Privacy policy.
Information obligation according to Art. 13 and 14 of the GDPR (General Data Protection Regulation)
We take the protection of your personal data very seriously. In the following privacy policy statement, we inform you about the most important aspects on how we handle your personal data and measures for data protection in our company.
1. Who is responsible for the data and whom can I contact?
The data controller is:
XiTrust Secure Technologies GmbH
Reininghausstrasse 3, 8020 Graz
Austria
The contact details of the Data Protection Officer are as follows:
XiTrust Secure Technologies GmbH
Data Protection Officer
Reininghausstrasse 3, 8020 Graz
Austria
[email protected]
XiTrust Secure Technologies GmbH Germany
Am Nordpark 1, 41069 Mönchengladbach
Germany
The contact details of the Data Protection Officer are as follows:Â [email protected]
XiTrust Secure Technologies AG Switzerland
Alte Haslenstrasse 5
9053 Teufen AR (St. Gallen)
Switzerland
(hereinafter referred to as „XiTrust“)
E-mail: [email protected]
Phone: +43 316 23 20 31
2. What are the purposes for which personal data is processed and what is the legal basis for processing this data?
The purposes why we are processing personal are:
- Fulfilment of contractual obligations with our customers
- Treatment of enquiries from interested parties
- IT and security operations
- Direct marketing activities (e.g. product information, newsletters) unless the use of data contravenes Art 21 of the General Data Protection Regulation (GDPR)
- To fulfil legal obligations of XiTrust, such as: accounting
- In connection with requests from data subjects
- To safeguard legitimate interests
- For all purposes for which you have granted consent (whereby you may revoke your consent at any time
The legal basis for personal data processing is set out below:
- Protection of legitimate interests of XiTrust, of the customer as data controller or of a third party as data controller;
- To fulfil a legal obligation, for which XiTrust is subject to in his role as data controller;
- Consent of the data subject to process his personal data;
3. What are the categories of the personal data being processed?
We process personal data that we obtain as part of a data subject request or our business relation to customers, business partners, employees, service providers or interested parties. Additionally, we process personal data that has been duly collected or obtained from publicly accessible sources (e.g. websites, directory publishers, media).
Other personal data categories are primarily contact details (e.g. names, addresses, phone numbers, email addresses) and data from the fulfilment of the contract (e.g. data to access or use the system, credentials, name of the company, contract data, invoice data), data required for the use of the services provided by XiTrust (e.g. application-specific data, gathered by the users of the services provided by XiTrust), electronic identification data.
4. Who receives your data?
Within XiTrust, employees who receive the data are those who require the data to fulfil XiTrust’s contract or statutory obligations, or for the purposes described under point 2. Moreover, recipients, who require the data to provide their services in connection to the fulfilment of XiTrust contract obligations or in the case that the legal basis would require it.
As part of direct marketing using an email marketing tool and to automate the sending of newsletters, data may be transferred to a third country. Please find more information on this in the section “Automated technologies and interactions” below. If you have any questions, please contact [email protected].
4.1 Transfer of data to the USA
Please note that certain consent-based cookies are also operated by companies that may process or transfer data in the USA. Your consent also allows us to transfer certain data to our partners for processing in the USA (e.g. Google). The ECJ classifies the USA as a country without an adequate level of data protection. There is no adequacy decision by the EU Commission for the USA and, despite extensive measures, the high EU level of data protection cannot be guaranteed in the USA. There is a risk that transferred data may not be deleted or further processed for any purpose, that US authorities may have disproportionate access to your data and that you may not be able to effectively enforce your data subject rights in the USA. The transfer of your data to the USA and the use of cookies, which involve such a transfer, therefore takes place exclusively on the basis of your consent in accordance with Art 49 para. 1 lit a GDPR, which you can revoke at any time.
5. How long do we store your personal data?
XiTrust stores personal data as long as necessary for the purpose for which the personal data is processed, and in particular for the duration of the business relationship and depending on statutory safekeeping and documentation obligations such as the Austrian Business Code (UGB) and the Austrian Federal Tax Code (BAO). Furthermore, your personal data is stored in line with the statutory limitation periods.
6. What are the rights of data subjects?
Data subjects have at all times the right to be informed about the processing of their data, as well as to rectify, delete or limit the processing of their stored data, and the right to object the processing according to the requirements of the Data Protection Act. If you make use of these rights, please fill out and sign the form available at Inquiry Form and return it to XiTrust together with a copy of an official identification document in scan form by email to [email protected]. You can refer your complaints to the Austrian Data Protection Authority.
Objection against processing of personal data for the purpose of direct advertising:
You have the right to object against processing of personal data for purpose of direct advertising at any time (e.g. Newsletter). As a result of your objection your personal data will no longer be used for this purpose.
Revoking consent:
You have the right to revoke your consent to process your personal data at any time for one or more specific purposes. This also applies for consent granted before May 25, 2018.
Refer your objection or request to revoke your consent to: [email protected]
7. Are you obliged to provide data?
In connection to our business relationship, you are requested to provide us with data necessary to establish and develop our business relationship and also with data required to comply with legal obligations. If you do not provide us with this data, we will generally have to refuse to conclude the contract, to execute your order or we might be unable to complete an existing contract and as a result be forced to terminate it. However, you are not obliged to grant your consent for data processing for data that is not relevant or legally required for the fulfilment of the contract.
8. Do we use automated decision-making including profiling?
XiTrust does not use automated decision-making pursuant to Art 22 GDPR (General Data Protection Regulation) for entering into or developing a business relationship.
Additional information on data processing within the scope of XiTrust’s website:
Server log files
When you access our website, logs of certain access data are automatically generated (mainly the IP address used, the time the website was accessed, the pages visited in our website). This data is stored for data and system security purposes and due to our legitimate interests as website owners according to Art. 6 paragraph. 1 lit. f of the GDPR (General Data Protection Regulation). This data remains stored for a period of 10 days. The collected data is solely used for statistical evaluations and for the purpose to improve our website. The website owner reserves the right to review server log files at a later time, in case there is reasonable suspicion of unlawful use.
Cookies
We use cookies for some areas on our site. Cookies are small text files that are saved by your browser and stored on your device.
Some cookies are stored on your device until you delete them. They enable us to recognize your browser on your next visit. When visiting our website for the first time you are requested to grant your consent for the use of cookies.
You can also use our website without giving your consent for the use and storage of cookies. If you do not want to accept cookies, you can change your browser settings, so that cookies are not stored. However, this might lead to limitations in the use of our website.
We use cookies for web analysis aimed at collecting statistical information on the use of our site that helps us to optimize and design our site and for advertising purposes in line with the legal basis outlined in Art 96 paragraph 3 of the TKG (Austrian Telecommunications Act) and pursuant to Art 6 paragraph 1 lit a (consent) and/or (legitimate interest) of the GDPR.
Our website uses features of the following web analysis service providers: Google Analytics, Pardot Marketing Automation System, LinkedIn and Google Ads.
Information collected by this means is transferred to the server of the provider and stored there.
YouTube videos on our website are hindered of transferring data to Google when loading our site. Only when playing the videos, data is transferred to Google.
The headquarters of the server providers are: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland; LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA.
We have concluded a data processing contract with the service providers. Data is transferred to the USA based on standard contractual clauses of the European Union.
Automated technologies or interactions
We use the Pardot Marketing Automation System – hereinafter: Pardot MAS – of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA. Pardot MAS is an application linked to the Salesforce CRM system for recording and analyzing the use of a website by website visitors and for use as an e-mail marketing tool and for automating the sending of newsletters. Insofar as Pardot MAS and Salesforce process personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions on the basis of the order processing agreement concluded between Pardot or Salesforce and XiTrust, including the applicable standard contractual clauses of the European Commission SCC (2021/914/EU). Personal data provided voluntarily is first stored in Pardot and then processed with the Salesforce CRM system for the purpose of contacting and/or sending information as part of direct marketing. Salesforce does not store IP addresses, but uses the individual assignment features “unique visitor ID” and “unique identifier”. Any transfer of personal data to the USA takes place on the basis of the above-mentioned guarantees. See point 4.1 for risk information on data transfer to the USA.
When you visit our website, Pardot MAS records your click path and uses it to create an individual user profile using a pseudonym. For this purpose, cookies are used that enable your browser to be recognized. The cookies used are a “visitor cookie” and a “Pardot App Session 5 cookie”. The “visitor cookie” is used to generate an identification number that is used to recognize the website visitor’s browser. The identification number is a generated numerical code that has no meaning outside of Pardot Services. The “Pardot App Session Cookie” is only set when a customer logs in to the Pardot App as a user. All cookies only receive the generated numerical code.
Emails sent with the help of Pardot use tracking technologies. We use this data to find out which topics are of interest to you by tracking whether our emails are opened and which links you click on. We then use this information to improve the emails we send you and the services we provide.
Newsletter
You can subscribe to our Newsletter on our website. For this purpose, we need your email address, your name and consent to receiving our Newsletters. You can cancel your subscription at any time, just use the unsubscribe link that appears at the end of each newsletter email or send us an email to [email protected]. We will immediately delete your data in connection to your newsletter subscription.