Information obligation according to Art. 13 and 14 of the GDPR General Data Protection Regulation
1. Who is responsible for the data and whom can I contact?
The data controller is:
- XiTrust Secure Technologies GmbH
Grazbachgasse 67, 8010 Graz
- XiTrust Secure Technologies GmbH Germany
Am Nordpark 1, 41069 Mönchengladbach
- XiTrust Secure Technologies AG Switzerland
Alte Haslenstrasse 5
9053 Teufen AR (St. Gallen)
Phone.: +43 699 1410 2032
2. What are the purposes for which personal data is processed and what is the legal basis for processing this data?
The purposes why we are processing personal are:
- Fulfilment of contractual obligations with our customers
- Treatment of enquiries from interested parties
- IT and security operations
- Direct marketing activities (e.g. product information, newsletters) unless the use of data contravenes Art 21 of the General Data Protection Regulation (GDPR)
- To fulfil legal obligations of XiTrust, such as: accounting
- In connection with requests from data subjects
- To safeguard legitimate interests
- For all purposes for which you have granted consent (whereby you may revoke your consent at any time
The legal basis for personal data processing is set out below:
- Protection of legitimate interests of XiTrust, of the customer as data controller or of a third party as data controller;
- To fulfil a legal obligation, for which XiTrust is subject to in his role as data controller;
- Consent of the data subject to process his personal data;
3. What are the categories of the personal data being processed?
We process personal data that we obtain as part of a data subject request or our business relation to customers, business partners, employees, service providers or interested parties. Additionally, we process personal data that has been duly collected or obtained from publicly accessible sources (e.g. websites, directory publishers, media).
Other personal data categories are primarily contact details (e.g. names, addresses, phone numbers, email addresses) and data from the fulfilment of the contract (e.g. data to access or use the system, credentials, name of the company, contract data, invoice data), data required for the use of the services provided by XiTrust (e.g. application-specific data, gathered by the users of the services provided by XiTrust), electronic identification data.
4. Who receives your data?
5. How long do we store your personal data?
XiTrust stores personal data as long as necessary for the purpose for which the personal data is processed, and in particular for the duration of the business relationship and depending on statutory safekeeping and documentation obligations such as the Austrian Business Code (UGB) and the Austrian Federal Tax Code (BAO). Furthermore, your personal data is stored in line with the statutory limitation periods.
6. What are the rights of data subjects?
Data subjects have at all times the right to be informed about the processing of their data, as well as to rectify, delete or limit the processing of their stored data, and the right to object the processing according to the requirements of the Data Protection Act.
If you make use of these rights, please fill out and sign the form available at Inquiry Form and return it to XiTrust together with a copy of an official identification document in scan form by email to email@example.com. You can refer your complaints to the Austrian Data Protection Authority.
Objection against processing of personal data for the purpose of direct advertising: you have the right to object against processing of personal data for purpose of direct advertising at any time (e.g. Newsletter). As a result of your objection your personal data will no longer be used for this purpose.
You have the right to revoke your consent to process your personal data at any time for one or more specific purposes. This also applies for consent granted before May 25, 2018.
Refer your objection or request to revoke your consent to: firstname.lastname@example.org.
7. Are you obliged to provide data?
In connection to our business relationship, you are requested to provide us with data necessary to establish and develop our business relationship and also with data required to comply with legal obligations. If you do not provide us with this data, we will generally have to refuse to conclude the contract, to execute your order or we might be unable to complete an existing contract and as a result be forced to terminate it. However, you are not obliged to grant your consent for data processing for data that is not relevant or legally required for the fulfilment of the contract.
8. Do we use automated decision-making including profiling?
XiTrust does not use automated decision-making pursuant to Art 22 GDPR (General Data Protection Regulation) for entering into or developing a business relationship.
Additional information on data processing within the scope of XiTrust’s website:
Server log files
When you access our website, logs of certain access data are automatically generated (mainly the IP address used, the time the website was accessed, the pages visited in our website). This data is stored for data and system security purposes and due to our legitimate interests as website owners according to Art. 6 paragraph. 1 lit. f of the GDPR (General Data Protection Regulation). This data remains stored for a period of 10 days.
The collected data is solely used for statistical evaluations and for the purpose to improve our website. The website owner reserves the right to review server log files at a later time, in case there is reasonable suspicion of unlawful use.
You can also use our website without giving your consent for the use and storage of cookies. If you do not want to accept cookies, you can change your browser settings, so that cookies are not stored. However, this might lead to limitations in the use of our website.
Our website uses features of the following web analysis service providers: Google Analytics, HubSpot, LinkedIn and Google Ads.
Information collected by this means is transferred to the server of the provider and stored there.
YouTube Videos on our site are hindered of transferring data to Google when loading our site. Only when playing the videos, data is transferred to Google.
The headquarters of the server providers are: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland; LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; HubSpot European Office, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland.
We have concluded a data processing contract with the service providers. No data is transferred to the US, as stablished in the EU Standard Contractual Clauses.
You can subscribe to our Newsletter on our website. For this purpose, we need your email address, your name and consent to receiving our Newsletters. You can cancel your subscription at any time, just use the unsubscribe link that appears at the end of your Newsletter email or send us an email to email@example.com. We will immediately delete your data in connection to your newsletter subscription.