The protection of your data is important to us.

Data protection

Data protection statement XFT GmbH

General Data protection statement

Here you will find information on how XFT GmbH, Altrottstr. 31, 69190 Walldorf, hello@xft.com (hereafter referred to as “XFT,” “we,” “us,” “our”) collects, processes and uses your personal data as “Data Controller” within the terms of the General Data Protection Regulation (GDPR). Of course, XFT complies with the legal provisions of GDPR, BDSG (Bundesdatenschutzgesetz = German Federal Data Protection Act) and all other national and European data protection regulations. All our employees are bound to secrecy and to comply with the provisions of the applicable data protection law.
We entrust the processing of your data to persons who have been commissioned with the processing of your data, and in the relevant case act as controllers for the processing of your data.  All personal data processed by you through the website www.xft.com/en (hereafter referred to as “website”) will be used exclusively for the purposes put forth below.

1. Subject matter for which data protection is provided

The subject matter of data protection is personal data. These are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes, e.g., information such as your name, postal address, email address or telephone number, but if necessary, may also include usage data such as your IP address.

1.1 Calling up the website

You are not required to provide any personal data in order to call up the website. The data is therefore collected exclusively on the basis of your surfing information. In this context, we store so-called log files. The legal basis for processing the data in this context is Article 6(1)(f) GDPR. The processing of this information (your IP address, your browser information, the place and time of your access, etc.) is technically necessary in order to correctly display the contents of the website requested by you and is mandatory when accessing the website. When you call up the XFT website, no information is stored permanently. Your IP address will be deleted after access is terminated, unless 3.1 applies.

1.2 Use of data for specific purposes

XFT complies with the principle of earmarked data usage. XFT collects, processes and uses your personal data only for the purposes stated herein. Your personal data will not be passed on to third parties without your express consent, unless this is permitted by law.  Transfer of data to state institutions and authorities entitled to receive information only takes place within the framework of statutory information obligations or if XFT is obligated to provide information by a court decision.

2. Explanations of legal principles and duration of storage

2.1. Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Article 6(1)(a) GDPR is the legal basis for the processing of personal data. Any consent given can be revoked by you with future effect.
When processing personal data required to fulfill a contract with you or your company, Article 6(1)(b) GDPR will be the corresponding legal basis. This also applies to processing operations relevant prior to the contract.
Insofar as processing of your personal data is necessary to fulfill one of our legal obligations, Article 6(1)(c) GDPR will serve as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and your interests, fundamental rights and fundamental freedoms do not outweigh our legitimate interest, then Article 6(1)(f) GDPR will serve as the legal basis for processing.

2.2. Storage period and erasure of data

The personal data collected, processed and stored by us will only be held by us for as long as the specific purpose of storage requires. If the purpose of storage ceases to apply, your data will be deleted and/or its processing restricted.
However, European regulations, applicable national laws or other regulations may require longer storage periods of the data processed by us. In this case, your data will be deleted or its processing restricted only after the expiration of such longer storage periods.

3. Scope of data collection and data storage

XFT collects, processes and uses your data in the following manner:

3.1. Stability and security of the website

In order to ensure the stability and security of the website, only IP addresses that are attempting to compromise the website or pose a risk to it are recorded. A so-called web application firewall is used for this. Article 6(1)(f) GDPR serves as the relevant legal basis. We have a legitimate interest in protecting our website from attacks.

3.2. Communication

XFT may collect, process and use your given contact data for communication with you in order to contact you by email, for example, to answer your inquiry. The legal basis for this processing is Article 6 Par. 1 Sentence 1 b) GDPR, insofar as the email serves to initiate and/or or execute a contract and Article 6(1)(f) GDPR, since we have a legitimate interest to answer your request and to inform you.

4. Use of cookies

XFT uses so-called cookies on its website. Cookies are small text files that usually consist of letters and numbers and are stored on your end device when you visit certain websites. Cookies may allow the website to recognize your browser, to follow you through different sections of the website while browsing and to identify you when you return to the website. Cookies do not contain data that can identify you personally. The data will not be stored together with other personal data of users.
The data will not be stored together with other personal data of users.

  • recognition of the user’s computer when visiting the website
  • improving the usability of the website
  • individual design of the website taking into account the needs of the users

Cookies do not harm browsers. They contain no viruses and do not allow XFT to spy on you. Two types of cookies are used.
Temporary cookies are automatically deleted when you close your browser (session cookies). Permanent cookies, on the other hand, have a maximum lifetime of up to one year. During a further visit it is then automatically recognized that you have already been with us and which entries and settings you prefer. These temporary or permanent cookies are stored on your hard disk and self-delete after the specified time.
The data collected is completely anonymous and it is not possible to establish a link to personal data.
Of course, you can also view the website without cookies. If you do not want XFT to recognize your computer, you can prevent cookies from being stored on your hard disk by selecting “do not accept cookies” in your browser settings. Please refer to your browser manufacturer’s instructions to find out how this works in detail. If you do not accept cookies, however, certain features of the website may be limited. Also, please read the instructions of your browser to delete cookies already set by your browser.

  • cookieconsent_dismissed:    saves the information that you accept cookies for one year.
  • templateColor:    saves the template color of the page and is deleted after closing the browser.
  • 1a7e….532186c93:    is used to ensure session and navigation and will be deleted after closing the browser.

The use of cookies is justified by Article 6(1)(a) GDPR, insofar as we have obtained your consent in advance. You can revoke your consent at any time with effect for the future. Otherwise, the legal basis will be Article 6(1)(f) GDPR, as we have a legitimate interest in the functionality and attractive design of our website for our customers.

5. Contact by email

If you wish to contact XFT via the email address provided on the website, an email address is required to send the message. This is sent to XFT as an email and saved. In this case, the sender is automatically set to the email address that is linked to your email program. If you do not want your email address to be retrieved in this way, you can change this in the settings of your respective email program. The data will be used exclusively for the processing of the conversation and thus only for the protection of your legitimate interest and will not be passed on to third parties.
At the time the message is sent, the user’s IP address, date and time are also stored. This serves to process the conversation and ward off possible abuse; the legal basis is Article 6(1)(f) GDPR.
The information you provide to XFT when contacting us, will be processed by XFT for the purpose of dealing with the request and in the event that follow-up questions arise. The legal basis for processing is, on the one hand, Article 6 (1) (b) GDPR, if the request is for performance of the contract. Otherwise, the legal basis will be Article 6(1)(f) GDPR is the legal basis, as we have a legitimate interest in maintaining customer contact, as well as keeping our website free from misuse. The email address and other information will be deleted as soon as it is no longer required for the aforementioned purposes and legal storage obligations do not prevent the erasure. You have the opportunity to object to the storage and processing of your personal data at any time. For this purpose please contact XFT at (datenschutz@XFT.com). All personal data stored in the course of contacting us will be deleted in this case. This does not apply to the extent that statutory retention obligations conflict therewith.

6. Newsletter

To receive additional information about XFT products, news, promotions and events, you can subscribe to our email newsletter (XFTelegramm). If you would like to subscribe to the newsletter offered on the website, we require an email address from you and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (Double Opt-in process). In addition to the email address, the date of registration is also collected and stored.
The so-called double opt-in process is used for sending the newsletter, i.e. you will only receive a newsletter by email if you have expressly confirmed beforehand that the newsletter service is to be activated. After you have activated the newsletter, you will receive a notification email with an activation link. You will only receive the newsletter after clicking on the link.
We use this data exclusively for the dispatch of the requested information and offers. We do not pass this data on to third parties. In the course of the registration process, your consent must be obtained for the processing of the data, with reference being made to this data protection statement. If you do not confirm your email address by double opt-in, we will delete the data within one month after receipt of the email.
You can revoke the receipt of the newsletter and the consent given for the storage of the data, the email address as well as their use for the dispatch of the newsletter at any time. For this purpose, please contact XFT at (datenschutz@XFT.com) or use the unsubscribe link provided in each newsletter.
The legal basis for the processing of your data is Article 6 (1)(a) GDPR, insofar as we obtain prior consent from you. You can revoke your consent at any time with effect for the future. In addition, data processing is used for the performance of the contract, so that Article 6(1)(b) GDPR is also applicable.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, i.e. your email address and the data required for the consent (date) will be stored as long as the subscription to the newsletter is active.

We use software and services of Newsletter2Go GmbH for creating, sending and managing the newsletter. Newsletter2Go is a German provider and certified by TÜV Rheinland for tested data protection management. The necessary data of the newsletter recipients is hosted on a German server of Newsletter2Go in an area to which we have password-protected access. The contractual basis between XFT and Newsletter2Go and legal basis for the use of Newsletter2Go as a third party are the terms and conditions of Newsletter2Go, which you can read at https://www.newsletter2go.com/general-terms-and-conditions/?_ga=2.154609080.1606976063.1536220861-1226597129.1536220861, as well as an order agreeing to data processing in accordance with the data protection provisions of Article 28 et seq.  GDPR Based on this, Newsletter2Go assures that the company uses the data of the newsletter recipients exclusively for the contractually agreed service. The data is treated as strictly confidential and no data is passed on to third parties.
Newsletter software from the service provider Newsletter2Go analyzes the distribution of each newsletter to ensure that it actually reaches its recipients. Our newsletter contains a so-called tracking pixel for this purpose. A tracking pixel is a miniature graphic embedded in such emails that is sent in HTML format to enable the recording and analysis of log files. This enables a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Newsletter2Go’s software can detect if and when an email has been opened by a recipient and which links have been called up in the email. The identifiable individual behavioral patterns are only used for a statistical evaluation of the newsletter’s success and in no case passed on to third parties or used for other purposes. Insofar as you have consented to data processing, this is permissible under Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. In addition, processing is also permitted under Article 6 (1)(f) GDPR, as we have a legitimate interest in measuring the reach of our newsletter.

7. Design of the website

To display fonts on our website, we use Adobe Fonts. The font is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe) via https://fonts.adobe.com/. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For more information, see the privacy information page and the Adobe privacy policy.

8. Matomo

Our website uses the “matomo” tracking tool; this is an open source web analytics platform. This tracking tool helps us to make the Internet offer more interesting to you and to improve the user experience. Here, data about the use of our website is stored in pseudonymous user profiles. Cookies can also be used for this purpose. Additional information about matomo can be found at: https://matomo.org/

You can prevent capture through matomo when you revoke the cookies.

Please note, however, that deleting your cookies will result in the opt-out cookie being deleted as well and, if necessary, re-activated by you.

9. Links to third-party sites

When visiting our website, you may see content linked to third party websites. XFT has no access to the cookies or functions used by these third parties, nor can XFT control them. Such third parties are not subject to the data protection provisions of XFT. In such cases, the data controller will be the provider of the third party website. Please carefully read the data protection statement applicable to the relevant websites.

10. Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and allows you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. This is done regardless of whether or not Google provides a user account that you are logged in to. If you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or tailor-made website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. To exercise this right, please contact Google directly.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy policy of the provider. There you will also find further information about your rights and settings options for the protection of your privacy: http://www.google.de/intl/en/policies/privacy. Google also processes your personal information in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

11. Security and hosting

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
Our website is hosted on the systems of the  all-inkl.com data center (accessible at ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, D-02742 Friedersdorf). Between XFT and all-inkl.com an agreement has been concluded for data processing to be carried out on behalf of the controller, in accordance with data protection legislation. Amongst other things, all-inkl.com assures that the data is used exclusively for the contractually agreed-upon service, so that it is kept strictly confidential and no data is passed on to third parties.  The legal basis for processing the data in this context is Article 6(1)(f) GDPR. We have a legitimate interest in using the hosting services of all-inkl.com. More about data protection at all-inkl.com can be found here: https://all-inkl.com/info/datenschutzinformationen/

12. Rights of the Data Subject

With regard to the collection of your data, you have the right to information, revocation, data transferability, rectification, erasure, restriction of the processing and the bringing of complaints concerning your personal data stored by XFT at any time. XFT endeavors to process your requests quickly.

12.1. Right of access to personal data

You have the right to ask us to confirm whether and how we process personal data.

12.2. Right of revocation of your consent

You have the right to revoke your consent to the processing of data at any time. This right applies with effect for the future; the data collected up to the legal force of the revocation remain unaffected by this. The processing of your personal data by virtue of a permission granted by law (e.g. for the execution of a contract) remains possible, provided that the statutory requirements are met.

12.3. Right to object

You have the right, at any time, to object to the processing of your personal data on grounds relating to your particular situation, based on Article 6 (1)(f) GDPR. Following your objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If, without your consent, your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.
If you would like to object to data processing, please contact us using the contact details given above.

12.4. Right to data portability

You are entitled to receive the personal data you have provided to us in a structured, commonly used, machine-readable and interoperable format. You are further entitled to transmit such data to another company without our interference. Pursuant to the legal provisions, you have the right to request that your data is transferred from us to a different processor.

12.5. Right to rectify, erase or make your personal data unavailable.

You have the right to have your data rectified, deleted or made unavailable. The latter applies, for instance, where the law does not allow erasure.

12.6. Right to restriction of processing

You have the right to restriction of the processing, i.e. to “halt” the processing so that only data that cannot be deleted for various reasons (e.g. retention period) are processed in a very restricted manner.

13. Automated decision

You have the right not to be subject to a decision which is based solely on automated processing – including profiling – and which produces legal effects concerning you or similarly significantly affects you. In particular, you have the right to obtain human intervention from the controller to express your point of view and to challenge the decision.

13.1. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, provided you have grounds for complaint.

14. Note on the use of trademarks

SAP, SAP S/4HANA, SAP NetWeaver, SAP Business ByDesign, SAP Hybris, SAP SuccessFactors and the other SAP products and services mentioned in the materials are trademarks or registered trademarks of SAP SE and are may be used on this homepage without explicit reference to the trademark.

15. Changes to this statement

We may update this privacy policy from time to time. We therefore recommend that you read this data protection statement regularly so that you are familiar with our data protection practices. This privacy policy was last updated on May 29, 2019.

For further questions and concerns regarding data protection at XFT, please contact the Data Protection Officer of XFT at:

XFT GmbH
Altrottstraße 31
69190 Walldorf

16. Changes to this statement

We may update this privacy policy from time to time. We therefore recommend that you read this data protection statement regularly so that you are familiar with our data protection practices. This privacy policy was last updated on May 29, 2019.