications by clicking on the relevant opt-out link or by following the instructions in our emails.


Usage Data

We may also collect data about the manner in which our Service is accessed or used (“Usage Data”) This usage data may include the Internet Protocol address (IP address) of your computer, your browser type, your browser version, the pages you visit within our service, the time and date of your visit, the total time spent on the relevant pages, individual device identification features and other diagnostic data.


Tracking & Cookies

We use cookies and similar tracking technologies to monitor activity on our Service and store certain data in this context. Cookies are files with a small amount of data, such as anonymous unique identifiers. Cookies are sent from a website to your browser and stored on your device. The other tracking technologies we use are so-called beacons, tags and scripts and are used to collect and track data and to improve and analyze our service. In your browser settings, you can decide whether you want to reject all cookies or only accept certain cookies. However, if you refuse to accept cookies, you may not be able to use some of our services. Examples of cookies we use: – Session cookies. We use session cookies for the operation of our Service. – Preference cookies. We use preference cookies to save your preferences and various settings. – Security cookies. We use security cookies for security purposes.


Data Usage

At XeNTiS Composite GmbH. we use the data we collect for various purposes, such as to:

• Provide and maintain our service to you;

• notify you of changes to our Service;

• enable you to participate in the interactive parts of our Service if you wish;

• provide customer support services;

• collect analytics and other valuable data so that we can improve our Service;

• monitor the use of our Service;

• detect, prevent and address technical issues;

• provide you with news, special offers and general information about other products we offer, services and events to the extent that they are similar to those that you have already purchased from us or requested from us and you have not opted out of such communications.


Legal basis for the processing of personal data in accordance with the General Data Protection Regulation (GDPR)

If you reside in the European Economic Area (EEA), XeNTiS Composite GmbH. legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it. We at XeNTiS Composite GmbH. may process your personal data for the following reasons:


•  We need to fulfill a contract we have entered into with you.

• You have given us your consent to do so.

• The processing serves our legitimate interests and these are not subordinate to your rights.

• The processing is for payment processing purposes.

• Processing is for compliance with legal requirements.


Retention of data

XeNTiS Composite GmbH. will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. XeNTiS Composite GmbH. will also retain Usage Data for internal analysis purposes. Usage Data is typically retained for shorter periods of time, except when this data is used to strengthen our security measures or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods of time.


Transfer of Data

Your data, including Personal Data, may be transferred to – and maintained on – computers located outside of your home state, province, country or other jurisdiction where data protection laws may differ than those in your jurisdiction. If you are located outside Austria and choose to provide information to us, you acknowledge that we transfer the data, including Personal Data, to Austria and process it there. Your consent to this Privacy Policy and any subsequent transfer of data by you constitutes your agreement to that transfer. XeNTiS Composite GmbH. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.


Disclosure of Data

Disclosure for Law Enforcement Purposes Under certain circumstances, XeNTiS Composite GmbH may be required to disclose your personal data if required to do so by law or in response to a court or government request.


Legal Requirements

XeNTiS Composite GmbH may disclose your personal data if it believes, in good faith, that such disclosure is necessary to:

• comply with a legal obligation

• to protect and defend the rights or property of XeNTiS Composite GmbH.

• to prevent or investigate possible wrongdoing in connection with the Service.

• to protect the personal safety of users of the Service or the public.

• to avoid liability.


Data Security

The security of your data is important to us. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to implement commercially acceptable measures to protect your personal data, we cannot guarantee its absolute security.


Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you reside in the European Economic Area (EEA), you have certain data protection rights. XeNTiS Composite GmbH strives to implement reasonable measures to allow you to correct, amend, delete or limit the use of your personal data. If you would like to know what personal data we have stored about you and if you would like to have your data deleted from our system, please contact us. Under certain circumstances, you have the following data protection rights:

• The right to access, update, or delete the data we have stored about you. Where possible, you can access, update, or request deletion of your personal data directly in your account settings section. If you are unable to perform these actions yourself, please contact us so that we can assist you.

• The right to rectification. You have the right to have your data rectified if it is inaccurate or incomplete.

• The right to object. You have the right to object to us processing your personal data.

• The right to restriction. You have the right to restrict our processing of your personal data.

• The right to data portability. You have the right to request that we provide you with a copy of the data we hold about you in a structured, machine-readable and commonly used format.

• The right to withdraw consent. You also have the right to withdraw your consent at any time where XeNTiS Composite GmbH has relied on your consent to process your personal data. Please note that we may verify your identity before processing such requests. You have the right to lodge a complaint with a data protection authority regarding our collection and use of your personal data. You can obtain further information in this regard from your local data protection authority within the European Economic Area (EEA).


Service Providers

We may employ third party companies and individuals (“Service Providers”) to assist us in providing our Service, to perform services on our behalf, to perform services related to our Service, or to assist us in analyzing how our Service is used. These third parties will have access to your Personal Data only to the extent necessary to perform these tasks on our behalf and will not disclose or use it for any other purpose.


Analytics

We may employ third party service providers to monitor and analyze how our Service is used. Google Analytics Google Analytics is a web analytics service provided by Google that tracks and reports on website traffic. Google uses the data obtained to track and monitor the usage of our Service. This data is shared with other Google services. Google may use the data collected to contextualize and personalize ads within its own advertising network. You can opt out of your activity on our Service being transmitted to Google Analytics by installing the Google Analytics Opt-out Browser Add-on. This add-on prevents data about visits and activity being transmitted to Google Analytics via the Google Analytics JavaScript (ga.js, analytics.js, and dc.js). For more information about Google’s privacy practices, please visit Google’s Privacy Terms web page: https://policies.google.com/privacy?hl=en


Behavioral Remarketing

XeNTiS Composite GmbH uses remarketing services to show you ads on third-party websites after you have visited our Service. We and our third-party vendors use cookies to create, optimize, and display ads based on your past visits within our Service.


Google Ads (AdWords)

Google Ads (AdWords) is a remarketing service provided by Google Inc. You can opt out of Google Analytics for displaying ads and personalize Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. The Google Analytics Opt-out Browser Add-on allows visitors to prevent the collection and use of their data by Google Analytics. For more information about Google’s privacy practices, please visit Google’s Privacy Terms web page: https://policies.google.com/privacy?hl=en


Google Maps

This website uses Google Maps to display map information. When Google Maps is used, Google also processes and uses data about the use of the Maps functions by visitors to the website. For more information about data processing by Google, please see Google’s privacy policy at https://www.google.at/intl/de/policies/privacy/. There you can also change your settings in the privacy center so that you can manage and protect your data.


YouTube

Features of the service YouTube are available on our website. These features are provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (‘Youtube’). The included video files store cookies on users computers when the web page is accessed. If you have disabled the setting of cookies for the Google advertising program, you will not have to expect any such cookies when accessing YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you have to block this in your web browser.


Facebook

Facebook’s remarketing service is provided by Facebook Inc. For more information about Facebook’s interest-based advertising, please visit the following page: https://www.facebook.com/help/164968693837950 You can opt out of Facebook’s interest-based advertising by following these instructions: https://www.facebook.com/help/568137493302217 Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising created by the Digital Advertising Alliance. You can also choose to reject Facebook and other participating companies in the US through the Digital Advertising Alliance http://www.aboutads.info/choices/, in Canada through the Digital Advertising Alliance of Canada http://youradchoices.ca/, or in Europe through the European Interactive Digital Advertising Alliance http://www.youronlinechoices.eu/; alternatively, you can adjust the settings on your mobile device accordingly. Further information about Facebook’s privacy practices can be found in Facebook’s Data Policy: https://www.facebook.com/privacy/explanation


Payments

We may provide paid products and/or services within our Service. In these cases, we use third-party payment providers to process payments. We will not store or collect your payment card information. This information is transmitted directly to the third-party payment providers, whose use of your personal information is governed by their respective privacy policies. These payment providers adhere to the standards established by PCI-DSS, administered by the PCI Security Standards Council, a joint effort of brands such as Visa, MasterCard, American Express, and Discover. The PCI-DSS requirements support the secure handling of payment data. The payment providers we use are:

PayPal/Braintree

You can view the PayPal/Braintree privacy policy here https://www.paypal.com/webapps/mpp/ua/privacy-full


Links to other websites

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over the content, privacy policies and practices of third party websites or services and accept no liability in this regard.


Privacy of minors

Our service is not directed at persons under the age of 18 (‘minors’). We do not scientifically collect personally identifiable information from minors. If you are a parent or guardian and you become aware that a minor under your care has provided us with personal information, we encourage you to contact us. If we become aware that we have collected personal information from a minor without prior consent, we will take steps to remove that information from our servers.


Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the updated version on this page. We will notify you via email and/or a visible notice on our Service, prior to the change becoming effective and update the “Effective Date” at the top of this Privacy Policy. We encourage you to frequently review this Privacy Policy for any changes. Changes to this privacy policy will take effect upon their publication on this page.


Credit checks

XeNTiS Composite Entwicklungs- und Produktions GmbH transmits personal data collected within the scope of this contractual relationship for the application, implementation, and termination of this business relationship to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich. The legal basis for these transfers is Article 6 (1) (b) and Article 6 (1) (f) of the General Data Protection Regulation (GDPR). Transfers based on Article 6 (1) (f) GDPR may only take place if this is necessary to protect the legitimate interests of XeNTiS Composite Entwicklungs- und Produktions GmbH or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. The data exchange with CRIF Bürgel GmbH also serves to fulfill legal obligations to conduct creditworthiness assessments of customers (Sections 505a and 506 of the German Civil Code). CRIF Bürgel GmbH processes the received data and also uses it to provide its contractual partners in the European Economic Area and Switzerland, as well as other third countries (provided that an adequacy decision by the European Commission exists for these), with information, among other things, for assessing the creditworthiness of natural persons. Further information on the activities of CRIF Bürgel GmbH can be found in the CRIF Bürgel information sheet or viewed online at www.crifbuergel.de/de/datenschutz.


Payment Guarantee

When paying via the payment methods “purchase on account”, “direct debit” (depending on which payment method(s) are offered), the purchase price claim will be transferred via Novalnet AG as the payment institution to Financial Management Solutions GmbH (under the brand InfinitePay), (hereinafter referred to as “InfinitePay”). The data required for payment processing will be transmitted to InfinitePay. The data transmission serves, among other purposes, to enable InfinitePay to carry out an identity and credit check in order to process your purchase using the payment method you have requested. The processing is carried out on the basis of Art. 6 (1) (f) GDPR out of the legitimate interest in offering various payment methods and the legitimate interest in protection against payment default. You have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time by notifying us for reasons arising from your particular situation. You can find InfinitePay’s privacy policy here: https://www.infinitepay.de/datenschutzhinweise If you would like to receive information about the use of your personal data, you can contact datenschutz@fms-mainz.de at any time. Providing this data is necessary for concluding the contract using your desired payment method. Failure to provide this data will result in the contract not being concluded using your desired payment method.


Contacting us

If you have any questions about this privacy policy, you can contact us as follows: By email: shop@xentis.com By visiting the following page of our website: https://xentis.com/kontakt/ By phone: +43 314260945-0