xalax
 

 

 

DATA PROTECTION STATEMENT

 

(As of August 2024)

 

§ 1 General Information

XALAX places high priority on handling personal data responsibly. We want you to be aware of the data that we collect from you, when we collect it and how we use it. We have undertaken the necessary technical and organisational steps to ensure that data protection regulations are observed both by us and by our external service providers.

 

§ 2 Responsible Entity

Within the meaning of the General Data Protection Regulation (GDPR), the operator of this website and the entity responsible is XALAX GmbH, Auer-Welsbach-Gasse 36, 8055 Graz.

If you have any questions about data protection or the processing of your personal data, please contact us at:


XALAX GmbH
Auer-Welsbach-Gasse 36
8055 Graz
Tel.: +43 316 3170 0
office@xalax.com

You can reach our data protection officer at:
dataprotection@xal.com
+43 316 3170 8715
Auer-Welsbach-Gasse 36
8055 Graz
AUSTRIA

 

§ 3 Data Processed

We process various categories of your personal data, which are dependent on whether you contact us by e-mail, or if you enter into a business relationship with us.

3.1 Data processed when you visit our website
When you visit our website, no personal data will be processed.

3.2 Data processed when registering for and participating in events (online or in person)
In the context of organizing and hosting events (e.g. training courses, seminars, get-togethers, webinars, presentations), we process in particular your contact data such as your name and e-mail address for the registration for an event. For the coordination of the event and the transmission of information in connection with this event (e.g. the sending of training materials after a webinar) and answering queries, we store your data for up to two months after the event date. We then immediately delete all of your disclosed personal data, unless you have consented to further processing.
In the course of the event, we reserve the right to make visual and sound recordings for marketing purposes. You agree to the use those recordings with your participation. However, you can object to the recordings directly at the event.

3.3 Data processed when contacting us
If you contact us e.g., by e-mail or a contact form (existing or yet to be implemented), we process your personal data such as your name, form of address, telephone and fax number, e-mail address and the language of correspondence. This data is stored by us for at least six months to process the request and in the event of follow-up questions. The same applies if you provide us with your personal data for the purpose of being contacted by us (e.g., by telephone or by handing over a business card).

3.4 Data processed when entering into a business relationship
In the event that you enter into a business relationship with us, we collect the following (personal) data:
• Name
• Title
• Business address and other addresses
• Telephone number
• E-mail address
• Profession/Professional title/Job title
• Date of birth
• Registered business number
• Contact persons
• Sector
• Employer
• Order data
• Product preferences
• Internal customer ID
• Language
• Gender
• VAT identification number
In addition, we will assign you an internal customer or supplier number.
Your data will be stored as long as it is necessary for the fulfillment of the contract or the performance of pre-contractual measures. Insofar as your personal data is processed by our accounting system, as in the case of a contract being concluded, it will be stored until the end of the prescribed period under the statutory obligations of retention. In accordance with the applicable tax regulations, the period is 7 years. For the purposes of product liability, we store selected data (name, address, goods and date) for 10 years.

 

3.5 Data processed when applying for a job
If you submit your application to us, you agree that the data determined during the application and the data contained in the documents sent along with the application as well as the data determined in the course of any interview (hereinafter collectively referred to as „data“) may be stored by XAL in an applicant database for the purpose of coordinating and processing the application. In the case of an application, we collect in particular, but not exclusively, the following (personal) data:
• Name
• Address
• Date of birth
• Place of birth
• Title
• Telephone number
• E-mail address
• Picture
• Marital status
• Criminal record
• Social security number
• Periods of previous service including employer
• Training certificates
Your data will be stored and processed until revoked, but no longer than 6 months, unless otherwise agreed. You can revoke your consent to data processing at any time in writing by mail to the person responsible or by e-mail to hrm@xal.com. We reserve the right to delete your data at any time even without consent.

 

§ 4 Period of Storage

In principle, we only store your data for as long as it is needed. By default, your data is stored as long as specified in the respective sections. In individual cases, however, a shorter or longer storage period may apply, e.g. due to legal obligations that XAL must comply with.

 

§ 5 Purposes of Processing

We process the data collected from you primarily for the purpose of fulfilling the contract or to carry out pre-contractual procedures. Furthermore, we are subject to statutory obligations to process data, e.g., for reasons of applicable tax and commercial law provisions, as well as anti-corruption and anti-money laundering regulations. We process data, such as your name and e-mail address, that you have voluntarily made available to us, on the basis of your consent or based on our legitimate interest for the purpose of customer service, for our own advertising purposes, such as sending out promotional offers, advertising brochures and newsletters (in paper and electronic form), as well as for the purpose of indicating the existing or previous business relationship with the customer (reference notice). The data processing takes place on the basis of the applicable statutory provisions as well as on the basis of your consent and for the purpose of fulfilling the contract.

 

§ 6 Our Principles in connection with the processing of your personal data

It is important to us that we comply fully with all statutory data protection regulations. Your personal data is processed on the basis of the General Data Protection Regulation (GDPR) and the national laws derived from it.

Your personal data is secure with us. Your data will not be sold, loaned or rented by us or passed on to third parties in any manner or form, without your express consent.

In certain cases, however, your personal data will be transferred to contract data processors, if they provide sufficient guarantee of lawful and secure use of data and if they are contractually obligated to comply with the principles described in this Data Protection Statement and the statutory regulations.

However, we reserve the right to transfer your personal data to another company, as part of business restructuring or company mergers, provided that this company undertakes to comply with our principles in connection with the processing of personal data and has its registered office either within the European Union or in a third country with appropriate data protection.
We also reserve the right to pass on your personal data to third parties if we are required to do so by law, a final judgement of the relevant court or an order of the relevant authority.
We also reserve the right to pass on your personal data if, as a result of acts or omissions on your part, we are forced to protect or have our rights, property or assets protected by the relevant authorities.

We limit our data processing to a necessary and sensible extent. We also explain to you for what purpose we collect and process your data. If your personal data is no longer required for use, it will be deleted.

 

§ 7 Data Transfer and Order Data Processing

As part of a global group, the branches of our subsidiary companies and our extended group of companies, as well as external service providers, are located both inside and outside of the European Economic Area (EEA). We may also use a contract data processor for processing your data. We pass on your data to the following recipients or recipient categories, e.g.: tax consultants, legal representatives, banks, subcontractors, suppliers, group companies.
Some of your data will also be forwarded to countries outside the European Union or the EEA and processed there. This primarily affects the United States of America, India, the People's Republic of China, the United Arab Emirates and the United Kingdom. The data transfer is based on the order data processing contracts that we have concluded with the corresponding order data processors.

 

§ 8 Automated Decision-Making and Profiling

We do not use any automated decision-making / profiling processes.

 

§ 9 Your Rights

You have the following rights in connection with the use of your personal data:

Right of access by the data subject (Art 15 GDPR): You can request information at any time as to whether and which personal data we are using. You also have the right to know what purposes the processing serves, from where the data originates, to which recipients we transmit the data and how long we store this data.

Right to rectification (Art 16 GDPR): If you find that the personal data that we are processing is incorrect, you are entitled to request that this data be corrected at any time. If, in your opinion, data is incomplete, you are entitled to request that this data be corrected.

Right to erasure (Art 17 GDPR): If you are of the opinion that the processing of your personal data is no longer necessary or that there is no (longer) a legal basis for this processing or that, for other reasons, we are processing the data unlawfully, you can request that this data be deleted.

Right to restriction of processing (Art 18 GDPR): If we process your personal data unlawfully, you can also request that the use of this data be restricted as an alternative to deletion. This applies, in particular, if you dispute the accuracy of your data or if an objection has been lodged against data processing.

Right to data portability (Art 20 GDPR): The right to data portability ensures that the personal data we process, on the basis of a contract or consent, is made available to you in a structured, commonly used and machine-readable format. You can also request that we transmit this data directly to a controller.

Right to object (Art 21 GDPR): You can object to data processing if there are reasons, related to your particular situation, that make the use of your data inadmissible. If we use your personal data for direct mailing, you have the right to object.

Right to lodge a complaint with a supervisory authority (Art 77 GDPR): If you believe that your rights in respect of your personal data have been infringed, you have the right to lodge a complaint with the supervisory authority.

If you have any questions or points of clarification about your rights, please do not hesitate to contact us at the following e-mail address: office@xalax.com.

 

§ 10 Protection of Your Data

We take technical and organisational steps to protect your data, in the best possible manner, against loss, destruction, access or modification, as well as distribution, by unauthorised persons. We regularly evaluate these measures and adapt them to progress in technology. It is important for us to emphasise to you that, despite extensive measures, it is not possible for us to guarantee absolute protection of your data.

 

§ 11 Changes to the Data Protection Regulations

Statutory changes or changes to internal company processes may make it necessary to adapt these data protection provisions, and we accordingly reserve the right to do so. We ask you to read this data protection declaration on a regular basis.