The controller is the
XOM Materials GmbH
c/o WeWork Potsdamer Platz
Our DPO is available under the following addresses:
XOM Materials GmbH
c/o WeWork Potsdamer Platz
- Datenschutzbeauftragter -
2.1 Personal data
Pursuant to the General Data Protection Regulation (“GDPR“), personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Which kind of data we process and how we collect it
2.2.1 General use of the Site
Insofar as you do not actively make personal data available to us, we do not store personal data while you use our Site except that our webserver(s) register all connections to the Site automatically and collects the following technical information about your visit:
- Date and time of access,
- Type and setup of your internet browser,
- Operating system used,
- The website you came from,
- your IP address.
2.2.2 Registering for a user account and purchasing products
You may register for a user account on our Site. You need a user account in order to purchase products or services on out platform. For creating a user account, we collect the following data:
- Company Name
- House No.
- Additional address (optional)
- Postal code
- Company VAT
- Company registration number (optional)
- Email address
Additionally, we collect contact data from you:
- First Name
- Last Name
- Email (for login)
- Phone Number
If you buy a product from a vendor, we process the data mentioned above. In such case, we process further transaction-related data. These are data on purchases or sales you make when placing an order, or other transaction-related data, such as the time and price of the transaction, and financial information for settlement as well as shipping and billing information.
Moreover, we process the information related to an order on the amount and type of purchased products in aggregated form. For example, we store product and pricing information from a successful order process and aggregate that data to evaluate the use of our Industrial Platform. Your data is not affected by this. Rather, merely anonymous data is concerned which cannot be assigned to your person or user profile and which only allows a statistical evaluation of the use of the Industry Platform.
If you contact us by writing an email, we collect your email address and all information that is included in the email.
2.3 Why and on which legal basis do we do that
We process your IP address only to allow your device to establish a connection to our webserver over the Internet. By storing logfiles we ensure security and integrity of our IT systems. This processing is based on Art. 6 par. 1 lit. f) GDPR.
If you register a user account with us, we process this data to create your user account and manage all related operations, for example for the purchase products or services. The legal basis is Art. 6 part. 1 lit. b) GDPR.
If you purchase products or services on our platform, we process the collected data for the purposes of performance and conclusion of contract. The legal basis is Art. 6 par. 1 lit. b) GDPR. Additionally, we are legally obliged to store certain data, which is included in contracts and invoices as well as in business letters or other documents relevant for taxation or accounting. The legal basis is Art. 6 par. 1 lit. c) GDPR and Sec. 147 AO and Sec. 257 HGB.
If you contact us by email or by using a contact form, the processing is based on Art. 6 par. 1 lit. f) GDPR. The purpose as well as our legitimate interest is to answer your inquiry.
Internally, the relevant department processes your data. Externally, we share the relevant data with the vendor, you purchased products or services from. Additionally, we use IT service providers.
Some of our service providers process data in the U.S. These service providers are certified under the EU-US-Privacy Shield, which ensures an adequate level of protection for your personal data.
Our log files are stored for seven day.
The data processed in relation to your user account is stored until you terminate your user account. After termination, we delete your data immediately.
We store the data about your purchases as long as you have a user account with us. However, if personal data is relevant for our contracts or invoices, we store it until the end of the eleventh year after conclusion of contract. If personal data is stored in business letters or other documents relevant for taxation or accounting, we store it until the end of the seventh year after conclusion of contract.
Your emails will be stored for the time needed to answer your inquiry and for three more years, if you refer to us again.
If the respective requirements are met, the GDPR grants you certain rights as a data subject.
- Art. 15 GDPR – Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information.
- Art. 16 GDPR – Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Art. 17 GDPR – Right to erasure: You shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
- Art. 18 GDPR – Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.
- Art. 20 GDPR – Right to data portability: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
Art. 21 GDPR – Right to object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
In such case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.
- Art. 77 GDPR – Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to firstname.lastname@example.org.
You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.
We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If you wish to prevent us from storing cookies on your device, your web browser or device may provide you with certain settings to do so. Most web browsers accept cookies by default. However, you may change these default settings in order to prevent any kind of storage or only allow storage after an explicit request. You may find an instruction on how to change your settings in the help section of your browser or device. The respective settings only apply to the device you are currently using. If you use another device, change your web browser or reinstall your browser you may have to change the respective settings again. Please, be aware that not accepting cookies may lead to you not being able to fully use the Site. In particular, ordering products through the Site may not be possible without cookies. Our usage of cookies finds its legal basis in Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
8.2 Google Analytics
We use Google Analytics, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“) to collect information about how users use our Site. The information generated by the cookie about your use of the Site will be transmitted to and stored by Google on servers in the United States. As IP-anonymization is activated, your IP address will be anonymized as soon as technically feasible at the earliest possible stage of the collection network. In addition, it will only be partially used within the European Union or just in the European Economic Area if it is used by other parties. Only in exceptional cases, the full IP address will be transferred to a Google server in the United States, and then shortened so it is only partially used there.
Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it. The collected data is stored for three months. Further information on how Google processes personal data is available at: https://policies.google.com/?hl=en.
Berlin, June 2018