Privacy Policy

Responsible Controller

The person responsible (“Controller”) for the processing of personal information in the sense of the EU General Data Protection Regulation (“GDPR”) and other national data protection laws of the Federal Republic of Germany as well as other data protection regulations is the:

YXLON International GmbH
Essener Bogen 15
D-22419 Hamburg, Germany

Phone: +49 (0)40 527290
Fax: +49 (0)40 52729170
Email: dataprivacy@hbg.yxlon.com

represented by its Managing Director Dr. Ing. Thomas Wenzel

Data Protection Officer

The Controller`s Data Protection Officer is:

WENZA Deutschland AG
Responsible Mr. Kent Schwirz
Beim Alten Gaswerk 5
22761 Hamburg, Germany
Contact: www.wenza.de
Email: datenschutz@wenza.de

Collection of General Data and Information vie the Website

Our website collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information are stored in the so-called "data sheets." logfiles of the server. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrers), the sub-sites which are accessed via an accessing system on our website, the date and time of access to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information which serve to avert dangers in the event of attacks on our information technology systems can be recorded.

When using this general data and information, we do not draw any conclusions about the person concerned. This information is needed to correctly deliver the content of our website, to optimize the content and advertising of our website, to ensure the long-term functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack. This anonymously collected data and the information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.

The Legal Basis for the Processing of Personal Data

To be able to offer you our website and the associated services, we process personal data by the following legal bases:

  • Consent (Art. 6 para. 1 lit. a GDPR)

  • For the performance of contracts (Art. 6 para. 1 lit. b GDPR)

  • Legitimate interest (Art. 6 para. 1 lit. f GDPR)

  • To fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR)

In connection with the respective processing, we will refer to the corresponding terms so that you can classify the basis on which we process personal data.

If personal data is processed by your consent, you have the right to revoke this consent at any time with effect for the future.

If we process data based in legitimate interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR.

Purpose of the Processing of Personal Data

We process your personal data for the operation of our website and the fulfillment of contractual obligations towards our customers or the protection of our legitimate interests.

In the case of inquiries from you outside of an active customer relationship, we process the data for sales and advertising purposes. You can object to the use of your personal data for advertising purposes at any time. To do this, please contact the Controller mentioned above.

General Contact

When contacting us (e.g., via the contact form, e-mail, telephone or via social media), the user's details are used to process the contact inquiry and to process it following (i) Art. 6 para. 1 lit. b. GDPR (within the framework of contractual/pre-contractual relationships) and/or (ii) Art. 6 para. 1 lit. f. (other requests). The user data can be stored in a customer relationship management system ("CRM system") or comparable systems.

We will delete the requests if they are no longer necessary. We review the necessity every two (2) years; furthermore, the statutory archiving obligations apply.

Contact Form

We offer a contact form on our website which you can use to request information about our products or services or to make general contact. We have marked the data that you must provide to answer an inquiry as mandatory fields. Information on other data fields is voluntary.

We need this information to process your request, contact you correctly and send you an answer. The data processing takes place with detailed inquiries for the fulfillment of a contract and/or a contract initiation (Art. 6 para. 1 lit. b GDPR). In the case of general questions, processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR).

Inquiries received via the contact form on our website are processed electronically by us to answer your query. In this context, other persons or departments and third parties may also become aware of the form contents that you have sent.

The transmission of the form data via the Internet takes place via encrypted connections.

Sending Information by Email and/or Newsletter

Email

If we send e-mail messages with advertising information about us and our services, this is done by legitimate interests (Art. 6 para. 1 lit. f GDPR) if you are already an active customer of YXLON International GmbH or have expressed your interest.

You have the possibility at any time to object to the use of your e-mail address for sending advertising information by e-mail. For this purpose, YXLON provides you with a link in every e-mail, or you can  contact the Controller mentioned above.

Newsletter

If you wish to receive the newsletter, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the newsletter. Further data will not be collected. This data will only be used to send the newsletter and will not be passed on to third parties.

Before the newsletter is sent, the e-mail owner receives a confirmation e-mail in which he/she must confirm the newsletter subscription. 

If you are inactive for twelve (12) months, you will also receive a Re-Opt in an e-mail asking you to reconfirm your interest in our newsletter. If you do not give your consent, your data will be irrevocably deleted after a further two (2) months. 

You have the possibility at any time to revoke your consent to the storage of the data of your e-mail address and its use for the newsletter dispatch with effect for the future. YXLON will provide you with a link to revoke your consent in each newsletter.

You also have the option of sending your cancellation request in writing to the Controller mentioned above.

Cookies

Definition and Introduction

When you first visit the website of YXLON International GmbH, which belongs to the COMET Group*, a cookie is sent to your computer that uniquely identifies your browser. A "cookie" is a small file containing a string of characters that is sent to your computer when you visit a website. We use cookies to improve the quality of our services and to understand better how people use our websites. Therefore, we are storing user preferences in cookies and tracking user trends and patterns of how people surf our websites.

Most browsers are initially set to accept cookies. You can reset your browser so that cookies are rejected or displayed when a cookie is sent. However, please note that some features or services on our websites may no longer function properly without cookies.

*YXLON includes all brands of the COMET Group: YXLON International GmbH and ebeam Technologies.

Specific Cookies of the Yxlon Websites (no Exchange with Third Parties)

Yxlon's websites use both "first-party" cookies (cookies used only by Yxlon websites) and "third-party" cookies from third-party websites - see below for more information. We use first-party cookies to store preferences and information required during your visit to the website (for example, CMSCsrfCookie). We use third-party cookies to track usage trends and patterns with the assistance of external web statistics providers. The third-party cookies used to follow usage trends and patterns are used solely by Yxlon websites and the web statistics provider and are not shared with third parties.

The following table provides information about the cookies used by the Yxlon websites:

Cookie-Anbieter

Art des Cookies

Zweck des Cookies

Google Analytics

Initial Supplier

Web analysis (anonymous usage statistics)

Yxlon (Kentico EMS)

Initial Supplier

Anonymous usage profiles for lead generation and control of marketing campaigns. 
Marketing Automation Service tracks email activity and website usage across all our online channels.

Yxlon (Standard-Cookies)

Initial Supplier

Anonymous cookies that are required for the session on the server and the provision of the website and login functions, as well as cookies for security purposes.

YouTube

Third-Party Provider

Offers YouTube videos and a possible tracking through YouTube

DoubleClick

Third-Party Provider

Cookies for retargeting, optimization and reporting within Google AdWords / DoubleClick

Google

Third-Party Provider

Anonymous cookies for monitoring, advertising optimization, and ad account security purposes

Remarketing (Cookies Shared with Third Parties)

YXLON's websites use remarketing for online advertising using text or image ads. Remarketing is a feature that allows us to reach people who have previously visited our website and have advertisements appear on them when they visit other sites. External providers such as Google use cookies to serve ads based on a user's previous visits to our website. For this purpose, cookies are set by external advertising providers when you visit our website. Users may opt-out of Google's use of cookies by visiting the Google Advertising Opt-out page and stop external suppliers from using cookies by visiting the Network Advertising Initiative's Opt-out page.

Google Analytics

Our website uses functions of the web analysis service Google Analytics. Provider of the web analysis service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses "cookies." These are small text files that your web browser stores on your device and allow analysis of website usage. Information about your use of our website generated using a cookie is transmitted to a Google server and stored there. The server location is usually the USA.

Google Analytics cookies are set by Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in analyzing user behavior to optimize our website and possibly also advertising.

IP Anonymization

We use Google Analytics in conjunction with the IP anonymization function. It ensures that Google shortens your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. There may be exceptions where Google transfers the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.

Browser Plugin

The setting of cookies by your web browser can be prevented. However, some features of our website may be restricted as a result. You may also opt out of the collection and processing by Google of data relating to your use of the website, including your IP address. You can do this by downloading and installing the browser plugin which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to Data Collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to avoid your information from being accumulated on future visits to our website: Deactivate Google Analytics.

Details on the handling of user data by Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Order Processing

We have entered into a data processing agreement with Google to comply with legal data protection requirements.

Demographic Characteristics of Google Analytics

Our website uses the function "demographic features" of Google Analytics. It can be used to create reports that contain statements about the age, gender, and legitimate interests of the website visitors. This data comes from interest-related advertising by Google and visitor data from third parties. It is not possible to assign the data to a specific person. You can deactivate this function at any time. You can do this by using the ad settings in your Google Account or by generally prohibiting Google Analytics from collecting your information, as explained under "Opting out of data collection.".

Event Planning/Fair Tickets

If you are interested in Yxlon's events, e.g., trade fairs, we will process your data and your request for the preparation and execution of the event. We will not pass on your data to third parties unless applicable data protection regulations justify a transfer, there is a legal obligation to do so, or we refer to this in our data protection information for the respective event. The transmission of your request is encrypted. You can object to the storage of your data for the future at any time. We will then delete the stored data immediately.

Use and Application of YouTube

YXLON International GmbH has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why full film and television programmes, as well as music videos, trailers or videos made by users themselves, can be accessed via the Internet portal. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. 

Each time a YouTube component (YouTube video) has been integrated into one of the individual pages of this Internet site, which is operated by the data controller, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google obtain information about which specific subpage of our website is visited by the person concerned.

If the person concerned is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website the person interested is visiting by calling up a subpage containing a YouTube video. YouTube and Google collect this information and assigned to the respective YouTube account of the person concerned. YouTube and Google will receive information through the YouTube component that the person concerned has visited our website whenever that person is logged into YouTube at the same time as accessing our website, regardless of whether that person clicks on a YouTube video or not. If the data subject does not intend such transmission of this information to YouTube and Google, the data subject may prevent such transmission by logging out of his/her YouTube account before accessing our website.

The data protection regulations published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

Disclosure of Personal Data to Third Parties

Insofar as we disclose data to other persons and companies (contract processors, jointly Controllers or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). 

Insofar as we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis corresponding to the legal requirements.

Data Processing Outside the European Union

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this only occurs if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, a legal requirement or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, which includes US processors certified under the "Privacy Shield" or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).

Rights of the Data Subject

If you are a data subject within the meaning of Art. 4 No. 1 GDPR, you have the following rights concerning the processing of your personal data under the GDPR:

Right of Confirmation and Information

According to Art. 15 GDPR, every data subject has the right to request verification from the controller as to whether personal data relating to him or her will be processed. If a data subject wishes to exercise this right of confirmation, he or she can contact the Controller mentioned above at any time. 

Any person concerned by the processing of personal data shall also have the right at any time to obtain from the controller, free of charge, information on the personal data relating to him or her which have been stored and a copy of that information. Also, the European legislator has provided the data subject with the following information:

  • the processing purposes
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
  • the existence of a right to the rectification or erasure of personal data concerning him or her or the limitation of the processing carried out by the controller or of a right to object to such processing
  • the existence of a right of appeal to a Supervisory Authority
  • if the personal data are not collected from the data subject: All available information on the origin of the data
  • the existence of automated decision-making, including profiling, by Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject..


The data subject also has the right to know whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, he or she may at any time contact the Controller mentioned above.

Right to Rectification

Any person affected by the processing of personal data has the right under Art. 16 GDPR to demand the immediate correction of incorrect personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including using a supplementary statement. 

If a data subject wishes to exercise this right of rectification, he or she may at any time contact the Controller mentioned above.

Right to Deletion

Any person subject to the processing of personal data has the right under Art. 17 GDPR to request the controller to delete the personal data relating to him or her immediately if one (1) of the following reasons applies and if the processing is not necessary:

  • The personal data have been collected for such purposes or processed in any other way for which they are no longer needed
  • The data subject withdraws his consent on which the processing was based according to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing
  • The data subject objects to the processing under Article 21(1) GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21(2) GDPR
  • Personal data have been processed unlawfully
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject
  • The personal data were collected with information society services offered according to Art. 8 (1) GDPR.


If one (1) of the reasons mentioned above applies and a person concerned wishes to have personal data stored by us deleted, he or she can contact the Controller mentioned above at any time.

Right of the Limitation of Processing

Any person affected by the processing of personal data has the right under Art. 18 GDPR to request the controller to restrict the processing if one (1) of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period which allows the data controller to verify the accuracy of the personal data
  • The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data
  • The controller no longer needs the personal data for processing, but the data subject needs them for the assertion, exercise or defense of legal claims
  • The data subject has objected to the processing according to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.


If one (1) of the conditions mentioned above is met and a person concerned wishes to request the restriction of personal data stored by our company, he or she can contact the Controller mentioned above at any time.

Right to Data Transferability

According to Art. 20 GDPR, every data subject who is subject to the processing of personal data has the right to obtain the personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It shall also have the right to communicate such data to another controller without being impeded by the controller to whom the personal data have been provided, provided that the processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and that the processing is carried out by automated means unless the processing is necessary for the performance of a task in the public interest or the exercise of official authority assigned to the controller. 

Furthermore, when exercising his or her right to data transferability according to Art. 20 para. 1 GDPR, the data subject shall have the right that the personal data shall be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

To assert the right to data transfer, the person concerned may at any time contact the Controller mentioned above.

Right of Opposition

Under the conditions of Art. 21 GDPR, every person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning him or her. If the prerequisites for a valid objection are met, processing by us may no longer take place. 

In the event of an objection, we will no longer process the personal data unless we can prove compelling reasons for the processing worthy of protection which outweighs the legitimate interests, rights, and freedoms of the data subject concerned, or the processing serves the assertion, exercise or defense of legal claims.

Automated Decisions in Individual Cases Including Profiling

Automated processing for profiling within the meaning of Art. 22 GDPR does not take place.

Right to Object Consent

Every data subject affected by the processing of personal data has the right to revoke any consent given to us to process personal data at any time with effect for the future. 

If the data subject wishes to exercise his or her right to revoke his or her consent, he or she may at any time contact the above-mentioned Controller.

Identification Check

If you assert one or more of the above rights, please understand that we may require you to provide evidence that you are the person you claim to be.

The Right of Appeal to a Supervisory Authority

Also, there is a right of appeal to a competent data protection Supervisory Authority according to Art. 77 GDPR. In the event of possible violations of data protection regulations, you have the right to contact the relevant Supervisory Authority.

The following link provides a list of (Federal) Data Protection Authorities and Data Protection Officers (“Landesdatenschutzbeauftragte”) and their contact details:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Storage Period for Personal Data

The personal data of the data subject concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the standards mentioned above expires unless it is necessary for further storage of the data for the conclusion or performance of a contract.

Modification of this Privacy Policy

We will revise this Privacy Policy as we make changes to this website or for any other reason that makes it necessary. The current version can always be found on this website.

Status March 2019