Privacy Policy

Data Protection Statement

Protecting your data is our concern

We are pleased that you are interested in our company, our products, and our services. It is important to us that you feel secure when visiting our website and when it comes to the protection of your personal data. Compliance with the provisions of the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is a matter of course for us, and we take this seriously.

We want you to know when we collect data about you, which data we collect, and how we use it. We have put in place technical and organizational measures to ensure that the regulations regarding data protection are fulfilled by us, as well as by any external service providers commissioned by us.

Personal data

Personal data is information about your identity, including your name, address, telephone number, and e-mail address. This information is always processed in accordance with the requirements of the General Data Protection Regulation and with other regulations under data protection law applicable to our company.

In principle, there is no requirement for you to disclose your personal data when using our website. However, there are some cases where we need to process your personal data to enable us to provide you with the services you require.

The same applies, for example, if we need to send you information material or goods you have ordered or if we need to answer your specific questions. Where this is necessary, we advise you accordingly. If there is no legal basis for processing this personal data, we request your consent to do so.

Furthermore, we only store and process data that you have provided to us voluntarily and, where applicable, data that we collect automatically when you visit our website (e.g., your IP address and the name of the pages accessed, the browser you used and your operating system, the date and time of access, search engines used, and names of downloaded files).

If you use our services, we will only usually collect the data that we require to provide you with those services. If we ask you for other data, this information is optional. Personal data is only processed to provide the services requested and to protect our own legitimate interests.

Name and address of the body responsible for processing

Within the context of the General Data Protection Regulation, other data protection legislation applicable in EU Member States, and other data protection provisions, the responsible body is:

Xpand2 GmbH
Johann-Weitzer-Weg 5, 8041 Graz
Austria
E-mail: info@xpand2.com
Website: www.xpand2.com

Intended use of personal data

We use the personal data provided by you to answer your questions, process your orders, or to provide you with access to certain information or services. When it comes to maintaining customer relationships, it may also be necessary for us, or a service provider commissioned by us, to use these personal data to provide you with information about product offers or to conduct online surveys to better satisfy our customers' questions and requirements.

Naturally, we respect your wish not to provide us with your personal data in matters that are not related to supporting our customer relationship (particularly for direct marketing or market research purposes). We shall not sell or otherwise distribute your personal data to third parties.

Specific use

We shall only collect, process, and use the personal data you provide us with for the purposes communicated to you. We shall not forward your personal data to third parties without your express consent to do so.

The collection of personal data and their transmission to state institutions or authorities entitled to receive such information shall only take place to the extent required by law and/or if we are obliged to do so as a result of a court ruling. Our employees and those of service providers commissioned by us are obliged to comply with a duty of confidentiality to us and to abide by the provisions of the General Data Protection Regulation.

Data that are automatically captured when visiting our websites

When using our websites, the following data are stored for organizational and technical reasons: the name of the pages accessed by you, the browser you used and your operating system, the date and time of access, search engines used, names of downloaded files, and your IP address.

The information captured is required in order to provide you with valid content on our website. Furthermore, these technical data are analyzed anonymously and purely for statistical purposes, to continuously optimize our website and to enable us to enhance the design of our website, and to provide the necessary information to the law enforcement authorities for criminal prosecution in the event of a cyber attack. These data are stored separately from other personal information on secure systems. Individual people are not identified.

Contact opportunities via the website

Due to statutory obligations, our website contains information to enable you to make electronic contact with us quickly and communicate with us directly. This information includes an e-mail address and, where necessary, a contact form.

If you contact us via e-mail or a contact form, the personal data you provide us with are stored automatically. These data, that you have voluntarily communicated to us, are used for the purpose of dealing with your request or making any relevant contact. No data will be forwarded to third parties.

Deletion and blocking of personal data

We only process the personal data of the individuals concerned for as long as it is necessary to achieve the underlying purpose or for as long as was intended by statutory obligations governing our organization. In accordance with the legal regulations, personal data will be deleted if they are no longer required or upon expiry of the legally prescribed term, unless we are bound by law to retain these data. In these cases, data are blocked.

Rights of people concerned

a. Right of access

You may, at any time, have free-of-charge access to and copies of personal data processed and stored by us. This right of access includes information about the purpose of processing, categories of personal data processed, recipients or categories of recipients to whom personal data have been or are to be disclosed, the intended period for which personal data will be stored, the existence of the right to amendment or deletion of personal data relating to you or to restriction of processing, the existence of a right of appeal to a regulatory authority and, if the data were not collected from you, all available information regarding the origin of the data and the existence of any automated decision-making, including profiling. You also have the right to request information regarding whether your personal data have been communicated to a third country or an international organization and what appropriate safeguards exist regarding this communication.

b. Right of rectification

You have the right to request immediate rectification of any incorrect personal data concerning you. Furthermore, you have the right to request completion of any incomplete personal data, having regard to the purpose of processing.

c. Right of deletion

You have the right to request the immediate deletion of data concerning you, stored by us, where one of the legal conditions of Article 17 GDPR applies — for example, where the data are no longer required, you revoke your consent and there is no other legal ground, you object to processing and there are no overriding legitimate reasons, or the data have been processed unlawfully.

d. Right of processing restriction

You have the right to request that the processing of your personal data be restricted where the accuracy of the data is contested, the processing is unlawful and you refuse deletion, we no longer need the data but you require them for legal claims, or you have objected to processing pending verification.

e. Right of data portability

You may, at any time, request that any data concerning you, that you have provided to us, be published in a common and machine-readable format, and you have the right to transmit these data to another responsible person without obstruction by us, where processing is based on consent or contract and is carried out by automated means.

f. Right of appeal (objection)

You have the right, for reasons arising from your particular situation, to object to the processing of personal data relating to you where processing is based on Article 6(1)(e) or (f) GDPR, including profiling. If we process your personal data for direct advertising, you have the right to object at any time; we shall then cease such processing.

g. Right of revocation

You may, at any time, withdraw any consent granted for the processing of your personal data in future.

h. Right of confirmation

You have the right to request confirmation regarding whether personal data relating to you are processed. To exercise any of the aforementioned rights, please contact info@xpand2.com.

Automated decision-making

As a responsible organization, we do not engage in automated decision-making or profiling.

Retention period

Personal data are deleted after expiry of the statutory retention period, as long as they are no longer required for the purposes of contract fulfilment or initiation.

Legal grounds for processing

Where you have given consent, processing is based on Article 6(1)(a) GDPR. Where processing is necessary to fulfil or initiate a contract, it is based on Article 6(1)(b) GDPR. Where we are subject to a legal obligation (e.g. tax obligations), processing is based on Article 6(1)(c) GDPR. In rare cases data may be processed to protect vital interests under Article 6(1)(d) GDPR. Finally, processing may be based on Article 6(1)(f) GDPR where it is necessary to safeguard a legitimate interest of our company or a third party, provided your interests and fundamental rights do not prevail.

Security

As an organization responsible for processing personal data, we have taken technical and organizational security measures to protect your personal data from loss, deletion, manipulation, and unauthorized access. Where personal data are collected and processed, information is encrypted before being transmitted to avoid misuse by third parties. Our security measures are continuously reviewed in line with technological developments. Nevertheless, the security of Internet-based data transmission is essentially vulnerable, such that absolute protection cannot be guaranteed.

Amendment of our data protection provisions

We reserve the right to amend our security and data protection measures where this is necessary on account of technical developments. In these cases, we shall also amend our data protection information accordingly. Please refer to the current version of our data protection statement.

Links

If you use external links made available on any of our websites, this data protection statement does not extend to these links. In providing any links, we ensure that, at the time of creating the link, there was no apparent breach of applicable law on the linked website. However, we have no influence on other service providers' compliance with data privacy and security regulations.

Cookies

If you visit one of our websites, we may store information on your computer in the form of a cookie. Cookies are small text files sent by a web server to your browser and stored on your computer's hard drive. Other than storing your Internet protocol (IP) address, cookies do not store any other form of a user's personal data. This information is used to automatically recognize you when you visit our website again and to facilitate your website navigation.

You can also view our websites without cookies. If you do not want us to be able to recognize your computer, you can decline the storage of cookies in your browser settings, and delete cookies already stored. If you do not accept any cookies, this may result in limiting some of our service functionality.

Children and adolescents (minors)

Persons under the age of 18 should not communicate any personal data to us without the agreement of a parent or guardian. We do not request any personal data from children and adolescents, nor do we collect such data or forward these to third parties.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", or text files, which are stored on your computer and which enable us to analyze your website usage. IP anonymization is active on this website, so your IP address is abbreviated within the member states of the European Union or other parties to the European Economic Area agreement before transmission.

You may prevent cookies from being stored by applying the relevant setting in your browser software, and you may prevent Google from capturing and processing the data generated by the cookie (including your IP address) by downloading and installing the browser plug-in available at tools.google.com/dlpage/gaoptout.

See also our Site Information.