← Back

Privacy Policy

Table of Contents

General

As the operator of this website and as a company, we come into contact with your personal data. This refers to any data that says something about you and by which you can be identified. In this privacy policy, we would like to explain how, for what purpose, and on what legal basis we process your data.

The party responsible for data processing on this website and within our company is:

Excelloit Consultancy Services GmbH
Koblenzer Straße 85
56218 Mülheim-Kärlich
Email: datenschutz@excelloit.com

General Information

SSL/TLS Encryption

When you enter data on websites, place online orders, or send emails over the internet, you must always assume that unauthorized third parties may access your data. Complete protection against such access does not exist. However, we do everything we can to protect your data as well as possible and to close any security gaps to the extent feasible.

An important protective mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize this encryption by the lock icon in front of the web address in your browser and by the fact that our web address begins with https:// rather than http://.

How Long Do We Store Your Data?

In certain places in this privacy policy, we inform you of how long we, or the companies that process your data on our behalf, store your data. Where no such information is provided, we store your data until the purpose of the data processing no longer applies, until you object to the processing, or until you withdraw your consent to the processing.

In the event of an objection or withdrawal, we may nonetheless continue to process your data if at least one of the following conditions applies:

In this case, we will delete your data as soon as the relevant condition(s) no longer apply.

Data Transfer to the USA

On our website, we also use tools from companies that transmit your data to the USA, store it there, and may process it further. The European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework. This confirms that the USA guarantees an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new safeguards and measures introduced by the USA to meet data protection requirements.

The adequacy decision includes, among other things, restrictions and safeguards regarding access by US intelligence services to the data. Binding safeguards have been introduced to limit access by US intelligence services to what is necessary and proportionate for protecting national security. In addition, enhanced oversight of the activities of US intelligence services has been established. An independent redress mechanism has also been set up to handle complaints from European citizens.

The EU-US Data Privacy Framework thus allows European companies to transfer data to certified US companies without having to implement additional data protection safeguards. A list of all certified companies can be found at: dataprivacyframework.gov

A change to the European Commission's decision cannot be ruled out.

Data Protection Officer

We have appointed a data protection officer for our company.

DataGAP GmbH
Markus Altenburg
Bessemerstr. 51, 1st Floor
12103 Berlin
Email: team@datagap.de
Phone: 030 / 577 10 513

Your Rights

Objecting to Data Processing

If, in this privacy policy, you read that we rely on legitimate interests for the processing of your data pursuant to Art. 6(1) sentence 1 lit. f) GDPR, you have the right under Art. 21 GDPR to object to this. This also applies to any profiling carried out on the basis of this provision. To exercise this right, you must state reasons arising from your particular situation. No reason is required if the objection relates to the use of your data for direct marketing purposes.

The consequence of an objection is that we may no longer process your data. This does not apply if:

These exceptions do not apply if your objection relates to direct marketing or to profiling connected with it.

Further Rights

Withdrawing Your Consent to Data Processing
Many data processing operations are carried out on the basis of your consent. You may withdraw your consent at any time without giving reasons (Art. 7(3) GDPR). From the moment of withdrawal, we may no longer process your data. The only exception is where we are legally required to retain the data for a certain period.

Right to Lodge a Complaint with the Competent Supervisory Authority
If you believe that we have violated the General Data Protection Regulation (GDPR), you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the member state of your place of residence, your workplace, or the place where the alleged violation occurred.

Right to Data Portability
We must, upon request, provide you or a third party with any data we process automatically on the basis of your consent or in fulfillment of a contract, in a common, machine-readable format.

Right to Information, Erasure, and Rectification of Data
Under Art. 15 GDPR, you have the right to obtain, free of charge, information about the personal data we have stored about you, where the data comes from, to whom we transmit the data, and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR). Under the conditions of Art. 17 GDPR, you may request that we delete your data.

Right to Restriction of Processing
In certain situations, you may require us, under Art. 18 GDPR, to restrict the processing of your data. Aside from storage, the data may then only be processed:

The right to restriction applies in particular where:


Hosting and Content Delivery Networks (CDN)

External Hosting

Our website is hosted on the servers of the following internet service provider (host):

HOSTINGER operations, UAB
Švitrigailos Str. 34
Vilnius 03230, Lithuania

Has a data processing agreement been concluded? Yes

The host stores all data relating to our website. This includes any personal data that is automatically collected or entered by you — in particular your IP address, pages accessed, names, contact details, as well as meta and communication data. In processing this data, our host follows our instructions and processes the data only to the extent necessary to provide the service.

Legal basis: Since we use our website to reach potential customers and maintain relationships with existing customers, the data processing is based on Art. 6(1) lit. b) GDPR as well as Art. 6(1) lit. f) GDPR (legitimate interest in a professional online presence).


Data Collection on This Website

Use of Cookies

Our website places cookies on your device. These are small text files that serve various purposes. Some cookies are technically necessary (necessary cookies), others enable certain functions (functional cookies), and still others are used to analyze user behavior or to optimize advertising.

You can influence how cookies are handled through your browser settings:

If you disable cookies, the functionality of the website may be limited.

Legal basis: Necessary and functional cookies are stored on the basis of Art. 6(1) lit. f) GDPR. All other cookies are used on the basis of your consent under Art. 6(1) lit. a) GDPR, which you may withdraw at any time.

Server Log Files

Server log files record all requests and access to our website and log error messages. They also include personal data, in particular your IP address, which, however, is anonymized by the provider after a short time.

The stored data includes:

Legal basis: Art. 6(1) lit. f) GDPR (legitimate interest in error-free operation and anonymized statistics).

Contact Form

We store your message and the details you provide in the form in order to process your inquiry, including any follow-up questions. We do not share your data with other parties without your consent.

We delete your data as soon as your inquiry has been fully processed, you request deletion, or you withdraw your consent — provided there is no statutory retention obligation.

Legal basis: Art. 6(1) lit. b) GDPR where contractual in nature, otherwise Art. 6(1) lit. f) or lit. a) GDPR.

Inquiries by Email, Telephone, or Fax

We store your message as well as your contact details or telephone number in order to process your inquiry, including any follow-up questions. We do not share your data without your consent. The deletion conditions correspond to those for the contact form.

Legal basis: Art. 6(1) lit. b), f), or a) GDPR.

Communication via WhatsApp

For communication with our customers, we use WhatsApp Business provided by WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information: whatsapp.com/legal

Communication takes place via end-to-end encryption. We have configured our accounts so that no automatic synchronization with the address book on the smartphones used takes place. However, WhatsApp gains access to metadata (e.g. sender, recipient, time) and, according to its own statements, shares this with Meta, its US parent company.

Data transfer to the USA: Based on the European Commission's adequacy decision and the company's corresponding certification.

Legal basis: Art. 6(1) lit. b), f), or a) GDPR.


Analytics Tools and Advertising

We use the following tools to analyze the behavior of our website visitors and to show you advertising.

Google Tag Manager

Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: policies.google.com/privacy

We use Google Tag Manager to integrate tracking codes and conversion pixels into our website. Google Tag Manager itself does not create user profiles or place cookies, but it does collect your IP address and transmit it to Google servers in the USA.

Data transfer to the USA: Based on the European Commission's adequacy decision.
Legal basis: Art. 6(1) lit. f) or lit. a) GDPR.

Google Ads

Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: policies.google.com/privacy

We use Google Ads to display advertisements in the Google search engine or on third-party websites (keyword and audience targeting). We evaluate the collected data quantitatively, for example to analyze which search terms led to the display of our ads.

Data transfer to the USA: Based on the European Commission's adequacy decision.
Legal basis: Art. 6(1) lit. f) or lit. a) GDPR.

Google Conversion Tracking

Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: google.de/intl/de/policies/privacy

With Google Conversion Tracking, we record whether and how often visitors to our website have clicked on certain buttons and which products have been viewed or purchased particularly frequently. We do not receive any information that would allow us to personally identify individual visitors.

Data transfer to the USA: Based on the European Commission's adequacy decision.
Legal basis: Art. 6(1) lit. f) or lit. a) GDPR.

Google Fonts (locally hosted)

We use Google Fonts hosted locally. As a result, no connection is made to Google's servers when you visit our website. Further information: developers.google.com/fonts/faq

Font Awesome (locally hosted)

We use icons from the Font Awesome icon library hosted locally. As a result, no connection is made to the servers of Fonticons Inc. Further information: fontawesome.com/privacy

OneDrive

Provider: Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy policy: privacy.microsoft.com

Our website allows you to upload files. For this purpose, we use the cloud storage service OneDrive. Files are stored on Microsoft's servers in the USA. When you visit our website, a connection to OneDrive is established, which registers your IP address.

Data transfer to the USA: Based on the European Commission's adequacy decision.
Legal basis: Art. 6(1) lit. f) or lit. a) GDPR.

Google Cloud

Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland
Privacy policy: cloud.google.com/privacy
Data processing agreement concluded: Yes

As soon as you use our website or our app services, your data is routed through Google Cloud's infrastructure. This includes:

Data transfer to the USA: Based on the European Commission's adequacy decision.
Legal basis: Art. 6(1) lit. f) or lit. a) GDPR.

Elementor

Provider: Elementor, 8 The GRN STE A Dover, DE 19901, USA
Privacy policy: elementor.com/about/privacy
Data transfer to the USA: Based on the European Commission's Standard Contractual Clauses.

We use the "Elementor Website Builder for WordPress" plugin. This plugin does not process any personal data. However, cookies are used to record the number of page views and active sessions.

Legal basis: Art. 6(1) lit. f) GDPR.


Audio and Video Conferencing

As a company, we are in contact with many people: customers, business partners, service providers, and others. For this exchange, we also use online conferencing tools. When you communicate with us via such a tool, not only we but in particular the respective provider processes your personal data.

Online conferencing tools collect and store various types of personal data, including:

We delete your data from our systems as soon as the purpose no longer applies, you request deletion, or you withdraw your consent — provided there is no statutory retention obligation.

Legal basis: Art. 6(1) lit. b), f), or a) GDPR.

Microsoft Teams

Provider: Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, USA
Data processing agreement concluded: Yes
Privacy policy: privacy.microsoft.com
Data transfer to the USA: Based on the European Commission's adequacy decision.

Webex

Provider: Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany
Data processing agreement concluded: Yes
Privacy policy: cisco.com/privacy
Data transfer to the USA: Based on the European Commission's adequacy decision.


Our Own Services / Miscellaneous

Handling of Applicant Data

If you would like to work for us, we are happy to receive your application. We treat all personal data submitted with strict confidentiality. This also applies to data we collect at a later stage during the application process.

We store all data collected during the application process and use it insofar as this is necessary for deciding whether to establish an employment relationship. Within our company, we only share your data with individuals involved in processing your application.

If we are unable to offer you a position, if you decline an offer, or if you withdraw your application, we reserve the right to retain your application documents for up to 6 months. Data held in our applicant pool is deleted no later than 2 years after consent was given.

Legal basis: Section 26 of the German Federal Data Protection Act (BDSG-neu) as well as Art. 6(1) lit. b), f), or a) GDPR.


Data Processing on Social Media

By social media, we mean the social networks on which we maintain publicly accessible profiles. The operators of social networks are generally able to collect and analyze extensive data on visitor behavior. We are jointly responsible, together with the respective operator, for the data processing operations triggered by a visit to our profile, although our influence over the operator's data processing operations is limited.

Legal basis: Art. 6(1) lit. f) GDPR (legitimate interest in a comprehensive online presence).

Facebook

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data transfer to third countries: Yes, to the USA and other third countries
Privacy policy: facebook.com/about/privacy
Ad settings: facebook.com/settings?tab=ads

Instagram

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data transfer to third countries: Yes
Privacy policy: help.instagram.com
Privacy settings: instagram.com/accounts/privacy_and_security

Xing

Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Data transfer to third countries: Yes, under the conditions of Art. 45 or 46 GDPR
Privacy policy: privacy.xing.com
Privacy settings: xing.com/settings/privacy

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data transfer to third countries: Yes
Privacy policy: policies.google.com/privacy
Privacy settings: policies.google.com/privacy#infochoices

TikTok

Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Data transfer to third countries: Yes
Privacy policy: tiktok.com/legal/privacy-policy-eea
Cookie settings: tiktok.com/legal/tiktok-website-cookies-policy