Privacy Policy

XELANED GmbH
Munich Airport Business Park
Lilienthalstr. 27
85399 Hallbergmoos

E-Mail: info[at]xelaned.de
Telefon: +49-811-9986140

If a processor is used for individual processing operations, this is done on the basis of a contract pursuant to Art. 28 GDPR.

If there is no legal obligation to designate a data protection contact, no data protection contact is designated. For privacy inquiries, please use the contact details in section 1.

This website is provided and protected using services of Cloudflare, Inc. ("Cloudflare") (e.g., content delivery network, DDoS protection, web application firewall, TLS termination, and performance optimization). In doing so, Cloudflare processes connection and access data that is technically necessary to deliver content and defend against attacks.

Processed data (typical): IP address, date/time of the request, requested URL/referrer, HTTP headers (e.g., user agent), status codes, data volume transferred, and security-relevant telemetry (e.g., to detect abusive access).

Purposes: Delivery of the website, ensuring IT security, abuse and fraud prevention, error analysis, and stability.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and uninterrupted operation) and—where required—Art. 6(1)(b) GDPR (provision of the website in the context of pre-contractual communication via the website).

Recipients: Cloudflare (as processor). Additional recipients arise only where this is necessary to defend against attacks or to fulfill legal obligations.

Third-country transfer: Cloudflare is a U.S. provider. Processing may also take place in third countries (especially the USA). Protective mechanisms may include appropriate safeguards (e.g., standard contractual clauses) and—where applicable—adequacy mechanisms (e.g., EU-U.S. Data Privacy Framework).

Storage period: Server and security logs are retained only as long as necessary for security, error analysis, and abuse prevention, and are then deleted or anonymized unless statutory retention obligations prevent this.

We do not use tracking, marketing, or analytics cookies on this website. In our view, no cookies are required for the mere display and navigation of the website.

However, due to the use of Cloudflare, technically necessary cookies may be set depending on enabled security functions (e.g., for bot/abuse detection or load balancing). Such cookies serve exclusively the security and functionality of the website.

Legal basis: Where technically necessary cookies are used, this is based on Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG (technically necessary). For optional functions, consent under Section 25(1) TDDDG would be obtained if ever used.

If you contact us via a form or submit a workshop request, we process the data you provide to handle your request.

Processed data (depending on the form): Name, email address, phone number (optional), company information (optional), content of the message/request, and transmission metadata (e.g., timestamp, IP address, technical headers).

Purposes: Handling your request, communication, preparation/initiation of a contract, documentation of communication, and prevention of abuse (e.g., spam).

Legal bases: Art. 6(1)(b) GDPR (pre-contractual measures/contract) and/or Art. 6(1)(f) GDPR (legitimate interest in efficient communication and abuse prevention). If you voluntarily provide additional information, this is processed on the same legal basis for handling your request.

Recipients / internal processes: Form contents are processed in internal systems for handling (e.g., central mailboxes and/or ticketing systems). Microsoft 365 (Exchange Online) may be used for technical delivery and processing, where applicable via an API connection (e.g., Microsoft Graph). Access is granted exclusively to authorized persons. Permission and deletion concepts are in place (need-to-know, role-based principle, logging, regular permission reviews).

Third-country transfer: When using cloud/SaaS services (e.g., Cloudflare, Microsoft 365), processing outside the EEA cannot be ruled out. In this case, appropriate safeguards are agreed (e.g., standard contractual clauses and, where applicable, adequacy mechanisms such as the DPF).

Storage period: Requests are deleted once they have been conclusively handled and retention is no longer necessary for documentation or for asserting/defending claims. For contract-related matters, statutory retention periods apply to the relevant documents (e.g., under commercial and tax law).

Subject to the applicable legal requirements, you have the following rights: access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

We update this privacy policy as soon as changes to the procedures used or legal adjustments make this necessary.