We deal with your data carefully.

This privacy statement explains why, how, and what processing of personal data is performed on websites of Xceptance GmbH and Xceptance, Inc. These websites constitute all websites hosted under the domains und and related subdomains.

Person in Charge

Xceptance Software Technologies GmbH

Leutragraben 2-4
07743 Jena

Phone +49-3641-376300
Fax +49-3641-376122

Managing Directors

Roy Sarnoch
René Schwietzke


This privacy statement uses definitions from the General Data Protection Regulation (GDPR) Article 4.

Personal Data

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Subject

Every visitor of our websites and user of provided services is affected by data processing.

Processed Data

On our websites we collect and process meta and communication data such as IP addresses, data transferred by the browser (operating system, browser type, referrer) and usage data such as visited web pages and time visited.

Besides this, the XLT Community Portal (, the XLT Portal (, the Xceptance Test Center ( and our blog ( process additional data:

  • Contact data (name, email address, postal address)
  • Content data (text input)
    • As part of our contractual obligations, we are processing additional data about the contract as well as payments. This processing is part of the delivery of the contract and services, a requirement for pre-contractual obligations as well as marketing.

      Data Processing at our Hosting Company

      We use services of hosting companies to deliver the mentioned websites and services. These companies process meta, communication, usage as well as content data as specified above. Most importantly log files are processed which contain the following information:

      • IP address,
      • Date and time of the request,
      • URL of the of the requested page,
      • HTTP response code, such as 200 or 404,
      • Size of the requested page,
      • URL of the previous page (referrer),
      • Browser and operating system of the user.

      The processing is necessary for compliance with legal obligation (GDPR Article 6(1)). The log data is stored for 60 days and deleted afterwards.

      We host with and on HostEurope and Hetzner.

      Purpose of Processing

      The purpose of our data processing is to offer websites for informational purposes around Xceptance and its services. The website helps to facilitate user conversation about tools and processes and is used to hand out tool licenses and permit self-service of support contracts.

      Lawfulness of Processing

      Lawfulness of processing is defined in Article 6 of the GDPR. If not defined differently, we process data according to consent as defined in Article 6(1), for the performance of a contract as defined in Article 6(1), and for the purposes of the legitimate interests pursued by the controller or by a third party as defined in Article 6(1).

      Rights of the Data Subject

      The GDPR gives you the following rights:

      Withdrawal of Consent

      When the data processing is based on consent, you can withdraw that consent at any time according to Article 7(3). The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

      Right of Access

      According to Article 15, you can request confirmation whether or not personal data about you is processed as well as which data was or is processed, Article 15(1).

      Right to Rectification

      According to Article 16, you can request data rectification of inaccurate personal data that concerns you, as well as the completion of incomplete data.

      Right to Erasure ("right to be forgotten") and Restriction

      You can request erasure of your personal data as defined in Article 17 or restrict the processing as defined in Article 18.

      Right to Data Portability

      You can request your data in a structured, commonly used and machine-readable format and have the right to transmit those data to another party. See Article 20(1).

      Right to Object

      You have the right to object at any time to processing of personal data concerning you according to Article 21.

      Right to Lodge a Complaint

      According to Article 77, you can lodge a complaint with a supervisory authority. In our case, you can direct your complaint to "Thüringer Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Häßlerstr. 8 in 99096 Erfurt, Germany".

      Transmission of Data to Third Party Countries

      We are using several service that might transfer personal data to third party countries such as but not limited to Google Webfonts and Google Maps. Before using these offerings, we verified the requirements of Chapter 5 GDPR especially concerning Article 44 and following. The processing of data is therefore based on special guarantees given such as the Privacy Shield in case of data transfer to the US.

      Inclusion of Third Party Services

      We include third party services in our web offerings. When you open our websites, you also request data from third parties at the same time. Your IP address will be transferred in any case and if the third party decides to do so, a cookie might be placed as well. In addition to that, the time, browser, OS, and referrer (aka our website) information will be transferred.

      We use these third parties:

      Google Fonts, Google Maps, YouTube

      We use fonts from Google Fonts, maps from Google Maps and might embed videos from YouTube. These services are offered by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043. You can find Google's data privacy information here: The Privacy Certification can be found at At you can modify your privacy settings with Google as well as opt-out of personalized advertising.

      Usage of Cookies

      We use cookies (cookies are small blocks of information that a site transfers to your computer, if you permit that):

      • Temporary Cookies: They will be stored and transferred as long as you have your browser open.
      • Permanent Cookies: These cookies will be stored as long as defined initially in the cookie. Closing your browser does not make a difference, you have to or can actively remove it.

      Analytics using Matomo

      We use Matomo to get an idea of how many visitors we have as well as what information is of interest. Matomo saves the IP in an anonymous form by removing the last two digits. The time, browser and referrer will be stored as recorded. A cookie is placed as well to see if a visitor returns later.

      In the beginning, you can decide if you want supply data to our analytics. If you opt-out of analytics tracking, we will set a single unpersonalized cookie to remember your decision. In addition to that, we honor the DNT preference of your browser automatically. We don't track any data before your have made your decision.

      We do not share the collected data with anyone outside Xceptance.


      We distribute newsletters to our customers and tool users, but only if you have declared your consent previously.

      The newsletter subscription uses a double-opt-in, to make it impossible for someone to sign you up without your consent. The data we collect during sign-up (such as name and company) is used to personalize your newsletter, and give us an idea of who is interested. Besides the email address, you are free to use placeholder data if you don't want to give us more information.

      We use Mailchimp to store and send newsletters as well as process the collected data. Mailchimp is owned by "The Rocket Science Group LLC, Georgia, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA". You can find their privacy statement here and the Privacy Shield Certification at We selected Mailchimp based on GDPR Article 6(1) and signed a data processing contract according to Article 28(3).

      The newsletter contains analytics-based data collection about the delivery and opening of the newsletter. Data that is collected may include: your IP address, operating system, time the newsletter was delivered or opened, which browser or mail program was used to open it, and what links have been clicked in the newsletter. This data is assigned to your data profile, and gives us information regarding how many and which of our subscribers are still interested in the content provided. You can unsubscribe from the newsletter at any time by clicking the ‘Unsubscribe' link at the end of the newsletter. In addition, you can also just write us an email and we will remove you from the list.