Privacy

We deal with your data carefully.

This privacy statement explains why, how, and what processing of personal data is performed on websites of Xceptance GmbH and Xceptance, Inc. These websites constitute all websites hosted under the domains xceptance.de und xceptance.com and related subdomains.

Person in Charge

Xceptance Software Technologies GmbH

Leutragraben 2-4
07743 Jena
Germany

Phone +49-3641-376300
Fax +49-3641-376122
Email

Managing Directors

Roy Sarnoch
René Schwietzke

Definitions

This privacy statement uses definitions from the General Data Protection Regulation (GDPR) Article 4.

Personal Data

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Subject

Every visitor of our websites and user of provided services is affected by data processing.

Processed Data

On our websites we collect and process meta and communication data such as IP addresses, data transferred by the browser (operating system, browser type, referrer) and usage data such as visited web pages and time visited.

Besides this, the Xceptance Test Center (https://xtc.xceptance.com/) and our blog (https://blog.xceptance.com/) process additional data:

  • Contact data (name, email address, phone number (optional))
  • Content data (text input)
    • As part of our contractual obligations, we are processing additional data about the contract as well as payments. This processing is part of the delivery of the contract and services, a requirement for pre-contractual obligations as well as marketing.

      Data Processing at our Hosting Company

      We use services of hosting companies to deliver the mentioned websites and services. These companies process meta, communication, usage as well as content data as specified above. Most importantly log files are processed which contain the following information:

      • IP address,
      • Date and time of the request,
      • URL of the of the requested page,
      • HTTP response code, such as 200 or 404,
      • Size of the requested page,
      • URL of the previous page (referrer),
      • Browser and operating system of the user.

      The processing is necessary for compliance with legal obligation (GDPR Article 6(1)). The log data is stored for 60 days and deleted afterwards.

      We host with and on HostEurope and Hetzner.

      Purpose of Processing

      The purpose of our data processing is to offer websites for informational purposes around Xceptance and its services.

      Lawfulness of Processing

      Lawfulness of processing is defined in Article 6 of the GDPR. If not defined differently, we process data according to consent as defined in Article 6(1), for the performance of a contract as defined in Article 6(1), and for the purposes of the legitimate interests pursued by the controller or by a third party as defined in Article 6(1).

      Data Processing in the Application Process

      Purpose

      We process the data that you have sent us in connection with your application in order to check your suitability for the position (or other vacancies in our company) and to carry out the application process.

      Legal basis

      The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 para. 1 lit. b) GDPR.

      Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.

      Should the data be required for legal prosecution after completion of the application procedure, the data processing may be carried out based on the provisions of Art. 6 GDPR, in particular to protect legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion of or defense against claims.

      Data storage

      Applicant data will be deleted after 6 months in the event of rejection.

      If you have consented to the continued storage of your personal data, we will transfer your data to our applicant pool. There it will be deleted after two years.

      If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information or administration system.

      Forwarding

      Once your application is received, it will be reviewed by our Human Resources department. Suitable applications are then forwarded internally to the person responsible for the vacant position. Within our company, only those individuals who need to know your information to properly process your application will have access to it.

      Rights of the Data Subject

      The GDPR gives you the following rights:

      Withdrawal of Consent

      When the data processing is based on consent, you can withdraw that consent at any time according to Article 7(3). The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

      Right of Access

      According to Article 15, you can request confirmation whether or not personal data about you is processed as well as which data was or is processed, Article 15(1).

      Right to Rectification

      According to Article 16, you can request data rectification of inaccurate personal data that concerns you, as well as the completion of incomplete data.

      Right to Erasure ("right to be forgotten") and Restriction

      You can request erasure of your personal data as defined in Article 17 or restrict the processing as defined in Article 18.

      Right to Data Portability

      You can request your data in a structured, commonly used and machine-readable format and have the right to transmit those data to another party. See Article 20(1).

      Right to Object

      You have the right to object at any time to processing of personal data concerning you according to Article 21.

      Right to Lodge a Complaint

      According to Article 77, you can lodge a complaint with a supervisory authority. In our case, you can direct your complaint to "Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Häßlerstr. 8 in 99096 Erfurt, Germany".

      Transmission of Data to Third Party Countries

      We are using several service that might transfer personal data to third party countries. Before using these offerings, we verified the requirements of Chapter 5 GDPR especially concerning Article 44 and following. The processing of data is therefore based on special guarantees given such as the Privacy Shield in case of data transfer to the US.

      Inclusion of Third Party Services

      We include third party services in our web offerings. When you open our websites, you also request data from third parties at the same time. Your IP address will be transferred in any case and if the third party decides to do so, a cookie might be placed as well. In addition to that, the time, browser, OS, and referrer (aka our website) information will be transferred.

      We use these third parties:

      YouTube

      We might embed videos from YouTube. These services are offered by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043. You can find Google's data privacy information here: https://policies.google.com/privacy. The Privacy Certification can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. At https://adssettings.google.com/authenticated you can modify your privacy settings with Google as well as opt-out of personalized advertising.

      Usage of Cookies

      We use cookies (cookies are small blocks of information that a site transfers to your computer, if you permit that):

      • Temporary Cookies: They will be stored and transferred as long as you have your browser open.
      • Permanent Cookies: These cookies will be stored as long as defined initially in the cookie. Closing your browser does not make a difference, you have to or can actively remove it.

      In the beginning, you can decide if you want supply data to our analytics. If you opt-out of analytics tracking, we will set a single unpersonalized cookie to remember your decision. In addition to that, we honor the DNT preference of your browser automatically. We don't track any data before your have made your decision.

      We do not share the collected data with anyone outside Xceptance.