Privacy Policy

With this privacy policy we would like to inform you about how we process personal data. The protection of your privacy is of the utmost importance to us, so it goes without saying that we comply with the legal stipulations on data protection.

Name and Contact Details of the Responsible Party
xChange Solutions GmbH
Represented by Johannes Schlingmeier
Am Sandtorkai 73
20457 Hamburg

Data Protection Officer

Should you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:

External Data Protection Officer

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg

If you have any questions or concerns regarding your information, please contact

If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive matter), please contact them by post, as communication by e-mail can always have security gaps. Please state in your request that your concern relates to the company xChange Solutions GmbH.

Personal Data

Personal data is all information about an identified or identifiable persons. This includes the following categories of personal data that we process:

• Your contact details (such as first and last name, address, e-mail address, phone number)
• Your correspondence with us
• Log files with information about your visit to our website
• Payment data (such as bank account number, credit card number, financial institution)
• Online identifiers (such as cookie IDs, IP addresses, advertising IDs)
• Customer data (such as invoice data, user profiles, address, order history, payment data)

Use of Cookies

General Information About Cookies
A cookie is a text file containing an identification number which, when the website is used, is transmitted to the user’s computer together with the other data actually requested and stored there. The file is kept there for later access and serves to authenticate the user. Since cookies are only simple files and not executable programs, they do not pose any danger to the computer.

Depending on the settings selected by the user in their internet browser, the latter automatically accepts cookies. This setting can, however, be changed and the storage of cookies deactivated or set in such a way that the user is informed as soon as a cookie is set. If the use of cookies is deactivated, some functions of the website may not be available or may only be available to a limited extent. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the internet browser used and thus permanently object to the setting of cookies.

Cookies that are already active can be deleted at any time via the settings of your internet browser or other software programs. We may work together with advertising partners who help us to make our online offer more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive when you visit our website (cookies from third parties).

Persistent Cookies
Persistent cookies remain on your end device after closing the browser. These cookies can, for example, save your user preferences, such as language settings, and analyse user behaviour on our website. Storage duration of persistent cookies corresponds to the respective duration of the individual cookie. Afterwards they are automatically deleted.

Purpose of Processing

We process your data for the following purposes:
• For corresponding with you
• For processing contracts with you
• For advertising purposes such as the dispatch of our newsletter
• On quality assurance and statistics
• In order to provide our service
• In order to improve our service

Legal Basis

We base the processing of your data on the following legal bases:

• Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
• The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
• The fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)
• The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate Interests

When processing your data, we pursue the following legitimate interests:

• The improvement of our offer
• Protection of our systems against misuse
• For marketing purposes
• For the storage of our correspondence with you

Requirement or Obligation to Provide Data

Unless this is expressly stated, the provision of your data is not required or obligatory.

Data Sources

As soon as we do not receive the data from you, or about the devices you use, it comes from the following sources:

• Master data of companies and self-employed persons from publicly available official sources
• Data on B2B contacts of specialised service providers

Zoom SMS Privacy Policy

We do not share any mobile information with third parties or affiliates for marketing or promotional purposes. Your mobile number and any other personal information collected for SMS campaigns are kept strictly confidential and used solely for the purposes outlined when you provided your information.

Storage Period

We store your data,
• if you have consented to the processing, at most until you revoke your consent;
• if we need the data for the execution of a contract, at most for as long as the contractual relationship with you exists;
• if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
• insofar as statutory storage obligations exist, until the end of the storage periods.

Data Recipients

When processing your data, we work together with the following service providers who have access to your data:

• Provider of web analysis tools
• Web hosting and web development providers
• Service provider for IT development services
• Ticket and customer support software provider
• Sales service provider
• Payment service provider
• E-mail and newsletter provider
• CRM system service provider
• Cloud services
• Conference and Webinar Software
• Service provider for online surveys
• Service provider for chat software
• Social media platforms
• Service provider for bookkeeping and invoicing
• Provider for external document management

Transfer to Third Countries

Data is being transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by means of contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.

United States of America (Standard Contractual Clauses)

India (Standard Contractual Clauses)

Your Rights

As a data subject, you have the following rights:
• To request information about the processing of your data, as well as to receive a copy of your personal data. You may request information on, among other things, the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;
• To receive personal data relating to you in a structured, common and machine-readable format or to transfer it to another person in charge
• To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
• To have your data deleted or blocked.
• To have the processing restricted;
• To object to the processing of your data;
• To revoke your consent to the processing of your data for the future and
• To complain to the responsible supervisory authority about unauthorised data processing.

Version of the Privacy Policy

If our processes change, we adjust the information in this privacy policy.

Status of this privacy policy: 1 July 2020