Data Protection

  1. Preliminary Remark

1.1 Xeem is a registered trademark of ITCS Conference GmbH (“Xeem”) and operates under the domain www.xeem.de (“Platform”) an innovation and placement or networking platform that enables private individuals to acquire or train future-relevant skills (hereinafter “Future Skills”) and to get to know potential future employers as part of an innovative application process. In the course of the takeover of the business activities of the former xeem GmbH by ITCS Conference GmbH in March 2025, personal data of users, customers and partners were taken over. This data is processed exclusively for the purposes stated in this privacy policy. This data was taken over by ITCS Conference GmbH on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR) in order to continue the operation of the platform and to continue to inform users about relevant content.

1.2 The protection of your personal data is important to us. We treat your data confidentially and in accordance with the GDPR, the new BDSG, and the TTDSG.

1.3 This privacy policy applies to the collection, processing, and use of personal data in the context of using the platform and informs you about the type, scope, and purpose.

1.4 This statement applies to all users of the platform – both providers and challengers.

1.5 Responsible party is:

ITCS Conference GmbHMeisengasse 1160313 Frankfurt am MainEmail: info@it-cs.io

1.6 This statement may be adjusted due to legal or operational changes. The current version is always available online.

  1. General Principles of Data Processing

2.1 The subject of data protection is personal data. This includes all information relating to an identified or identifiable natural person (hereinafter "data subject"); a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 We process users' personal data only in compliance with the relevant data protection regulations in accordance with the principles of data minimization and data avoidance. This means user data is only processed if a legal basis exists. That is, in particular, if the data processing is necessary to provide our services, i.e., to carry out online challenges and to contact challengers afterwards.

2.3 Due to your interest in participating in digital challenges from xeem as a challenger to get in touch with interesting companies and potential employers as well as other young talents within the challenges, your personal data (see also 5.4 Registration in this privacy policy) is processed. Your data will only be forwarded to the respective companies whose challenges you participated in and made accessible to your team members in a challenge.Regarding the processing of personal data based on the GDPR, we hereby inform you pursuant to Art. 13 GDPR that the legal basis for consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the fulfillment of our services and execution of contractual measures Art. 6 para. 1 lit. b GDPR, the legal basis for processing for the fulfillment of our legal obligations Art. 6 para. 1 lit. c GDPR, and the legal basis for processing for the protection of our legitimate interests Art. 6 para. 1 lit. f GDPR.

2.4 You have the right to revoke your consent to the data transfer to the respective company at any time by contacting xeem. The lawfulness of the data processing carried out based on the consent until revocation remains unaffected by the revocation. If you revoke your consent, your stored data will be deleted and no longer used.

You can revoke your consent at any time. Processing carried out up to that point remains lawful.

  1. Your Rights

3.1 You have the right to:

Access (Art. 15 GDPR)

Rectification (Art. 16 GDPR)

Erasure (Art. 17 GDPR)

Restriction (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Objection (Art. 21 GDPR)

3.2 Contact us to exercise these rights: info@it-cs.io

3.3 You can also contact a data protection supervisory authority (Art. 77 GDPR).

  1. Security Measures

4.1. We take organizational, contractual, and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are observed and to protect the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

4.2. Security measures include, in particular, the encrypted transmission of data between your browser and our server.

  1. Registration

5.1 The use of the xeem platform and services requires prior registration by users and the creation of a corresponding account. Each user must define a self-chosen password and agree to this privacy policy by ticking a checkbox. For more details, see section 2 of the GTC.

5.2 The user profile is not public and cannot be indexed by search engines.

5.3 The self-chosen password can of course be changed at any time in the account. We store users' passwords only in encrypted form. Your data is stored with us until you request deletion. Extended storage may occur in individual cases if legally required.

5.4 During registration, the following (personal) data is required from:Challengers: First name, last name, address, date of birth (regarding section 2.2 of the GTC), email address, and information about current occupational status (university, course of study, specialization, acquired skills, special knowledge). Additionally, challengers can upload a photo to their profile.Providers must record the company including full legal name, business designation, address, name, first name, email, function, and details on the authorization of the registering person. Providers may also indicate in their profile which positions are generally open.

5.5 The legal basis for processing is Art. 6 para. 1 lit. a and b GDPR.

  1. Contact

6.1 If you contact xeem, we only collect the data you voluntarily share with us via email.

6.2 The processing of the data you provide is based on Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time by sending an informal message via email to the address mentioned above. The legality of the data processing carried out up to the point of revocation remains unaffected.

  1. Newsletter

7.1 Newsletters as well as the registration, dispatch, and statistical evaluation procedure and your right of objection are described here. By subscribing to our newsletter, you agree to receive it and the described procedures.

7.2 Content of the newsletter: We only send newsletters, emails, and other electronic notifications with promotional information (hereinafter "Newsletter") with the recipients' consent or legal permission. If the content of the newsletter is specifically described during the registration process, it is decisive for the user's consent. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.

7.3 Newsletter registrations are logged to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the mailing provider are also logged.

7.4 Mailing service provider: Newsletters are sent via "HubSpot." HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. You can view the privacy policies of the mailing service provider here: hubspot.de/data-privacy/gdpr. More on this in section 9.2.

7.5 Furthermore, according to its own information, the mailing service provider may use this data in pseudonymized form, i.e., without association to a user, to optimize or improve its services, e.g., for technical optimization of the dispatch and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. The service provider does not use the data of our newsletter recipients to contact them themselves or to pass them on to third parties.

7.6 Registration data: To register for the newsletter, it is sufficient to provide your email address.

7.7 The newsletter is sent and its success measured based on the recipient's consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or based on § 7 para. 3 UWG.

7.8 Logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and serves to prove the recipient's consent to receiving the newsletter.

7.9 Cancellation/Revocation: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. If users only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.

  1. Cookies

8.1 Cookies are small text files or pieces of information stored by your browser on your device to save certain information (for later retrieval), or image files such as pixels. When you visit our website again using the same device, the information stored in the cookies is either returned to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

8.2 The stored and returned information enables the respective website to recognize that you have already accessed and visited it using your browser. We use this information to optimally design and display the xeem platform according to your preferences. Only the cookie itself is identified on your device. Each cookie has a specific lifespan indicating how long it will be stored on your device.

8.3 If you click on “Accept All” in the cookie banner or move the toggle to “On,” where possible (see essential cookies, Type 1, which cannot be adjusted), you agree to the use of cookies in accordance with this cookie policy. This selection remains in effect until you revoke it (e.g., by deleting cookies). You can control which cookies are used by setting your preferences accordingly.

8.4 Our website uses (i) temporary cookies and (ii) persistent cookies. Temporary cookies include session cookies. These store a so-called session ID that allows various requests from your browser to be assigned to the same session. This allows your device to be recognized when you return to our website. Session cookies cannot store other data and are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a predefined period, which may vary by cookie.

Cookies are categorized as follows:
• Essential Cookies (Type 1)
• Other Cookies (Type 3)

8.5 Essential Cookies (Type 1)
8.5.1 Essential cookies are necessary for the functionality of our website. They do not identify you as an individual. These are used exclusively by us and are therefore first-party cookies. All information stored in these cookies is returned to our website only.
8.5.2 For example, essential cookies allow you to remain logged in when navigating between different subpages of our site, or to retrieve previously entered text when returning to a page.
8.5.3 The legal basis for essential cookies is Art. 6(1)(f) GDPR. These cookies cannot be individually deactivated, but you may disable cookies entirely via your browser settings, which may impair site functionality.

8.6 Functional Cookies (Type 2)
8.6.1 These cookies allow the site to remember choices (e.g., registered name, language selection, or your location) and provide enhanced, personalized features.
8.6.2 These cookies only store anonymized information and cannot track your browsing behavior on other websites. Legal basis: Art. 6(1)(f) GDPR and Google Ads Data Processing Terms with Standard Contractual Clauses (Module 3: Processor-to-Processor).

8.7 Other Cookies (Type 3)
8.7.1 In addition to essential and performance cookies, other cookies are also used.
8.7.2 Information gathered from anonymized analysis of website usage is used to serve targeted product ads. This benefits users by delivering content aligned with their interests.
8.7.3 Marketing cookies from third-party advertising companies collect data on websites visited to serve interest-based advertising.
8.7.4 Legal basis: Art. 6(1)(a) GDPR.
8.7.5 Marketing cookies used include:

Google Tag Manager
8.7.5.1 Google Tag Manager manages website tags via an interface. It is a cookieless domain that does not collect personal data. It may trigger other tags that might collect data. Learn more: https://www.google.de/tagmanager/faq.html

Facebook Pixel, Custom Audiences, and Facebook Conversion
8.7.5.3 We use Facebook Pixel from Facebook Ireland Ltd., a subsidiary of Facebook Inc., to measure conversions. It helps us track the behavior of visitors who arrived via a Facebook ad. The data collected is anonymous to us but stored by Facebook and linked to user profiles.
Legal basis: Your consent under Art. 6(1)(a), Art. 7 GDPR. You can revoke your consent at any time. Data collected includes:
• Date and time of visit
• URL of visited and referring page
• Browser and OS used
• IP address

You may disable “Custom Audiences” here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Or, if not a Facebook user: http://www.youronlinechoices.com/de/praferenzmanagement/
Data transfers to the USA are based on standard contractual clauses (Art. 46 GDPR). Learn more: https://de-de.facebook.com/about/privacy/

  1. Integration of Third-Party Content and Services

9.1 We use third-party services to integrate content such as videos or fonts based on your consent (Art. 6(1)(a) GDPR). These providers need the user’s IP address to serve content. They may also use pixel tags (web beacons) for statistical or marketing purposes. This data may be stored in cookies and include technical info, referrers, visit time, and device/browser details.

9.2 The following provides an overview of third-party providers and links to their privacy policies, including opt-out options:

Use of HubSpot
HubSpot is a U.S. software company with an office in Ireland:
HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Tel: +353 1 5187500
It supports: email marketing, CRM, landing pages, forms, etc.
Data collected includes:
• Geographic location, browser type, referral URLs
• Performance metrics, viewed pages, session times
• Operating system, ISP, device ID, IP address
• Files displayed, app usage events, etc.

More info:
• Privacy Policy
• EU Data Privacy
• Cookies Used by HubSpot

Legal basis: Your consent under Art. 6(1)(a) GDPR. Data may be transferred to the USA with standard contractual clauses or, if insufficient, based on Art. 49(1)(a) GDPR.

Use of Matomo
Matomo is an open-source web analytics service that uses device fingerprinting. Data is anonymized and randomized every 24 hours. Information is stored on a server operated by a third-party service provider. Legal basis: Art. 6(1)(f) GDPR. Data includes:
• Location (continent, country, city), language
• Device type/model/resolution
• OS, browser, plugins
• (Anonymized) IP address, server request times, referrers

You can opt out by setting an opt-out cookie. If cookies are deleted, the opt-out cookie must be set again.

  1. Facebook Fanpage

10.1 xeem operates a Facebook fan page to promote its platform and engage with users.

10.2 According to a 2018 ECJ ruling, xeem and Facebook are joint controllers (Art. 26 GDPR). See Facebook’s addendum: Page Controller Addendum

10.3 Facebook provides anonymous Page Insights data. xeem cannot link these to individual users. Learn more:
Page Insights Data

10.4 Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

10.5 Facebook is responsible for data subject rights. See: Page Controller Addendum

10.6 More about your rights: Page Insights Data

10.7 If you need help exercising your rights, contact us (see 1.3). We’ll assist where possible.

  1. External Links

Our website contains hyperlinks to third-party websites. When you click one, you are redirected to their site (noted by a change in URL). We are not responsible for how these sites handle your data. Please review their privacy policies directly.

Last updated: May 2025