Data protection

1. Preliminary remarks

1.1 Xeem GmbH ("hereinafter "Xeem") operates an innovation and mediation or networking platform under the domain www.xeem.de ("hereinafter "Platform"), which enables private individuals to acquire or train future-relevant skills (hereinafter "Future Skills") and to get to know potential future employers as part of an innovative application process.

1.2 We attach great importance to the protection and security of your personal data. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. We strictly comply with the legal provisions of the European Data Protection Regulation ("DSGVO"), the Federal Data Protection Act-new ("BDSG-Neu") and the Telecommunications-Telemedia Data Protection Act ("TTDSG") when collecting, processing and using personal data. Therefore, please read the Privacy Policy carefully and attentively.

1.3 This privacy policy applies to the collection, processing and use of personal data in the context of the use of the platform and informs you about the nature, scope and purpose of the processing of personal data on our website.

1.4 This Privacy Policy applies to you regardless of whether you register with Xeem as (i) a Provider or (ii) a Challenger. Providers are companies that offer an online challenge (hereinafter "Providers"), online challengers are participants who take part in an online challenge ("Challengers", together with Providers the "Users").

1.5 The provider of the website and responsible for data protection is

Xeem GmbH,
represented by the shareholders:
Géraldine Ulrichs, Janine Weirich & Cornelius Huhn. 
Hilpertstrasse 31
 64295 Darmstadt

Phone: +49 15678 414619
 E-mail: info@xeem.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

1.6 Since legal or regulatory changes or changes to our internal company processes may make it necessary to adapt this data protection declaration, we ask you to read through this data protection declaration regularly. The data protection declaration can be accessed, saved and printed out at any time under "Data protection declaration" on our website.

2 General principles of data processing

2.1 The subject of data protection is personal data. This covers all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 We process users' personal data only in compliance with the relevant data protection provisions in accordance with the principles of data economy and data avoidance. This means that the users' data will only be processed if a legal permission exists. I.e., in particular if the data processing is necessary to provide our services, i.e., to carry out the online challenges and to contact the challengers afterwards.

2.3 Due to your interest in participating in digital Challenges of Xeem, as a Challenger, in order to get in contact with interesting companies and potential employers as well as other young talents in the context of the Challenges via this way, the processing of your personal data (see also 5.4 Registration in this Privacy Policy) takes place. Your data will only be forwarded to the respective companies in whose Challenges you have participated as well as to their team members of a Challenge.
With regard to the processing of personal data on the basis of the DSGVO, we hereby inform you in accordance with Art. 13 DSGVO that the legal basis for consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures is Art. 6 (1) lit. b DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.

2.4 You have the right to revoke your consent to data transfer to the respective company at any time vis-à-vis Xeem. The revocation of consent does not affect the legality of the data processing carried out on the basis of the consent until the revocation. If you revoke your consent, your stored data will be deleted and will not be used further.

3 Your Rights

3.1 You have the right as a data subject
-to information about the personal data stored about you, Art. 15 DSGVO;
-to correction of incorrect or incomplete data, Art. 16 DSGVO;
-to erasure of personal data, Art. 17 DSGVO;
-to restriction of processing, Art. 18 GDPR;
-to data portability, Art. 20 DSGVO; and
-to object to the processing of personal data concerning you, Art. 21 DSGVO.

3.2 To exercise these rights, you may contact Xeem at any time - e.g. via the contact information mentioned in section 1.5.

3.3 You also have the right to lodge a complaint with a competent data protection supervisory authority, Art. 77 DSGVO.

4. Security measures

4.1 We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

4.2 The security measures include in particular the encrypted transmission of data between your browser and our server.

5 Registration

5.1 The use of the platform and services of Xeem requires prior registration and the creation of a corresponding account on the part of the user. In doing so, each user must define a self-selected password and agree to these data protection provisions by placing a check mark. For further details, please refer to section 2 of the GTC.

5.2 The user profile is not public and cannot be indexed by search engines.

5.3 The self-defined password can of course be changed in the account at any time. We store the user's password only cryptographically. . Your data will be stored by us until you have initiated the deletion of this data. Further storage may take place in individual cases for a specific purpose if this is required by law.

5.4 During registration, the following (personal) data is collected by the
Challenger the following (personal) data is required: First name, last name, address, date of birth (with regard to section 2.2 of the GTC), e-mail address and information on the current professional status (university, course of study, specialization in studies, acquired skills, special knowledge) is required. In addition, Challengers have the opportunity to upload a photo in their profile.
Providers must enter the company including the complete company name, company identification, as well as the address, surname, first name, e-mail, function and information on the power of representation of the person registering the provider. Providers also have the option to store in the provider profile whether and which positions are to be filled in principle.

5.5 The basis for the processing is Art. 6 para. 1 lit. a or b DSGVO.

6. Contacting

6.1 When you contact Xeem, we only collect the data that you have voluntarily provided to us via email.

6.2 The processing of the data provided to us is based on Art. 6 para. 1 lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication to us by e-mail to the e-mail address mentioned at the beginning is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

7 Newsletter

7.1 Newsletters as well as the registration, dispatch and the statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

7.2 Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "Newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our products, offers, promotions and our company.

7.3 The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

7.4 Shipping service provider: The newsletter is sent using "MailChimp", a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: mailchimp.com/legal/privacy/. The legal basis for the processing in the third country is: Mailchimp Data Processing Addendum | Mailchimp.

7.5 Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the shipping and display of the newsletters or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

7.6 Registration data: To register for the newsletter, it is sufficient to provide your e-mail address.

7.7 The newsletter is sent and its success is measured on the basis of the recipients' consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or on the basis of § 7 Para. 3 UWG.

7.8 The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO and serves as proof of consent to receive the newsletter.

7.9 Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.

8. Cookies

8.1 Cookies are small text files or information elements that are stored by your browser on your terminal device to store certain information (for later retrieval), or image files, such as pixels. The next time you call up our website with the same terminal device, the information stored in cookies is subsequently sent back either to our website ("first party cookie") or to another website to which the cookie belongs ("third party cookie").

8.2 Through the stored and returned information, the respective website recognizes that you have already called up and visited it with the browser of your end device. We use this information to be able to optimally design and display the Xeem platform according to your preferences. Only the cookie itself is identified on your end device. The cookies each have a specific lifetime, which indicates how long it is stored on your end device.

8.3 If you (i) either click on "Accept all" in the cookie banner (ii) or move the slider to the right to "On", as far as possible (see essential cookies, type 1, where no adjustment is possible), you agree to the use of cookies in accordance with this cookie information. This choice is then valid until revoked (e.g. by deleting the cookies). You can determine which cookies can be used by making the aforementioned decision yourself.

8.4 Our website uses (i) temporary cookies and (ii) persistent cookies. Temporary cookies include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These session cookies cannot store any other data. Session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie.

More precisely, a distinction can be made between the following cookies:
-Essential cookies (type 1).
-Other cookies (type 3).

8.5 Essential cookies (type 1)
8.5.1 Essential or, in other words, absolutely necessary cookies ensure functions without which you cannot use our website as intended. These do not identify you as an individual. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is returned to our website.
8.5.2 Essential cookies are used, for example, to ensure that you, as a logged-in user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page or to remind you when you have entered a certain text on one page and want to return to another page.
8.5.3 The legal basis for the use of essential cookies is Art. 6 para. 1 lit. f DSGVO. For this reason, essential cookies cannot be individually disabled or enabled. However, you have the option to generally deactivate cookies in the browser at any time. However, this may lead to functional restrictions in connection with the use of our website.

8.6 Functional cookies (type 2)
8.6.1 Functional cookies enable our website to store information you have already provided (such as registered name, language selection or the location you are in) and to offer you improved and more personalized online functions based on this information.
8.6.2 These cookies collect and store only anonymized information with the consequence that your user behavior cannot be tracked on other websites. The legal basis for the use of functional cookies is Art. 6 para. 1 lit. f DSGVO.
is used on the basis of the Google Ads Data Processing Terms with Standard Contractual Clauses: Google Ads & Measurement: Standard Contractual Clauses (Module 3: Processor-to-Processor).

8.7 Other Cookies (Type 3)
8.7.1 Apart from the (i) essential and (ii) functionality and performance cookies, there are other cookies that we use.
8.7.2 Information obtained by us via cookies from an anonymized analysis of the usage behavior of visitors to our websites is also used to show you specific advertising for certain of our products on our own websites. We believe that you as a user benefit from this because we display advertising or content that we assume, based on your surfing behavior, matches your interests and you are thus shown less randomly scattered advertising or certain content that might be of less interest to you.
8.7.3 In addition, there are marketing cookies that come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.
8.7.4 For all cookies mentioned below, the legal basis is Art. 6 para. 1 lit. a DSGVO.
8.7.5 Marketing cookies used (type 3)
Google Tag Manager
8.7.5.1 Google Tag Manager is a solution that allows website tags to be managed via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. Only for the sake of transparency and factual context, Google Tag Manager is mentioned here. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites.
8.7.5.2 The tool provides for the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this personal data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager. For more information, please visit: google.de/tagmanager/faq.html.
Facebook Pixel, Custom Audiences and Facebook Conversion.
8.7.5.3 For conversion measurement on our website and online platform, we use the visitor action pixel ("Facebook Pixel"). This service is provided by Facebook Ireland Limited,4 Grand Canal Square,Dublin 2, Ireland
a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").

We use the Facebook pixel to track the behavior of our website visitors once they have been redirected to our website by clicking on a Facebook ad. Thus, the effectiveness of the Facebook ads is evaluated for statistical and market research purposes and future advertising measures are optimized. Data collected in this process is anonymous for Xeem, as the website and online platform. Thus, no conclusions can be drawn about the identity of the users.
Data is only stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. Facebook is thus enabled to place advertisements on Facebook pages as well as outside of Facebook. The use of the data cannot be influenced by us as page operator.
The legal basis for the use of Facebook Pixel is your consent pursuant to Art. 6 (1) lit. a, 7 DS-GVO, which you grant when you accept the corresponding cookie settings when accessing our website. You have the right to revoke your consent at any time with effect for the future. In addition, the storage of cookies can be prevented at any time by the browser settings and cookies already set can be deleted via this. When using the Facebook Pixel, the following data, which is also personal data, is generally collected or transmitted for technical reasons:
-date and time of the visit to the website
-URL of the website on which the visitor is located
-URL of the website that the visitor had previously visited
-Browser used
-Operating system used
-IP address of the visitor

The type and scope of the personal data processed in addition, if applicable, is determined by the individual settings of the respective Facebook user and the information in the respective Facebook profile. You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at facebook.com/ads/preferences. To do this, you must be logged in to Facebook. The settings are platform-independent. This means that they are applied to all devices, such as desktop computers or mobile devices.
If you are not a registered Facebook user, you can also deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:youronlinechoices.com/de/praferenzmanagement.
Facebook also processes your personal data in the USA. If personal data is transferred to the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 DS-GVO.
You can find further information on protecting your privacy on Facebook in Facebook's privacy policy: de-de.facebook.com/about/privacy.

9. Integration of third party services and content

9.1 We use on our platform, on the basis of their consent to the analysis, optimization and economic operation of our online offer in accordance with Art. 6 para. 1 lit. a. DSGVO content or service offers of third party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

9.2 The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options:

Use of Twilio:
For video calls between team members in an online challenge, we use Twilio, a service provided by Twilio Inc, 375 Beale Street, 3rd Floor, San Francisco, California 91405, privacy@twilio.com. For more information about Twilio Inc. privacy practices, please visitwww.twilio.com/legal/privacy. The transmission of video and audio data during the Online Challenge between team members is end-to-end encrypted according to the DTLS-SRTP technical standard. This data will be stored and transmitted exclusively for the duration of the Online Challenge and will not be stored or processed beyond that time. The legal basis for processing the image and sound data generated during the Online Challenge is Art. 6 (1) lit. b DSGVO.

Use of HubSpot:
On this website, we use the service HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500. 
Hubspot is an integrated software solution that we use to cover various aspects of our online marketing.
These include:  Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. user segmentation & CRM), Landing Pages and Contact Forms. 
Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing efforts. 
More information about HubSpot's privacy policy.More information from HubSpot regarding the EU Privacy Policy
More information about the cookies used by HubSpot can be found here.

As part of optimizing our marketing efforts, Hubspot may collect and process the following data: 

Geographic position 
Browser type 
Navigation information 
Referral URL 
Performance data 
Information about how often the application is used 
Mobile apps data - login credentials for the HubSpot subscription service
 - Files that are displayed on site 
Domain names
 - Pages viewed 
Aggregated usage 
Operating system version 
Internet service provider 
IP address
Device identifier 
Duration of visit 
Where the application was downloaded from 
Operating system
 - Events that occur within the application 
Access times - clickstream data 
Device model and version

In addition, we also use Hubspot to provide contact forms.
For more information in this regard, please refer to subsection 7 of this Privacy Policy.
The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a DSGVO. If you do not want the aforementioned data to be collected and processed via Hubspot, you can refuse your consent or revoke it at any time with effect for the future. The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose. In the context of processing via HubSpot, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a DSGVO may serve as the legal basis for the transfer to third countries.

Use of Matomo:
Our website uses Matomo, an open source web analytics service. Matomo uses your device fingerprint to analyze your usage of our website. The device fingerprint stores information that Matomo recognizes as a unique "fingerprint" the next time you visit our website. Your data is immediately anonymized during this process and randomly changed every 24 hours, so that you as a user remain anonymous to us. The information used for the purpose of website optimization is stored on our server. We carry out this type of range measurement and analysis within the scope of our legitimate interest pursuant to Art. 6 (1) f DSGVO. The server on which the data is stored is hosted by a service provider. The legal basis for forwarding the data for this purpose is an order processing contract pursuant to Art. 28 DSGVO.

The following information is stored in the Device Fingerprint:

Location info (continent, country, city, browser language).
Device (type, model, screen resolution)
Software (operating system, browser, browser plugins)
(anonymized) IP address
Times of server request
Links from other websites (referrer)

If you do not agree with the storage and analysis of this data from your visit, you can object to the storage and use below by clicking on the mouse. In this case, a so-called opt-out cookie will be placed in your browser, which means that Matomo will not collect any session data. Attention: If you delete your cookies, this has the consequence that the opt-out cookie is also deleted and may have to be reactivated by you.

10. Facebook

10.1 Xeem also operates a Facebook fan page. This is in order to draw attention to Xeem's platform and to get in contact with Xeem.

10.2 The European Court of Justice ruled in June 2018 that page operators of a Facebook Fanpage, i.e. Xeem, and Facebook are jointly responsible under data protection law within the meaning of Article 26 of the GDPR. Jointly responsible parties are therefore (i) Facebook and (ii) Xeem. For the division of responsibilities between Facebook and Xeem under data protection law, see the following paragraphs and the supplement published by Facebook: facebook.com/legal/terms/page_controller_addendum.

10.3 Facebook creates various anonymous statistical data on a Facebook Fanpage in the form of so-called Page Insights (more on Page Insights can be found here: https://www.facebook.com/business/pages/manage#page_insights). As the operator of the fan page, we have no influence on the generation, presentation and processing of the insights data. We do not receive an assignment of individual data records to specific users. However, this data is generated by Facebook with the help of so-called cookies. We can only set certain parameters as to which data is collected from which target groups. You can find out which information is used on the part of Facebook in the "Information on Page Insights Data" provided by Facebook: facebook.com/legal/terms/information_about_page_insights_data.

These are to the current state:
-Viewing a page or post or video from a page.
-Subscribe or unsubscribe to a page
-Mark a page or a post with "Like" or "Don't like anymore
-Recommend a page in a post or comment
-Comment, share, or respond to a page post (including how to respond)
-Hide a Page post or report it as spam
-From another page on Facebook or from a website outside of Facebook, click on a link that leads to the Page
-Mouse over the name or profile picture of a Page to preview Page content
-Clicking on the webpage button, phone number button, "plan route" button, or any other button on a page
-The information whether you are logged in via a computer or mobile device while visiting or interacting with a page or its content
However, the scope of the data collected above is always subject to change, which is why we ask you to directly access the current scope at the aforementioned link.

10.4 The operation of the Facebook fan page and the processing of your personal data is based on the exercise of legitimate interests (Art. 6 para. 1 lit. f DSGVO).

10.5 In deviation from Sections 16-18, Facebook is responsible for asserting data subject rights. This follows from the following statement: facebook.com/legal/terms/page_controller_addendum Facebook has committed to take responsibility in this. "Facebook Ireland agrees to assume primary responsibility under the GDPR for the processing of Insights Data and to comply with all obligations under the GDPR with respect to the processing of Insights Data (including, without limitation, Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR, and Articles 32 to 34 of the GDPR).(...)." Therefore, please contact Facebook directly in this regard.

10.6 On this website you can learn more about the rights you are entitled to and how you can exercise them: facebook.com/legal/terms/information_about_page_insights_data

10.7 If you need assistance in asserting your rights, please contact us (see section 1.3). We will try to help you accordingly.

11. Miscellaneous

Our website contains hyperlinks to websites of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognize this, among other things, by the change of the URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself directly on these websites about the handling of your personal data by these companies.