§ 1 Information on the collection of personal data

(1) In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

 
X-CEN-TEK GmbH & Co. KG
Westerburger Weg 30
26203 Wardenburg

Wardenburg, Germany

[email protected]

You can contact our data protection officer at [email protected] or at our postal address with the addition "the data protection officer".

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

§ 2 Your rights

(1) You have the following rights vis-à-vis us with regard to your personal data:

- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability.

2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

 

§ 3 Collection of personal data when visiting our website

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

- IP address

- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- amount of data transferred in each case
- Website from which the request originates
- browser
- Operating system and its interface
- Language and version of the browser software.

 
§ 4 Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

 

§ 5 Objection to or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

(2) If we base the processing of your personal data on the balancing of interests, you can object to the processing (Art. 21 (1) GDPR). This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details:

X-CEN-TEK GmbH & Co. KG
Westerburger Weg 30
26203 Wardenburg
Wardenburg, Germany

[email protected]

 
§ 6 Processing of data from your end devices ("Cookie Policy")

(1) In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view (2) before going into more detail about your individual choices by describing technically necessary cookies (3) and cookies that you can voluntarily select or deselect (4).

(2) Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:

a) Transient cookies: these, in particular session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the joint session and your computer can be recognized when you return to our website.

b) Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.

(3) Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. 15

(4) Optional cookies if you have given your consent: We only set various cookies after you have given your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you during a visit, to place advertisements or to tailor advertisements to your interests, to measure the effectiveness of advertisements or to show interest-based advertising. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time without this affecting the lawfulness of processing up to the point of withdrawal.

(5) The functions we use, which you can select and revoke individually via the Consent Manager, are described below.


§ 7 Use of our web shop

(1) If you wish to place an order in our online store, it is necessary for the conclusion of the contract that you provide your personal data, which we require to process your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. We process the data you provide to process your order. For this purpose, we may forward your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

(2) You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My user account", the data you provide will be stored on a revocable basis. To delete your customer account, send an e-mail with your request and your customer number to the e-mail address [email protected] . You will usually receive a reply within a few hours or days. You can also cancel your account in the traditional way by post. To do this, send a letter to

X-CEN-TEK GmbH & Co. KG
Westerburger Weg 30
26203 Wardenburg
Wardenburg, Germany


Please also enter your customer number here.

(3) We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

(4) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after three years, i.e. your data will only be used to comply with legal obligations.

(5) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

 

§ 8 Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the data protection information on newsletter registration.

(2) We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IT addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. A GDPR.

(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.

(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our website. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.


§ 9 Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer. The legal basis for the display of the videos is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) The information collected is stored on Google servers, including in the USA. In these cases, the provider has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws when transferring data internationally.

(4) Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

§ 10 Integration of Google Maps

(1) We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

 

§ 11 Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.

(5) We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID (Universal Analytics). You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".

 

§ 12 Google AdWords conversion tracking

We use the online advertising program "Google AdWords" on some of our websites and conversion tracking as part of this. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers.
The information collected using the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on an ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. Users who do not wish to participate in tracking can easily deactivate the Google conversion tracking cookie via their Internet browser under user settings. These users will not be included in the conversion tracking statistics. Learn more about Google's privacy policy: safety.google/intl/de_de/privacy/ads-and-data/.

§ 13 Google Advanced consent mode

Our website uses the "Advanced consent mode" support service from Google. This mode makes it possible to adjust the behavior of Analytics, Google Ads and third-party tags based on the consent status of the user, which is determined based on the selection in our consent banner or widget. Advanced consent mode also enables conversion rates to be modeled even without your consent. When you visit our website, Google tags are loaded that transmit your consent status and pings to Google. These pings contain the following function-related information: Timestamp, user agent (this only includes information about the browser you are using and your operating system and device type), the referrer URL, a random number generated each time you load a page, and information about the consent management platform we use. In Google products, these pings are used to model measurement values in the analysis tools based on overarching trends and thereby close gaps in data collection. During modeling, the attribution paths of users who have not given their consent are evaluated using the models based on the observable behavior of users who have consented to the use of cookies.
 
You can find more information on data processing by Google Advanced consent mode at: support.google.com/google-ads/answer/10000067
 
The legal basis for the use of Google Advanced consent mode is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for proper synchronization of the consent status of users and the loaded Google tags, as well as for efficient campaign optimization of advertising. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice.
 

§ 14 Use of Cloudflare

(1) This website uses functions of the Cloudflare tool from the provider Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA.

(2) We use Cloudflare to shorten the loading time of our website and to protect us from DDoS attacks.

(3) Cloudflare collects data relating to the website accessed, the browser type, the operating system used, the referrer URL, the IP address and the requesting provider. Cloudflare states that it does not store any user-specific data logs and does not sell any user data to third parties or use it for advertising purposes.

(4) The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent. Further information on data protection at Cloudflare can be found at https://www.cloudflare.com/privacypolicy/.

§ 15 Use of WhatsApp 

Insofar as you have given your consent, we process the personal data you have provided or that is available (e.g. name, telephone number, email address, messenger ID, profile picture, messages) for communication regarding the preparation and execution of any orders as well as for sending promotional information (e.g. offers, newsletters) using the instant messaging service ‘WhatsApp’ from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

An existing messaging account is required to use this service. 

We would like to point out that WhatsApp Ireland Limited may also pass on personal data (in particular metadata of the communication) to WhatsApp Inc., which is also processed on servers in countries outside the EU (e.g. USA) where there is no adequate level of data protection. WhatsApp may share this data with other companies within and outside the Facebook group of companies. Further information can be found in the WhatsApp Business (https://www.whatsapp.com/legal/business-policy/) and WhatsApp (https://www.whatsapp.com/legal/privacy-policy) privacy policies. We have neither precise knowledge of nor influence on the data processing by WhatsApp Ireland Limited or WhatsApp Inc., which is responsible for data protection in this respect. 

We would like to point out that you can revoke your consent at any time without stating reasons for the future by notifying us of your revocation via Whatsapp with a message with the note REVOCATION or by email to the email address stated in this data protection declaration or our imprint for the corresponding processing of your personal data. 

We will delete the above data in accordance with legal requirements as soon as the consent given for its processing is revoked or when the purpose of processing this data no longer applies or the data is no longer required for the purpose. 

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. 

§ 16 Webchat 

X-CEN-TEK GmbH & Co. KG uses a web chat on the website www.pax-bags.com. The web chat is an additional means of communication on our website and enables online conversations with X-CEN-TEK GmbH & Co. KG. The conversation is conducted by means of a chat bot (virtual assistant, software) that answers users' questions, assists with their enquiry and provides them with information. 
Which personal data are processed? 
When you use the web chat, the following personal data about you are processed and stored: 

• Date and time of access, 
• IP address, 
• URL of the previously visited website, 
• First name, surname 
• Email address 
• Chat ID and user token (stored in the browser's local storage) 

Depending on the course of the conversation with our chatbot, we process further data from you, provided that you provide it in the course of the conversation, depending on your request or the problem you describe to us. 

The use of the web chat is voluntary and your data will only be processed if you use the web chat. 

For what purposes and on what legal basis is the data processed? 

We use the above data to provide the web chat, to address users personally, to answer user queries and to provide the user with information and/or content. 

Legal basis: Our legitimate interest in providing a web chat (Art. 6 para. 1 sentence 1 lit. f. GDPR). 

How long is personal data stored? 
12 months 

Who do we share your data with? 

We only share your data with third parties in order to fulfil our business relationship, to process and answer your enquiry. For this purpose, your data will be shared with Inbox Solutions GmbH (Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany) as the technical operator of the web chat and Sellwerk GmbH & Co. KG (Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany) as an intermediary to the company and to the company you contacted via the web chat. The privacy policy of Inbox Solutions GmbH is available at chatwerk.de/datenschutzerklaerung/ and the privacy policy of Sellwerk GmbH & Co. KG is available at sellwerk.de/terms-and-conditions/privacy.

We use Google Cloud to store your data and chat histories. The data is transferred to and stored on servers in Frankfurt. Google does not use this data for its own purposes. 

We use Google Cloud services based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR in order to provide our services using the technical infrastructure. We have concluded an agreement with Google for the processing of data (https://cloud.google.com/terms/data-processing-terms). In the event that personal data is transferred to the United States, we have concluded EU standard contractual clauses with Google (https://cloud.google.com/terms/data-processing-terms). The EU standard contractual clauses are a generally recognised mechanism for the lawful cross-border transfer of personal data to countries outside the European Economic Area (EEA). 

Further information on the use of the web chat: 

When you access the website www.pax-bags.com, the chat widget is loaded in the form of a JavaScript file. No data is transferred before you open the chat. 

You have two options for opening the web chat: 

1. Manually clicking on the button in the directory entry 

2. Manually clicking on the chat icon in the bottom right of the website 

The moment you open the web chat, your chat is created as an object in the background and the chat ID and a token are stored in the browser's local storage. The ID and the token are unique identifiers that allow us to clearly recognise your chat (chat ID) and you as a user (token) when you visit again and to display any communication processes that have already taken place. As soon as you return to our website, the chat history is restored using the stored data in the local storage. You have to open the chat manually. 

In addition, the history of the web chats is stored. Every message you send is stored. This is for the purpose of being able to display your chat history even when continuing the communication that has begun, for example, if a company answers you with a time delay. 

If you are no longer online when the company contacts you, you will receive an email with a link that takes you back to the chat so that you can continue communicating with the company there. When you click on the link in your email, the chat opens automatically. You have the option to interrupt the chat at any time, but in this case your data will not be automatically deleted. If you no longer wish to receive messages from the company (opt out), simply send ‘Stop’ as a message in the web chat. After that, you will no longer receive messages from the company in the chat and you will no longer be informed by email. Your chat history and data will be automatically deleted six months after the stop message. 

To have your data deleted immediately, send an email to [email protected]. Your data and stored chat histories will then be deleted without delay. 


§ 17 Facebook Messenger 

Provider of the Facebook Messenger service: 

Facebook Messenger, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; the privacy policy is available at facebook.com/about/privacy 



§ 18 Telegram 

Provider of the Telegram Messenger service: 

• Telegram, Telegram Messenger LLP, 71-75 Shelton Street, Covent Garden, London, United Kingdom; the privacy policy is available at telegram.org/privacy 



§ 19 WhatsApp 

Provider of the WhatsApp Messenger service: 

• WhatsApp Messenger WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA; the privacy policy is available at whatsapp.com/legal/business-policy/ 



§ 20 Apple 

Provider responsible for the Apple Messenger service: 

• Apple Business Chat Apple Inc., Infinite Loop, Cupertino, CA 95014; USA; the privacy policy is available at www.apple.com/legal/privacy/de-ww/ 



§ 21 Google Messages 

Provider responsible for the Google Messages service: 

• Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. The privacy policy is available at policies.google.com/privacy;



§ 22 ChatWerk 

Provider of the ChatWerk platform/service: 

• Inbox Solutions GmbH, Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany. The privacy policy is available at chatwerk.de/datenschutzerklaerung