+49-89-200017-50

info@xempus.com
Hilfe

Privacy policy

In the following, we inform you about the processing of personal data when using our offer. Personal data is all data that can be related to you personally, such as name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (DSGVO).

The data protection information for our offer is modular. In order to find the parts that are relevant for you, please note the following overview of the subdivision of the data protection notices:

Part

Designation

This is part for you ...

A

General

... always relevant.

B

Websites, SaaS Products and E-Mail- Marketing ... relevant if you use one of our websites (including landing pages and social media presences) or one of our SaaS products or are an addressee of our E-Mail-Marketing.

C

Business partner

... relevant if you want to work with us as a service provider, supplier or similar partner, are already in an ongoing business relationship with us or used to be.

D

Applicant

... relevant if you are applying for employment with us.

 

Part A - General

 

1. Person responsible

The responsible party pursuant to Article 4(7) DSGVO is Xempus AG, Arnulfstr. 126 in 80636 Munich (Imprint). Our data protection team and our data protection officer can be reached at the e-mail address datenschutz@xempus.com or at our postal address with the addition "data protection team".

2. Data security

We use appropriate technical and organizational security measures to protect your data. These security measures are continuously improved in line with technological developments.

3. Cooperation with processors

In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly monitored.

4. Conditions for the transfer of personal data to third countries

Within the scope of our offer, your personal data may be passed on or disclosed to third party companies. If necessary, these could also be located outside the European Economic Area (EEA), i.e. in third countries. We will inform you about the respective details of such a transfer below at the relevant points.

The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

5. No automated decision making (including profiling).

We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).

6. No obligation to provide personal data.

In principle, we do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. There is no legal or contractual obligation for you as a user to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or not at all if you do not provide the data required for this. If this should be the case within the scope of our offer, you will be informed of this separately.

7. Storage period

If no explicit storage period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we are subject as the responsible party (§ 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

8. Minors

Our offer is not directed at children and young people under the age of 16. Do not use our offer if you have not yet reached the age of 16 and do not transmit any personal data to us. If you have transmitted personal data to us although you are not yet 16 years old, please ask a parent or guardian to contact us.

9. Your rights

9.1 Data subject rights

As a data subject, you have the following rights vis-à-vis a data controller with regard to personal data concerning you:

·         Right to information,

·         Right to correction or deletion,

·         Right to restriction of processing,

·         Right to object to processing,

·         Right to data portability.

9.2 Revocation of consent

If you have given us consent to process your data, you can revoke this at any time with effect for the future by informally notifying us, for example by email to widerruf@xempus.com. The legality of the data processing carried out until the revocation remains unaffected by a revocation.

9.3 Right of complaint

In the event of violations of data protection law, the data subject also has a right of appeal to the competent supervisory authority. The supervisory authority responsible for us is: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss) in 91522 Ansbach.

10. Your right to object

10.1 Right of objection in case of processing based on a legitimate interest

Insofar as we base the processing of your personal data on a legitimate interest pursuant to Article 6(1)(f) DSGVO, you may object to the processing at any time on grounds relating to your particular situation. This also applies to profiling based on this provision.

10.2 Right to object in the event of direct advertising

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising.

 

Part B - Websites, SaaS-Products and E-Mail-Marketing

 

1. Introduction

Websites (including landing pages and social media presences) and SaaS products are hereinafter also collectively referred to as "Online Offer".

2. Online-Offer

The following points listed under this section apply equally to all of our Online Offerings.

2.1 Log Data

When using our online offer for purely informational purposes, your browser automatically transmits the following data to us:

  • Browser type and browser version,
  • Operating system used,
  • Referrer-URL,
  • Host name of the accessing computer,
  • Time of the server request,
  • IP-Adress.

The respective web server with which our online offer is made available stores this information in so-called log files.

The legal basis for this processing is the legitimate interest according to Article 6 (1) lit. f) DSGVO to operate our online offer professionally and securely.

2.2 Processing of data from your end devices ("Cookie Policy")

When using our online offer, technical tools for various functions, in particular also cookies, may be stored on your end device. When you call up our online offer and at any time later, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our website under the menu item Cookie settings.

Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.

You can configure your browser settings according to your preferences and refuse to accept individual or all cookies. We would like to point out that you may then not be able to use all functions of our online offer.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Article 6 (1) f) DSGVO. The basis for this is the legitimate interest in storing cookies for the technically error-free and optimized provision of our online offer.

Insofar as cookies are also used for other purposes (e.g. tracking cookies to analyze your surfing behavior), these are dealt with at the appropriate point in the data protection information. The following types of cookies can generally be used on this offer:

Session-Cookies

Session cookies are mandatory to ensure essential functions of the online offer. Without them, the offer cannot be used as intended. Session cookies are deleted after the end of the use of the online offer. Your consent to the use of these cookies is not required.

Performance-Cookies

Performance cookies record how our online offer is used by visitors, e.g. which pages are called up most frequently by users and whether error messages are displayed. These cookies do not store any other information. They are used exclusively to increase user-friendliness and to tailor the offer more specifically to users. This data is also stored exclusively in anonymized form. The cookies have a lifespan of 13 months.

Marketing-Cookies

Marketing cookies are used to present users with marketing content that is tailored and relevant to them. Enable the use of marketing cookies to allow marketing content to be tailored to your needs and to display relevant content. Select "Allow cookies" in your browser to make the best use of cookies for this online offering. You can manage or disable the use of cookies yourself via the "Cookie settings" option. You can revoke your consent at any time.

2.3 Consent Management Platform

This online offer uses the consent management of Usercentrics GmbH, Sendlinger Straße 7 in 80331 Munich. The purpose of this service is to enable you to manage your consents easily and transparently and thereby comply with our legal obligations. The legal basis for the use is Article 6 (1) lit. c) DSGVO in order to operate our online offer in compliance with the law, in particular in compliance with data protection.

For this purpose, we have concluded a corresponding agreement on order processing (Art. 28 DSGVO) with the service provider, in which we oblige the service provider to handle the transmitted data with care.

2.4 Registration

The legal basis for the processing of personal data during registration is Article 6 (1) lit. b) DSGVO for the implementation of pre-contractual measures, which takes place upon your request. In addition, according to Article 6(1)(f) DSGVO, there is the legitimate interest of the responsible party to identify the users of the portal and thus to create the possibility of operating a system based on user accounts and clients in the first place. Data will only be passed on to third parties or processed for any other purpose in the cases prescribed by law or if we are otherwise entitled to do so vis-à-vis you, e.g. in the case of your consent.

2.5 Customer Management

This online offer uses the CRM platform of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany. The data you provide during registration, when registering for e-mail marketing or when contacting us will also be processed on this CRM platform. The purpose is to process your inquiries more quickly and professionally and to further improve our customer relationship management. We have a legitimate interest in this pursuant to Article 6 (1) f) DSGVO.

 

For this purpose, we have concluded a corresponding agreement on commissioned processing (Art. 28 DSGVO) with salesforce, in which we oblige salesforce to handle the transmitted data with care and not to pass it on to such third parties that are not affiliated with salesforce as a company and only to the extent that it is ensured that the data processed on our behalf remain within the scope of the DSGVO (EU/EEA).

2.6 Statistics and analysis of product usage (General)

If you register with our online offer, we will perform an analysis of your product usage. The results of this analysis are used solely to optimize your and other users' usage experience and to further develop our offer. We will not pass on the results to third parties without a legal basis, e.g. your consent. The basis for the analysis of their product usage is our legitimate interest in the optimized provision of our offer according to Article 6 (1) f) DSGVO, from which you and other users of our offer can benefit.

The data collected from you will be pseudonymized as soon as the processing purpose permits and deleted from our servers at the latest when the processing purpose ceases to exist.

You can object to this analysis for reasons arising from your particular situation at any time with effect for the future, for example by sending an E-Mail to widerruf@xempus.com.

2.7 Hosting providers used for the online offer

We make use of the companies named below in order to provide you with our online offer. For this purpose, we require computing capacity, storage space and database services as well as technical maintenance services.

As the responsible party, we have a legitimate interest in the use of these services for the technically error-free and optimized provision of our online offer in accordance with Article 6 paragraph 1 lit. f) DSGVO. In the context of hosting, inventory, contact, content, contract, usage, meta and communication data of users of our online offer are processed. For this purpose, we have concluded a corresponding agreement on order processing (Art. 28 DSGVO), in which we obligate the hosting provider to handle the transmitted data with care and not to pass it on to third parties.

2.7.1 The unbelievable Machine Company GmbH, Grolmanstr. 40, 10623 Berlin

2.7.2 neo-scale GmbH, Herdweg 62 in 70174 Stuttgart

2.7.3 Host Europe GmbH, Hansestraße 111, 51149 Köln

2.7.4 ORACLE Deutschland B.V & Co. KG, Riesstraße 25, 80992 München

2.7.5 salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München

3. Other services used for the online offer

3.1 Managed by our Consent Management Platform

 

3.2 Two-factor authentication

You can increase the security of your user account by enabling two-factor authentication (2FA). If you choose the 2FA, where you want to receive a one-time code via SMS for a login, our offer uses the services of Messagebird, a service of MessageBird B.V., Trompenburgstraat 2C, 1079 TX Amsterdam, The Netherlands, to send you this code to the mobile phone number you have provided. The privacy policy of Messagebird can be found at: https://www.messagebird.com/de/legal/privacy/.

3.3 Mailing

For mailing purposes, we use the services of Binect GmbH, Brunnenweg 17, 64331 Weiterstadt, Germany, to ensure that letters are created efficiently and securely and sent without errors. As the responsible party, we have a legitimate interest in using these services pursuant to Article 6(1)(f) DSGVO. In the context of mailing, inventory, contact, content, contract, usage, meta and communication data of users of our offer may be processed. For this purpose, we have concluded a corresponding agreement on order processing (Art. 28 DSGVO), in which we obligate the order processor to handle the transmitted data with care and not to pass it on to third parties.

3.4 Appinium

To provide a learning environment, we use the services of Appinium, Inc. These services run entirely in our customer management platform. By using Appinium, we are able to provide our customers with video, content and learning engagement solutions as part of the learning environment we offer. However, for this purpose, Appinium does not collect or store any private information about individuals who access the videos, content and learning through the Customer Management Platform. Appinium's privacy policy can be found at: https://appinium.com/privacy/

3.5 XEMPUS bAV-Check

Before possibly taking out a company pension plan (bAV), our bAV calculator is intended to help you get a better picture on the topic of company pension plans. Our bAV calculator therefore aims to give you an essential reflection of your personal pension situation. In order to achieve a good approximation of the calculation result to your personal circumstances, you must therefore enter some essential parameters (e.g. age, tax class or monthly gross income). If you do not enter these parameters, default values will be used in the bAV calculator, which might match your personal situation only by chance.

If you provide the essential parameters in the bAV Calculator, your information will be processed for the purpose of an approximate calculation of your personal pension situation.

In this context, the processing of the data provided in the bAV calculator is carried out on the basis of Article 6 (1) (b) DSGVO for the purpose of carrying out pre-contractual measures in response to your request. Data will only be passed on to third parties or processed for other purposes if required by law or if we are otherwise entitled to do so, e.g. in the case of your consent.

The data you provide in the bAV calculator will remain with us until you request us to delete it or the purpose of processing no longer applies (e.g. after you have finished using the bAV calculator). Mandatory legal provisions - in particular retention periods - remain unaffected.

3.6 XEMPUS bAV Calculator for Employees

Before you inform your employer about your wish for a company pension plan, our pension calculator should help you to get a better picture of the topic of pension plans. Our bAV calculator therefore aims to essentially reflect your personal pension situation and show you how a bAV can affect your pension situation. In order to achieve a good approximation of the calculation result to your personal circumstances, some essential parameters (e.g. age, tax class, health insurance, state, number of your children, monthly gross income, your contribution to bAV or already existing bAV provisions) must be available. If this information is not available, default values will be used in the pension calculator, which may only coincidentally match your personal situation. If you decide to carry out an exact calculation and enter the necessary data, we will send this to the tariff calculation core of the pension provider in order to receive a detailed offer from them. On the basis of this calculation result, you can then submit your desired occupational pension plan to your employer.

The processing of the data provided in the bAV calculator is carried out on the basis of Article 6 (1) (b) DSGVO for the purpose of carrying out pre-contractual measures in response to your request.

The data you provide in the bAV calculator will remain with us until you request us to delete it or the purpose of processing no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

4. websites (including landing pages and social media presences)

4.1 Domain xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.2 and the following services are used in addition to section 2:

XEMPUS bAV-Check, as described under section 3.5.

4.2 Domain welcome.xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.3 and the following services are used in addition to section 2:

4.3 Domain videoberatung.xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.3 and the following services are used in addition to section 2:

4.4 Domain connected.xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.4 and the following services are used in addition to section 2:

4.5 Domain help.xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.5 and the following services are used in addition to section 2:

4.6 Domain community.xempus.com

Contents of this domain are provided with the help of the company mentioned in section 2.7.5 and the following services are used in addition to section 2:

Appinium, as described under clause 3.4.

4.7 Landingpages of the bAVnet

You can easily recognize that you are currently using the landing page of a bAVnet by the fact that the called domain is my-hogarenteplus.de or the domain ends with bav.net.

Contents of these pages are provided with the help of the company mentioned in section 2.7.1 and the following services are used in addition to section 2:

4.8 Social Media Presence

We maintain the following social media channels:

4.8.1 https://www.linkedin.com/company/xempus-ag

4.8.2 https://www.xing.com/pages/xempus

4.8.3 http://www.facebook.com/xempus.vorsorge

4.8.4 https://twitter.com/XempusAG

4.8.5 https://www.youtube.com/channel/UCf9rku7ISyeahcfbR08omQA

4.8.6 http://www.kununu.com/de/xempus

5. SaaS-Products

5.1 XEMPUS manager

Xempus manager is our SaaS solution for employers for simple portfolio management and handling of company pension plan processes. You can easily recognize that you are currently using XEMPUS manager by the fact that the "XEMPUS premium products" are referenced in the footer of the page. XEMPUS manager is provided with the help of the company mentioned in section 2.7.1 and the following services are used in addition to section 2:

Two-factor authentication, as described in Clause 3.2.
Mailing, as described under number 3.3.

5.2 XEMPUS advisor

XEMPUS advisor is our SaaS solution for intermediaries to support advising employers and employees on occupational pension plans. You can very easily recognize that you are currently using the XEMPUS advisor by the fact that the product name "XEMPUS advisor" or "bAVberater" is explicitly mentioned in the footer of the page. XEMPUS advisor is provided with the help of the company mentioned in section 2.7.1 and the following services are used in addition to section 2:

Two-factor authentication, as described in Clause 3.2.

5.3 myXEMPUS

myXEMPUS is our SaaS product for employees on the subject of company pension plans. You can easily recognize that you are currently using myXEMPUS by the fact that the address you are calling up starts with my.xempus.com. myXEMPUS is provided with the help of the company mentioned in section 2.7.1 and the following services are used in addition to section 2:

Two-factor authentication, as described in Clause 3.2.

XEMPUS bAV calculator for employees, as described under Number 3.6.

6. E-Mail-Marketing

6.1 E-Mail-Marketing with your consent

With your consent, we will send you information (e.g. on news, promotions, events or surveys) on our company, its services and products and on the subject of occupational pension provision by e-mail with a personal address. This includes in particular our newsletter or e-mails on other occasions, such as the publication of new product features, a new tutorial on the product or information on our current promotions and offers.

Legal basis

The data processing with regard to this e-mail communication is based on your consent in accordance with Article 6 (1) a) DSGVO, Article 7 DSGVO in conjunction with. § Section 7 (2) no. 2 UWG.

Your consent is secured and logged by us using the double opt-in procedure in order to be able to prove consent in case of doubt. The logging, in particular of the time of consent and the time of confirmation of your consent, is based on Article 6 paragraph 1 lit. f) DSGVO. According to this, we have a legitimate interest in operating secure and legally compliant e-mail communication in order to prevent or avoid any misuse and not to harass third parties.

You can revoke your consent or unsubscribe from our email communication at any time. For this purpose, we provide a corresponding link in each of these e-mails. Alternatively, you can also stop receiving such e-mails in the future at any time by sending an informal declaration to us, for example by e-mail to widerruf@xempus.com. The legality of the data processing operations already carried out remains unaffected by a revocation or unsubscription.

Storage period

The data you have deposited with us for the purpose of receiving these e-mails will be stored by us until you unsubscribe or revoke your subscription and will then be deleted both from our servers and from the servers of a service provider used by us. Data that we store for other purposes remain unaffected by this.

For example, we may continue to store your e-mail address for up to four years on the basis of our legitimate interest, so that we can prove consent previously given. The processing of this data is limited to the purpose of a possible defense against claims. The data will be deleted after the purpose of processing no longer applies. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed to us at the same time.

6.2 E-Mail-Marketing to registered users

We will inform our registered users from time to time by e-mail about our own similar products and services of Xempus AG. We have a legitimate interest in this pursuant to Article 6 (1) (f) of the German Data Protection Act (DSGVO), so that we may, for example, send you information about Xempus AG products to the e-mail address you provided during registration (Section 7 (3) of the German Unfair Competition Act (UWG)).

You can object to this use of your e-mail address at any time by informally notifying us, for example by e-mail to widerruf@xempus.com. Alternatively, you can also use the link provided for this purpose in the e-mail sent by us. At no time will your objection incur any costs other than the transmission costs according to the prime rates.

6.3 E-Mail-Marketing with Eloqua

We use the marketing automation software "Eloqua" from the provider Oracle to send e-mails. Our contractual partner is ORACLE Deutschland B.V & Co. KG, Riesstraße 25, 80992 Munich; the application is operated in data centers in the EU. You can view ORACLE's privacy policy at https://www.oracle.com/de/legal/privacy/.

Eloqua is used to prepare, send and track or analyze marketing emails to track whether our emails are opened and which links are clicked. The application is only used if consent has been given. With regard to the tracking of marketing emails, the tracking data collected is only linked to the email address and website tracking data. The analysis helps us to technically improve the e-mail dispatch and to better adapt the content of the e-mails to your interests and the interests of readers in general in the future. Reference is made to the existing rights of the user. If you do not wish to receive the tracking within our marketing e-mails, you must terminate the e-mail subscription.

 

Part C - Business partner

 

If you are in a business relationship with us as a contractual partner, service provider or supplier, we also use the following services to ensure smooth communication with you:

Services used:

Microsoft Teams

If we invite you to a meeting, we use the Microsoft Teams software for video and/or audio transmission.

 

Part D - Applicant

 

If you are applying for employment with us, please note the following information:

Application procedure

The job advertisements on our website are linked to our online application procedure, for which a separate data protection declaration is stored.

If you do not use this online application procedure and apply directly to us by e-mail as part of a speculative application, for example, we will collect and process your personal data for the purpose of processing the application procedure. The legal basis for this is Article 6(1)(b) DSGVO for the implementation of pre-contractual measures that take place at your request.

 

Data protection notice of Xempus AG - version of 15.09.2022