Data Protection

Thank you for your interest in data protection. The protection of your personal data is important to us. In the following, we would like to inform you about which of your personal data we process when you use our offers and the processes described below.

Personal data (hereinafter referred to as "data") is all information that can be related to you personally, e.g. your name, your e-mail address and your use of our offers.

Controller

The “controller“ within the meaning of the General Data Protection Regulation (GDPR) (responsible person) is the UXMA GmbH & Co. KG, Düvelsbeker Weg 12, 24105 Kiel, info@uxma.com.

You can contact our data protection officer by e-mail at privacy@uxma.com or by post to our address, with the addition "the Data Protection Officer".

Browser data

When you visit our website, the web-server, on which our website is hosted, automatically collects the following data which is transmitted by your browser:

  • IP address of your device

  • Date and time of the request

  • Content of the request (specific page)

  • Access status and transferred data volume

  • Product and version information of your browser

  • Operating system of your device

  • The website from which our website was accessed

This data is necessary for us to display our website, and ensure the stability and security of our website. The recipient in this context is our server host.

The IP address of your device is only stored for the time you use the website and is then immediately deleted or anonymised.

The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.

Functional Cookies

We use cookies to facilitate your use of our website.

Cookies are small text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies enable us to identify your internet browser.

We use cookies to access your preferences, enter your personal data into the input mask in future interactions with our website, or validate your authorization.

Session cookies are automatically deleted when you close the browser. Other cookies are automatically deleted after a preset period, which may vary depending on the cookie. You can find the exact storage period in your browser settings.

You can configure your browser settings according to your requirements, for example, you may refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all of the functions of this website if you do so.

You may delete the cookies in the security settings of your browser at any time.

The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.

Your Enquiry

We provide various methods for contacting us, e.g. our address, our e-mail address, our telephone number, online-appointments, social media, and our contact form (call back service).

When you contact us, we use the information which you provide, such as your e-mail address, your name and the content of your enquiry, in order to process your request.

During the communication, we may also use Messenger. You are entitled to use our other means of communication at any time. The Messenger provider cannot access the message content If the end-to-end encryption is used. However, the Messenger service provider may have access to the information that a communication was made, and which device was used. This information is processed by the Messenger provider, the privacy policy of the Messenger provider applies.

We delete the data that is collected in this process when it is no longer necessary, or we restrict processing if there are legal storage obligations to do so.

The legal basis is Art. 6(1), subparagraph 1(b) GDPR.

Orders

We use external service providers to provide you with a shop system. For this purpose, data is transmitted to the respective service providers and processed by them.

Specifically, we embed services from the following providers on our website:

To process your order, we may pass on your payment data to our payment service providers and your delivery address to our shipping service providers.

The payment service providers process customer data which is necessary to carry out the transaction (including name, e-mail address, IP address and financial transaction data such as account data or credit card number). However, we only receive information on whether a payment has been successfully made. The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions.

According to commercial and tax law, we are obliged to store your order data for ten years. However, we restrict processing after two years, i.e. your data is only used in order to comply with legal obligations.

The legal basis is Art. 6(1), subparagraph 1(b) GDPR.

Method Card Login

After purchasing the method card sets in our shop, you can also access the templates digitally. The six- or seven-digit access code is located on the back of the packaging.

During login, the access code, the time of login, and the email address used will be recorded. By agreeing to our terms of use, you consent to us contacting you for marketing purposes.

We will delete your other data after the expiration of the civil statute of limitations. You can also have your stored data deleted by sending a direct message to us.

The legal basis is Art. 6(1), subparagraph 1 (a) and (b) GDPR.

Applications

We publish job advertisements for recruitment purposes.

To process your application, we need certain data from you.

In addition to your name and contact details, we also need and process your other applicant data, e.g. your application letter, CV, certificates or interview notes.

We delete the data collected during the application process when the data is no longer needed for the purpose of the application. This is the case after a maximum of six months subsequent to the completion of the application process if the applicant has not been appointed. This does not apply if legal regulations do not permit deletion, if the data is required for the provision of evidence, or if you have expressively agreed to a longer storage period.

If we request your consent, e.g. to store your data for a longer period of time, the legal basis is Art. 6(1), subparagraph 1(a) GDPR, § 26(2) BDSG (German Data Protection Act). Otherwise, the legal basis is Art. 6(1), subparagraph 1(b) GDPR, § 26 BDSG.

Business Relationship

We require personal data for the conclusion and execution of contracts for the services offered either by us or by you.

Within the context of initiation or implementation of the contract, we require your personal data for the establishment, implementation and termination of the contractual relationship and fulfilment of the associated contractual obligations. We process your data in order to fulfil the contract with you, as well as to comply with existing legal requirements, e.g. commercial or tax law. This may include the transfer of data to subcontractors, payment service providers or authorities.

According to commercial and tax law requirements, we are obliged to store the contract data for ten years. However, we restrict processing after two years, i.e. your data is only be used in order to comply with legal obligations.

The legal basis is Art. 6(1), subparagraph 1(b) GDPR.

Credit assessment

In individual cases, we reserve the right to obtain credit information from credit agencies prior to the conclusion of a contract if we are obliged to make significant advance payments. This is to protect against payment defaults.

The data communicated by the credit agency is deleted after the decision regarding the conclusion of the respective contract.

The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.

Advertisements to existing customers

If you become a customer, we may use your e-mail address to offer you advertisements for similar goods or services.

You can object to this advertising at any time, in particular by informing us via the contact details given in the Legal Notice. If we do not send you any advertisements for a period of two years, we will bar your e-mail address from receiving advertising. The commercial and tax law provisions relating to your purchase from us apply to the storage of your e-mail address accordingly.

The legal basis is Art. 6(1), subparagraph 1(f) GDPR in conjunction with § 7(3) UWG (German Act Against Unfair Competition), whereby our legitimate interests arise from the aforementioned purposes.

Newsletters

We would like to occasionally send you interesting news and information about our company or our offers in the form of an e-mail newsletter.

For this purpose, we require your consent according to data protection law, and at least the e-mail address to which the newsletter is to be sent. Mandatory information is indicated. Other details are voluntary, e.g. to address you personally, or to individualise the newsletter.

We intend to continuously optimise our newsletter in order to offer suitable content to our readers. For this purpose, we measure the performance of our newsletter. We must therefore inform you that we also evaluate your opening and clicking behaviour.

For the evaluation of opening behaviour, our newsletters contain so-called tracking pixels, which are single pixel image-files stored on our web server. When the newsletter is opened, this tracking pixel is loaded from our web server and information about the e-mail recipient, such as the time of the visit and the recipient’s IP address is transmitted to us.

For the evaluation of click behaviour, our newsletters contain so-called personalised links. If you open such a link, we can collect information about you, in particular that you have clicked on the link.

Although there are technical options for further analysis, we are only interested in receiving aggregated data, i.e. statistical evaluations without profiling, which refer to the opening rate of the newsletter and the opening of individual links.

You may revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in the newsletter e-mail or by sending us a direct message. If we do not send you any advertisements for a period of two years, we will remove your e-mail address from our newsletter distribution list. We will delete your expired declaration of consent after the expiration of the limitation periods under competition and personal rights legislation.

The legal basis is Art. 6(1), subparagraph 1 (a and f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.

Data Processing of our App

Installation and In-App Purchases

When downloading the app, necessary information is transferred to the app store you have selected (e.g., Google Play or Apple App Store). This information may include your username, email address, account customer number, download time, payment information, and the individual device identifier. The processing of this data is exclusively carried out by the respective app store and is beyond our control.

Used Data

During your app usage, we automatically collect certain necessary data. This includes:

  • the device ID

  • the version of your operating system

  • the time of access

This data is automatically transferred to us, but not stored, to provide you with the service and associated functions, improve features and performance, and prevent or address misuse and malfunctions. This data is technically necessary for us to display our app to you and ensure stability and security.

In some cases, you must provide personal data to use certain app functions. Your data is stored locally on your device. Only the information required for transmission is processed and stored. The stored information is only accessible to you. We delete the data collected when storage is no longer necessary or restrict processing if there are statutory retention requirements.

The legal basis is Art. 6(1), subparagraph 1 (b and f) GDPR, with our legitimate interests arising from the aforementioned purposes.

Permissions

App functions may require technical access permissions from your device. The required permissions are displayed to you in the app store (e.g., Google Play or Apple App Store) before download. At the latest, during the first use, the mentioned functions, if requiring consent, will be explicitly requested on the device and can be confirmed or denied. Generally, granted permissions can be revoked at any time in the device settings, though this depends on the device or operating system and is beyond our control.

The access permissions may include:

  • Internet: Required to establish a connection (Wi-Fi / mobile network) and save inputs on our servers.

  • Wi-Fi/Network Connection: Retrieve Wi-Fi/network connection: Required to check if an internet connection exists or can be established; establish and disconnect Wi-Fi/network connection: Required to establish or disconnect a Wi-Fi/network connection.

  • Push Notifications: Required to send messages with information and offers to the device.

The legal basis is Art. 6(1), subparagraph 1 (a or b) GDPR.

Third party services

We use third-party services to optimise our offers.

A direct connection to the servers of the third-party provider may be established when you visit an offer that contains such a service. The third-party provider therefore receives information that you or your IP address have accessed the corresponding page of our offer.

If you are logged in to the service provider, the third-party provider can assign the visit to our offer to your account. If you interact with the services, for example by clicking a button, this will be transmitted directly from your end device to the third-party provider. If you do not wish for collection of your personal data by a third-party provider with whom you have an account, you must log out of the respective account before visiting our offers.

In some cases, identification and recognition procedures are used, which are stored on your device and/or are generated from automatically transmitted information. These may include cookies or fingerprint procedures. If necessary, we can provide a tool with which you can control the use of these procedures.

Please refer to the data protection declarations of the respective provider for the scope of collection and use of your data as well as your rights and setting options for protection of your privacy by the third party provider.

Embedded services:

We embed third-party services to make our offers more informative by the provision of additional services.

Specifically, we embed services from the following providers on our website:

Analysis services:

We use analysis services to record and statistically evaluate the user behaviour of visitors to our offers and to use the results to improve our offers and make them more interesting to you as a user.

In detail, we use the following analysis tools on our website:

Advertising Services:

We use advertising and performance measurement services to show you suitable advertising on the basis of your potential interests and to measure the effectiveness of our advertising. With this, your usage behaviour when you visit our own or other offers is evaluated, and/or advertising is tailored to you on the basis of other data which is available to the advertising service.

We do not collect or process any data ourselves. We only receive statistical evaluations from the advertising service. These evaluations enable us to identify which of the advertising measures are particularly effective and to optimise these.

In particular, we use the following advertising services or services for performance measurement on our website:

If we request your consent for use of the services, the legal basis is Art. 6(1), subparagraph 1(a) GDPR. Otherwise, the legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.

Service provider

We have concluded corresponding contracts with service providers who cooperate with us for processing in accordance with Art. 28 GPDR.

If we utilise service providers in so-called third countries outside the European Union or the European Economic Area, on the basis of special guarantees such as contractual obligations, your data will only be processed in third countries with a level of data protection which is approved according to the standard data protection clauses of the EU Commission.

We will be glad to provide you with more detailed information on request.

Presentations on social media

We make presentations on social media to communicate with our customers, interested parties and users and inform them about our services. In general, cookies are stored on the users' computers. Cookies are small text files which are stored on the hard drive, from which the site which sets the cookie (in this case the social network) can obtain certain information.

Cookies enable the creation of statistics on the use of a presentation on the social network. For this reason, we have concluded an agreement on the joint control of the processing of personal data. The processing may take place regardless of whether you have a profile on the social network and are logged in to it during your visit. In addition, user data is also regularly used for advertising purposes by creating user profiles (especially of registered users) for usage behaviour. User data is also used to place suitable advertisements. The social network can also associate the visit to our presentation with your profile. In relation to our posts or visits to our presentation, we can view statistics (esp. demographic and geographic) about usage in anonymized form. If necessary, the social network offers you a tool or setting options with which you can control the use of these procedures.

The legal basis for the operation of our presence on social media is Art. 6(1), subparagraph 1(f) GDPR. Our legitimate interest is the comprehensive and optimised information of users. We wish like to point out that only the relevant social network has access to the full data and therefore any demand for information should be made directly to the social network.

Joint Controller agreement:

The social network may provide us with information about the behaviour of visitors to our presentation, but only in the form of statistics. The insights gained help us to improve our offers and make them more interesting to you as a visitor. We have entered into a joint controller agreement with the social network for this purpose, in connection with the collection of data from our visitors.

In detail, we have concluded an agreement with the following social networks:

Information, including the nature, scope and purpose of processing and exercise of your rights can be found in the information provided.

Your rights

You have the following rights with respect to your data:

  • Right to information

  • Right of correction or deletion

  • Right to limit processing

  • Right to object to processing

  • Right to data transferability

  • Right to complain to a data protection supervisory authority

If you have granted us permission to process your data, you may revoke this permission at any time with effect for the future.

You can object to direct mail at any time. If your particular circumstances require, you can also object to processing at any time on the basis of Art. 6(1), subparagraph 1(f) GDPR.

Ready to start something big together?