Privacy policy

Thank you for visiting our website! With this privacy policy, we inform you about the type, scope and purpose of the collection, processing and use of personal data that is collected, processed and/or used when you visit our website. Please note that the following information relates only to our website. If you are redirected to other sites via links on our pages, please inform yourself there about the respective handling of your data.

§ 1 General

The use of the Internet pages of the X-CELL AG is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the X-CELL AG. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, the X-CELL AG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

§ 2 The controller within the meaning of Art. 4 No. 7 GDPR

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is

Kaistrasse 2
40221 Düsseldorf
Düsseldorf, Germany
Phone: 02115988100
The person authorized to represent the company is the Management Board member Christian Schubert.
The person responsible is based in Düsseldorf (register court: Düsseldorf, HRB 63385).

§ 3 Data Protection Officer

If you have any questions about data protection relating to our website and our range of services or to exercise your personal rights, please contact our data protection officer:

Prof. Dr. Thomas Jäschke
Märkische Straße 212-218
44141 Dortmund
Phone: +49 231 543 80398

§ 4 Your rights as a data subject

You can exercise your data protection rights at any time and free of charge. Our data protection officer reviews and responds to each request individually. You can find his contact details under § 3.

Right to information in accordance with Art. 15 GDPR
You have the right to receive information free of charge at any time as to whether we are processing your personal data.

Right to rectification according to Art. 16, right to deletion according to Art. 17, right to restriction of processing according to Art. 18, right to data transfer according to Art. 20 and the right to object according to Art. 21 GDPR
You also have the option of exercising your rights to rectification, deletion or restriction of processing. You can also object to the processing of your data by us at any time.

Revocation in the event of consent according to Art. 7 para. 3 GDPR
If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time with effect for the future. However, your revocation only applies from the point in time at which you express it and has no retroactive effect. The use of your data up to this point in time remains lawful.

Your right to lodge a complaint with the supervisory authority
If you are of the opinion that the processing of your personal data by X-CELL AG is not lawful, you have the right to lodge a complaint with any data protection supervisory authority at any time (pursuant to Art. 55 GDPR). The competent supervisory authority is the

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Bettina Gayk
Kavalleriestr. 2-4
40102 Düsseldorf
T +49 211 384240

For further information and current contact details, please visit the website.

§ 5 Information about cookies

§ 6 Collection of general data and information

The website of the X-CELL AG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. (1) The browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems can be recorded.

When using these general data and information, the X-CELL AG does not draw any conclusions about the data subject. Rather, this information is required on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in order to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. Therefore, the X-CELL AG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. The stored data is stored in the log files for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

§ 7 Contact options

The website of the X-CELL AG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject (surname, first name, telephone number, e-mail address and company) are automatically stored. The provision of further data by you is always voluntary.

Such personal data transmitted by a data subject to the data controller on the basis of your consent (Art. 6 para. 1 lit. a GDPR) granted by clicking the send button will be stored for the purpose of processing or contacting the data subject. You can revoke your consent at any time and without giving reasons with future effect (Art. 7 para. 3 GDPR). In the case of pre-contractual or already contractual relationships, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR.

This personal data will not be passed on to third parties.

§ 8 Application

You can apply for open positions via our website or send us unsolicited applications. As part of the application process, we will process your application data electronically.

Applicant data is only processed to fulfill our (pre-)contractual obligations in the context of the application process in accordance with Art. 88 para. 1, Art. 6 para. 1 lit. b GDPR and in accordance with § 26 BDSG-new.

In order to guarantee that your application is processed exclusively by the authorized person of our company, we ask you to use the application platform provided or to use the contact address that you will find on our "Careers" subpage.

In the event of a rejection, your documents will be deleted or destroyed immediately, whereby the legally stipulated minimum security level will always be observed when destroying the documents. Exceptionally, no immediate deletion will take place if the data requires longer storage of up to 4 months or until the conclusion of legal proceedings due to legal provisions (e.g. due to a burden of proof in accordance with the AGG). The legal basis for this results from Art. 6 para. 1 lit. f GDPR i.V.m. § Section 24 para. 1 no. 1 BDSG.

Our legitimate interest lies in legal defense and enforcement. If we retain your application for a longer period of time in order to contact you again at a later date about career prospects at our company, this will only take place if you have given us your prior consent in accordance with Art. 6 para. 1 lit. a GDPR. Here, too, you have the right to revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by submitting a declaration to us with effect for the future.

In the event of an acceptance and consequently the conclusion of an employment contract, we store your data transmitted to us as part of the application for the purpose of standard administrative and organizational processes. The legal basis for this results from Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR i.V.m. § SECTION 26 BDSG.

§ 9 Deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.

§ 10 Use of Google Analytics

We use Google Analytics on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a web-based analysis tool with which we can analyze the use of our website and make our web presence more interest-oriented.

During your visit to our website, Google Analytics places a cookie on your end device, with which your browser can be recognized and your behaviour analyzed. If subpages of our website are accessed, Google Analytics collects the following personal data, among others

- IP address
- the sub-page accessed and the time of access
- the source of your visit (i.e. which website you came to us from)
- technical information (information about browser, internet provider, end device and screen resolution)
- the achievement of "website goals" (e.g. contact requests, newsletter registrations)

The use of Google Analytics takes place in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 para. 1 TTDSG only if you have given us your consent via the selection in our consent banner. If you have not given your consent, no data processing will take place.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR and without giving reasons with effect for the future by clicking on the "Change consent" link integrated in this data protection declaration (see point 5 on cookies) and thus calling up the consent banner. You can then use the banner to make a new selection. Alternatively, Google provides a deactivation add-on that can be installed on standard Internet browsers. You can find the link to the deactivation add-on at: This add-on ensures that information about your visit to our website is not transmitted to Google Analytics.

We cannot rule out the possibility that personal data may be transferred outside the legal area of the European Union, e.g. to servers located in the USA. Google is subject to the certification of the Data Privacy Framework and guarantees an equivalent level of data protection in the event of a possible data transfer to the USA. Furthermore, we have concluded agreements with Google regarding data processing. Through these agreements, Google assures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject ("EU Standard Contractual Clauses" (Art. 46 (2) lit. c GDPR)).

For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by Google Analytics, please refer to Google's privacy policy:

§ 11 Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

§ 12 Legitimate interests in processing pursued by the controller or a third party

Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

§ 13 Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

§ 14 Legal or contractual provisions for the provision of personal data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

§ 15 Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

© 2024 X-CELL AG