Privacy Policy

Last updated: January 8, 2024

Important notice: For your convenience, we have provided a translation of this page in german. The translation is for informational purposes only, and the definitive version of this page is the English version.

 

This data protection declaration applies to our website (hereinafter referred to as "website") and to our services on our platform (hereinafter "platform") and other online presences, such as our social media appearances. In the following, we inform you in detail about the type, scope and purpose of the personal data collected, used and processed by us and inform you about your rights as a data subject.

We reserve the right to change the privacy policy at any time with effect for the future. If you visit our website again, the updated and published data protection declaration will apply. The current version of the data protection declaration can be called up, saved and printed out at any time on our website.

With regard to the terms used (e.g. personal data, person responsible) we refer to the definitions of the General Data Protection Regulation (GDPR).

1. Name and address of the data controller

The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states is:

xenthics Solutions GmbH
Alte Landstr. 25
85521 Ottobrunn
Germany

Phone: +49 89 6081 5075
E-Mail: privacy@centrldesk.com

2. General information on data processing

2.1 Scope of processing

As a matter of principle, we collect and use personal data only to the extent that this is necessary to provide a functioning website, contents and services, as well as when you have given your consent or the processing of the data is permitted by a legal regulation.

2.2 Legal basis for the processing of personal data

Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data which is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

2.3 Legitimate interests in the processing

If the processing of your personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. In all other respects, we have stated our purposes and interests in each case within the framework of the above list of processing.

2.4 Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.

2.5 Recipient of the collected data / data transmission

Recipients of the data collected via our website are primarily us as a responsible company. In addition, any processors (web host, IT service provider, etc.) may have access to the data collected via our website. Compliance with the legal regulations is, however, ensured in this respect by means of data processing agreements which we conclude with our processors based in the EU. Data will only be transferred to so-called third countries outside the EU if and insofar as this has been pointed out below.

2.6 Need to disclose personal data

You can visit our website without personal data being collected. However, if you wish to make use of our services, the provision of personal data is mandatory for the execution of the contract.

2.7 Profiling and automated decision making

We do not carry out automatic decision making or profiling in the sense of Art. 22 GDPR.

2.8 Data security

We secure our website and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement in order to guarantee the current state of the art.

3. Your rights

In accordance with the statutory provisions, you as the data subject have the following rights:

  • the right to access,
  • the right to rectification or erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to withdraw your consent at any time with effect for the future.

You further have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on point e or f of Art. 6 para. 1 s.1 GDPR, including profiling based on those provisions.

To act according to your rights set forth above you may contact us via email to privacy@centrldesk.com.

You have the right to lodge a complaint with the data protection authority of your choice (for example: Der Bayerische Landesbeauftragte für Datenschutz https://www.datenschutz-bayern.de/).

4. Data processing when using our website, our services and our platform

4.1 Access data in server log files

Our hosting provider automatically stores access data in so-called server log files every time our website and platform is accessed.

This includes the date and time of access, the browser used and its version, the operating system used, IP address and requested URL including sub-pages.

Temporary storage of the IP address by the system is necessary to enable delivery of the website and platform to your end device. For this purpose, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and log files is Art. 6 para. 1 lit. f GDPR.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and the platform, to improve the content and to transmit it to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems. For this purpose, the above-mentioned data is stored for a maximum of 7 days. Data whose further storage is required for evidence purposes will be stored until the respective incident has been finally clarified.

The collection of data for the provision of the website and the platform and the storage of the data in log files is absolutely necessary for the operation of our website and the platform. There is therefore no possibility of objection.

4.2 Cookies and third party providers

To make visiting our website attractive and to enable the use of certain functions, we use so-called "cookies" on our website. These are small text files which are stored and saved on your end device via a browser.

Many cookies contain a so-called cookie ID. It consists of a character string by which websites and servers can be assigned to a specific browser in which the respective cookie was stored.

Cookie Settings

List of third party cookies and similar tools as well as third party providers:

Service Provider Purpose More information
Dealfront Performance, Marketing https://www.dealfront.com/privacy-center/ 
Facebook Marketing https://www.facebook.com/about/privacy 
Google Analytics Performance https://policies.google.com/privacy 
Google Fonts Fonts https://policies.google.com/privacy 
Hetzner Hosting https://www.hetzner.com/legal/privacy-policy 
Hotjar Performance https://www.hotjar.com/legal/policies/privacy/ 
Hubspot Function, Performance, Marketing https://legal.hubspot.com/privacy-policy 
IONOS Hosting https://www.ionos.com/terms-gtc/privacy-policy/ 
LinkedIn Marketing https://linkedin.com/legal/privacy-policy 
Mixpanel Performance https://mixpanel.com/legal/privacy-policy/ 
Profitwell Performance https://www.profitwell.com/privacy-policy 
Sentry Performance https://sentry.io/privacy/ 
Stripe Payments https://stripe.com/en-de/privacy 
Twilio SendGrid E-Mail dispatching https://www.twilio.com/legal/privacy 
Twitter Marketing https://twitter.com/en/privacy 

The purpose of using technically necessary cookies is to simplify the use of our website for you (e.g. your settings are saved). Some functions of our website cannot be offered without the use of cookies. For these it is necessary that your browser is recognized even after a page change. If cookies are not accepted or deactivated, the functionality of our website may be limited.

The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR.

In addition, we use cookies on our website which enable us to analyse your surfing behaviour. We inform you about these in the corresponding section of this data protection declaration.

Some third party services that we integrate may also use cookies. Please refer to the websites of the respective providers for information on how they work and how they process data. The services used by us can be found in this privacy policy.

When you access our website, you will be informed about the use of cookies.

The legal basis for the processing of personal data using cookies, which are not necessary for the operation of our website, is Art. 6 para. 1 lit. a GDPR, if you have given your consent to this.

Cookies are stored on your end device and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general or set it so that the setting of cookies is prevented and thus permanently contradict the setting of cookies. In addition, you can delete already set cookies at any time via your browser. A comprehensive objection to online marketing cookies can also be declared at https://www.youronlinechoices.com/ This also applies to all third-party cookies listed.

4.3 Data collection and use during registration and use of our services/our platform

You have the possibility to register on our platform. When you create a user account or register, you must provide certain mandatory information in order to gain access to your user account and to manage it ("Mandatory Information"). Mandatory data within the scope of registration are marked and are required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. Within the scope of the registration these are: Your name and your e-mail address. You must also create a password. If you do not provide this data, you cannot create a user account.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

We use the information you provide to authenticate you when you log in and to respond to requests to reset your password, to verify your authorization to manage the user account, to enforce the platform's terms of service and all related rights and obligations, and to contact you in order to send you technical or legal notices, updates, security messages or other messages concerning, for example, the management of the user account. We therefore only use the data you provide us with to process the contract and to provide our services to be rendered within the scope of the contract. We may also pass on your data to one or more processors who will also use your data exclusively for internal use on our behalf.

We also store your IP address and the date and time of registration in order to prevent misuse of our website and the services offered on it and, if necessary, to clarify any criminal offences committed. The storage of this data is therefore necessary for our own protection. The legal basis for this processing of personal data is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Within the framework of the use of our services, we also use the data you provided during registration.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

In principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.

After complete processing of the contract or deletion of your account, your data will first be blocked for further use and then deleted after the legal retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you below.

You have the possibility to object to the processing at any time and to delete your account. In such a case the contractual relationship with you cannot be continued.

4.4 Data collection and use when using our services as employees

If you use our platform as an employee, your employer may collect data about you via our platform. Your employer alone is responsible for this data collection and processing. In this case we only act as a processor for your employer and are bound by the instructions of your employer.

Your employer will provide you with further information on data processing by your employer when you use the platform.

4.5 Alternative login via Single-Sign-On (SSO)

Alternatively, you can also log in via Single-Sign-On with just a few clicks. An additional registration is not necessary in this case.

We will redirect you to the appropriate service after you have clicked the registration button. There you can log in with your existing login data. By logging in, your profile of the SSO service and our service will be linked together. Through the link we automatically receive your name and email address from the SSO service.

This information is mandatory for the conclusion of the contract in order to register and identify you. The legal basis for the processing of your data is accordingly the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

We use the following social log-ins on our platform:

Log-in via Google Sign-in

Google Sign-In is a service of Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google LLC has voluntarily certified itself under the US-EU “Privacy Shield” Agreement, thereby committing itself to comply with the EU privacy standards. The entity responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For more information about Google Sign-In, please see the Google Privacy Statement at: https://policies.google.com/privacy

Log-in via Microsoft

Microsoft offers a sign in over its own software "Azure", which is operated by the Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft has voluntarily certified itself under the U.S.-EU “Privacy Shield” Agreement, thereby committing itself to comply with the EU privacy policy.

For more information about Microsoft Sign-In, please see the Microsoft Privacy Statement at: https://privacy.microsoft.com/en-us/privacystatement

The same provisions on revocation and deletion periods apply as for registration via our website in accordance with the above clause.

4.6 Integrations

Our customers have the option of activating third-party services through integrations, for example the SSO services described above.

In this case, additional information may be shared with the third-party providers. The third party providers usually clarify about shared information, but they are not explicitly controlled by xenthics. Third parties who have been granted access to additional information may have their own policies and practices regarding collection and use of the information. Please check the privacy settings and notices of third party services or contact the third party service provider if you have any questions. The decision to use a third party service provider is the responsibility of the customer.

4.7 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google Analytics"). The responsible body for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses methods that enable an analysis of your use of the website, in particular from which internet page you came to our website (so-called referrers), which subpage you access or how often and for how long you view a subpage. Google Analytics uses cookies for this purpose. Every time you call up a page of our website on which Google Analytics has been integrated, your browser on your end device is automatically prompted to transmit data to Google Analytics for analysis.

The generated information about your use of our website can also be transferred to a Google LLC server in the USA and stored there. The USA is an unsafe third country. However, Google LLC has voluntarily certified itself under the US-EU “Privacy Shield” Agreement and has thus committed itself to comply with EU data protection regulations.

By activating IP anonymization on our website, the IP address is shortened before transmission within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

Google will use this information on our behalf to evaluate the use of our website by you and our other users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR, provided that you have given your consent to this effect.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

The terms of use and privacy policy of Google and Google Analytics can be found here: https://policies.google.com/privacy or here https://marketingplatform.google.com/about/analytics/terms/gb/.

4.8 Use of script libraries (Google Fonts)

In order to present our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Fonts https://fonts.google.com/

Google Fonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Fonts or prevents access, the content is displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible - but currently also unclear whether and, if so, for what purposes - that operators of such libraries collect data.

You can find the privacy policy of the library operator Google here: https://www.google.com/policies/privacy/

4.9 Hubspot

We use Hubspot on our websites, a service provided by Hubspot Inc, a U.S. software company with a European office located at HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot"). The information generated about your use of this site may be transmitted to and stored on a Hubspot server in the United States. The USA is an unsafe third country. However, Hubspot has voluntarily certified itself under the US-EU “Privacy Shield” Agreement and is committed to complying with EU data protection regulations.

We use Hubspot for CMS, analysis and marketing purposes and also use Hubspot to manage our customer relationship management (CRM) and to handle your inquiries through our contact form and newsletter.

Hubspot uses "web beacons" and "cookies" that are stored on your device and allow us to analyze your use of our site. Hubspot may use this information (e.g., IP address, geographic location, browser type, length of visit, pages viewed) to generate reports on our behalf.

If you contact us through our contact form, necessary information such as last name, first name, email address, phone number and the text you enter will be collected through our site to respond to your request.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR on the basis of our justified interest in effective customer service.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent via contact form, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

We also store your data in Hubspot's CRM, which allows us to respond more quickly and efficiently to your requests. We therefore use Hubspot to improve our services and marketing.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR if you have given your consent to do so or, if a contractual relationship exists with you, the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. B GDPR.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

If you do not want HubSpot to record your data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

We also send our newsletter via Hubspot. To subscribe, you must provide us with your e-mail address. By subscribing to our newsletter, you agree to receive it.

The legal basis for the processing of your data after you have registered for the newsletter is Art. 6 para. 1 lit. a GDPR.

Your data will be stored on the servers of Hubspot in the USA. Hubspot uses this information to send and evaluate the newsletter. The evaluation is done on our behalf, but Hubspot may also use the data to ensure and improve the quality of its services.

You may withdraw your consent to the storage and use of your personal information to receive the newsletter and the analysis described above at any time with effect for the future. To revoke your consent, you can use the link provided for this purpose in the newsletter or notify us of your revocation by email to the following address: info@centrldesk.com.

Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your email address will therefore be stored as long as the subscription to the newsletter is active.

For more information, please refer to Hubspot's privacy policy https://legal.hubspot.com/privacy-policy.

4.10 E-Mail dispatch by Twilio SendGrid

If you register as a user on our platform, we will send you system and service emails. To send the system emails (e.g. reset password) and other emails, we use the Twilio SendGrid service, which is operated by Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland (EEA headquarters).

We use the service to send you the system and service mails to enable you to manage your user account with us.

Twilio SendGrid may use the data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. to technically optimise the sending and display of emails or for statistical purposes. Twilio SendGrid does not, however, use the data to contact you itself or to pass the data on to third parties.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR or if the processing is necessary for the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection or as soon as the contractual relationship with you is terminated.

Further information on data protection can be found in the data protection regulations https://www.twilio.com/legal/privacy of Twilio.

4.11 Social Media

Besides this website, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data you specifically entered in this social network, further information may also be processed by the social network provider. Thus, your data is usually processed for market research and advertising purposes, among other things, to create corresponding user profiles and to display personalised advertising to you. For this purpose, the social network provider usually stores cookies on your end device, in which your usage behaviour and interests are stored. In addition, the social network provider may process the most important data of the computer system from which you visit it - for example your IP address, the type of processor used and browser version including plug-ins.

If you are logged in during your visit to such a network with your personal user account of the respective network, this network can assign the visit to your account. If you do not wish such an assignment, you must log out with your account and delete the cookies before visiting our social media presence.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. Provided that you have given your consent for the processing to the respective provider of the social network, the legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR.

We maintain presences in the respective social networks in order to be able to communicate with you there and inform you about our services. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

For further information on the purpose and scope of data collection as well as on the further processing and use of your data and the possibility of opting out, please refer to the data protection regulations of the respective network:

Facebook

Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data sharing agreement with Facebook pursuant to Art. 26 GDPR. For more information on shared data processing, please see the Facebook terms and conditions.

Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

Twitter

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Privacy Policy: https://twitter.com/en/privacy
Opt-Out: https://twitter.com/personalization

LinkedIn

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Xing is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Privacy Policy and Opt-Out: https://privacy.xing.com/en

4.12 Contact via Email

Due to legal regulations, we provide information on our website that enables rapid electronic contact with us and direct communication with us. This includes above all our email address. If you contact us by email, the personal data you provide will be stored automatically.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

However, we will use the personal data transmitted by you exclusively for the processing of your specific inquiry. The data provided will always be treated confidentially.

Your details may be stored in a customer relationship management system (so-called CRM system) or another organisation tool for customer data.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by email, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

4.13 Payment service provider

We use the external payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland to process payments.

You provide the payment service provider with your inventory data, such as first name, last name, address, date of birth, gender, e-mail address, IP address, telephone number, cell phone number, as well as your bank details, insofar as they are necessary for processing the payment, e.g. account numbers, credit card numbers, passwords, TANs, verification numbers, expiration date and CVC code. Also necessary for the processing of the payment are such personal data that are related to your respective order, such as prices and tax charges or information on previous ordering behavior, which we transmit to the payment service provider.

The transmission of the data is solely for the purpose of payment processing. The legal basis for the transmission of data to the payment service provider is therefore Art. 6 para. 1 lit. b. GDPR, if the payment serves to fulfill a contract. Otherwise, we use external payment service providers on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR in order to offer you an effective and secure payment option.

We do not get access to the entered data, they are processed and stored exclusively by the payment service provider. The payment service provider may transfer your data to credit agencies for identity and credit checks and fraud prevention.

The terms and conditions of the payment service provider apply to the payment transactions. For further information on data protection, please refer to the Privacy Policy:

Stripe Payments Europe Ltd: https://stripe.com/en-de/privacy

 

Questions?

Please contact us on privacy@centrldesk.com if you should have any questions.