DATA PROTECTION STATEMENT

 

(As of January 2021)

 

§ 1 General Information

XALAX places high priority on handling personal data responsibly. We want you to be aware of the data that we collect from you, when we collect it and how we use it. We have undertaken the necessary technical and organisational steps to ensure that data protection regulations are observed both by us and by our external service providers.

 

§ 2 Responsible Entity

Within the meaning of the General Data Protection Regulation (GDPR), the operator of this website and the entity responsible is XALAX GmbH, Auer-Welsbach-Gasse 36, 8055 Graz.

If you have any questions about data protection or the processing of your personal data, please contact us at:
XALAX GmbH
Auer-Welsbach-Gasse 36
8055 Graz
Tel.: +43 316 3170 0
office@xalax.com

You can reach our data protection officer at:
dataprotection@xal.com
+43 316 3170 8715
Auer-Welsbach-Gasse 36
8055 Graz
AUSTRIA

 

§ 3 Data Processed

We process various categories of your personal data, which are dependent on whether you visit our website, whether you agree to the use of cookies and which you allow, or if you enter into a business relationship with us.

3.1 Data processed when you visit our website
When you visit our website, no personal data will be processed.

3.2 Processed data with consent to cookies
If you agree to the use of cookies, each cookie processes different data about you (e.g. IP address, location, browser language, user behaviour, etc.). You can find more detailed information about the cookies we use under Section 9 of this Data Protection Statement and in our Cookie Policy.

3.3 Data processed when contacting us by e-mail
If you contact us by e-mail, we process your personal data such as your name, form of address, telephone and fax number, e-mail address and the language of correspondence. This data is stored by us for at least six months to process the request and in the event of follow-up questions.

3.4 Data processed when entering into a business relationship
In the event that you enter into a business relationship with us, we collect the following (personal) data:
• Name
• Title
• Business address and other addresses
• Telephone number
• E-mail address
• Profession/Professional title/Job title
• Date of birth
• Registered business number
• Contact persons
• Sector
• Employer
• Order data
• Product preferences
• Internal customer ID
• Language
• Gender
• VAT identification number
In addition, we will assign you an internal customer or supplier number.

 

§ 4 Period of Storage

Insofar as your personal data is processed by our accounting system, as in the case of a contract being concluded, it will be stored until the end of the prescribed period under the statutory obligations of retention. In accordance with the applicable tax regulations, the period is 7 years. For the purposes of product liability, we store selected data (name, address, goods and date) for 10 years.

 

§ 5 Purposes of Processing

We process the data collected from you primarily for the purpose of fulfilling the contract or to carry out pre-contractual procedures. Furthermore, we are subject to statutory obligations to process data, e.g., for reasons of applicable tax and commercial law provisions, as well as anti-corruption and anti-money laundering regulations.

We process data, such as your name and e-mail address, that you have voluntarily made available to us, on the basis of your consent for the purpose of customer service, for our own advertising purposes, such as sending out promotional offers, advertising brochures and newsletters (in paper and electronic form), as well as for the purpose of indicating the existing or previous business relationship with the customer (reference notice).

The data processing takes place on the basis of the statutory provisions of Section 96 par. 3 TKG (Austrian Telecommunications Act) as well as on the basis of your consent and for the purpose of fulfilling the contract.

 

§ 6 Our Principles in connection with the processing of your personal data

It is important to us that we comply fully with all statutory data protection regulations. Your personal data is processed on the basis of the General Data Protection Regulation (GDPR) and the national laws derived from it.

Your personal data is secure with us. Your data will not be sold, loaned or rented by us or passed on to third parties in any manner or form, without your express consent.

In certain cases, however, your personal data will be transferred to contract data processors, if they provide sufficient guarantee of lawful and secure use of data and if they are contractually obligated to comply with the principles described in this Data Protection Statement and the statutory regulations.

However, we reserve the right to transfer your personal data to another company, as part of business restructuring or company mergers, provided that this company undertakes to comply with our principles in connection with the processing of personal data and has its registered office either within the European Union or in a third country with appropriate data protection.

We also reserve the right to pass on your personal data to third parties if we are required to do so by law, a final judgement of the relevant court or an order of the relevant authority. We also reserve the right to pass on your personal data if, as a result of acts or omissions on your part, we are forced to protect or have our rights, property or assets protected by the relevant authorities.

We limit our data processing to a necessary and sensible extent. We also explain to you for what purpose we collect and process your data. If your personal data is no longer required for use, it will be deleted.

 

§ 7 Data Transfer and Order Data Processing

As part of a global group, the branches of our subsidiary companies and our extended group of companies, as well as external service providers, are located both inside and outside of the European Economic Area (EEA). We may also use a contract data processor for processing your data. We pass on your data to the following recipients or recipient categories, e.g.: tax consultants, legal representatives, banks, subcontractors, suppliers, group companies.

Some of your data will also be forwarded to countries outside the European Union or the EEA and processed there. This primarily affects the United States of America, India, the People's Republic of China, the United Arab Emirates and the United Kingdom. The data transfer is based on the order data processing contracts that we have concluded with the corresponding order data processors.

 

§ 8 Automated Decision-Making and Profiling

We do not use any automated decision-making / profiling processes.

 

§ 9 Cookies

Our website uses cookies to collect personal data as well as standard internet log data and information on the behavioural patterns of end users when visiting our website. When visiting our website, first of all, you can determine your cookie settings. You can decide which categories of cookies you allow. We collect different data from you, depending on which cookies you allow. This is performed in order to offer you a better user experience, to recognise preferences, to diagnose technical problems and to analyse trends as well as to make product recommendations matched to your interests.

In addition, most browsers allow you to select whether you wish to allow cookies or not. If you do not want cookies to be stored on your computer, please set your browser preferences before accessing our website so that all cookies are rejected. Please note that this may mean that some functions of our website are not available.

Further information on how to check which cookies have been stored and how to manage and delete them, can be found under www.allaboutcookies.org.

Cookies are text files that websites store on your computer, or other terminal, for the purpose of logging and improving functionality. Most cookies are known as session cookies and are deleted from your device after the browser session has ended. Other cookies remain stored on your device and enable us to recognise your device on your next visit (referred to as long-term cookies). We also use third-party cookies on our website.

You can read more information about which cookies we use and which data they store in our Cookie Policy.

 

§ 10 Your Rights

You have the following rights in connection with the use of your personal data:

Right of access by the data subject (Art 15 GDPR): You can request information at any time as to whether and which personal data we are using. You also have the right to know what purposes the processing serves, from where the data originates, to which recipients we transmit the data and how long we store this data.

Right to rectification (Art 16 GDPR): If you find that the personal data that we are processing is incorrect, you are entitled to request that this data be corrected at any time. If, in your opinion, data is incomplete, you are entitled to request that this data be corrected.

Right to erasure (Art 17 GDPR): If you are of the opinion that the processing of your personal data is no longer necessary or that there is no (longer) a legal basis for this processing or that, for other reasons, we are processing the data unlawfully, you can request that this data be deleted.

Right to restriction of processing (Art 18 GDPR): If we process your personal data unlawfully, you can also request that the use of this data be restricted as an alternative to deletion. This applies, in particular, if you dispute the accuracy of your data or if an objection has been lodged against data processing.

Right to data portability (Art 20 GDPR): The right to data portability ensures that the personal data we process, on the basis of a contract or consent, is made available to you in a structured, commonly used and machine-readable format. You can also request that we transmit this data directly to a controller.

Right to object (Art 21 GDPR): You can object to data processing if there are reasons, related to your particular situation, that make the use of your data inadmissible. If we use your personal data for direct mailing, you have the right to object.

Right to lodge a complaint with a supervisory authority (Art 77 GDPR): If you believe that your rights in respect of your personal data have been infringed, you have the right to lodge a complaint with the supervisory authority.

If you have any questions or points of clarification about your rights, please do not hesitate to contact us at the following e-mail address: office@xalax.com.

 

§ 11 Protection of Your Data

We take technical and organisational steps to protect your data, in the best possible manner, against loss, destruction, access or modification, as well as distribution, by unauthorised persons. We regularly evaluate these measures and adapt them to progress in technology. It is important for us to emphasise to you that, despite extensive measures, it is not possible for us to guarantee absolute protection of your data.

 

§ 12 Changes to the Data Protection Regulations

Statutory changes or changes to internal company processes may make it necessary to adapt these data protection provisions, and we accordingly reserve the right to do so. We ask you to read this data protection declaration on a regular basis.