+49 5223 81 960 - 55 sales@xindux.com
TALK TO EXPERT
Login

Privacy Policy

Privacy Policy

XINDUX Industrial Solutions GmbH

Last updated: 2026

1. Controller (Art. 4 No. 7 GDPR)

XINDUX Industrial Solutions GmbH
Moltkestraße 55–57
32257 Bünde, Germany

Phone: +49 (0)5223 81960-55
Fax: +49 (0)5223 81960-56
Email: info@xindux.com

Managing Director: Mr. Daniel Gehring
Register Court: Local Court Bad Oeynhausen – HRB 15802

2. Scope of Application

This Privacy Policy informs you about the nature, scope and purpose of processing personal data on our website in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TTDSG).

3. Definitions

Personal data means any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR).
Processing means any operation performed on personal data (Art. 4 No. 2 GDPR).

4. Hosting and Server Log Files

Our website is hosted by GoDaddy in the European Union.

When accessing our website, the following data is automatically processed:
– IP address
– Date and time of access
– Browser type and version
– Operating system
– Referrer URL
– Pages accessed

Purpose:
Ensuring technical stability, system security and prevention of misuse.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest).

Retention period:
14 days unless security-related investigation requires longer storage.

A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded.

5. Google Analytics 4 (GA4)

We use Google Analytics 4 provided by Google Ireland Limited, Dublin, Ireland.

GA4 collects:
– Page views
– Session duration
– Interaction events
– Device and browser data
– Approximate geographic data

IP anonymization is enabled.

Legal basis:
Art. 6(1)(a) GDPR (consent).

Analytics is activated only after explicit consent via CookieYes.

5.1 International Data Transfers

Google may transfer data to the United States.

Transfers are safeguarded via:
– EU–US Data Privacy Framework
– Standard Contractual Clauses (Art. 46 GDPR)

6. Cookies and Consent Management

We use CookieYes as a consent management platform.

Non-essential cookies are stored only after explicit consent in accordance with §25 TTDSG.

Consent can be withdrawn at any time.

7. Contact Form

Data processed:
– Name
– Company
– Email address
– Phone number (optional)
– Message content

Legal basis:
Art. 6(1)(b) GDPR (pre-contractual measures)
Art. 6(1)(f) GDPR (legitimate interest in business communication)

Retention:
12 months unless statutory obligations apply.

8. Google Fonts

We use Google Fonts provided by Google Ireland Limited.

When loading fonts, a connection to Google servers may occur, resulting in transmission of the IP address.

Legal basis:
Art. 6(1)(a) GDPR (consent).

Fonts are loaded only after consent via CookieYes.

9. YouTube

Embedded YouTube videos may transmit:
– IP address
– Device data
– Browser information

Legal basis:
Art. 6(1)(a) GDPR and §25 TTDSG.

Activated only after consent.

10. LinkedIn Components

LinkedIn Ireland Unlimited Company, Dublin, Ireland.

Data transmitted may include:
– IP address
– Interaction data

Legal basis:
Art. 6(1)(a) GDPR and §25 TTDSG.

Activated only after consent.

11. Google Maps

Using Google Maps requires transmission of IP address.

Legal basis:
Art. 6(1)(a) GDPR and §25 TTDSG.

Activated only after consent.

12. Google reCAPTCHA

Used to prevent automated abuse.

Data may include:
– IP address
– Mouse movements
– Browser data

Legal basis:
Art. 6(1)(a) GDPR or Art. 6(1)(f) GDPR (legitimate interest in security).

Activated only after consent.

13. Data Retention

Server logs: 14 days
Contact inquiries: 12 months
Commercial and accounting data: 6–10 years (Art. 6(1)(c) GDPR)

14. Obligation to Provide Data

Providing personal data via contact form is voluntary.
Failure to provide required fields may prevent processing of inquiries.

15. Automated Decision-Making

No automated decision-making pursuant to Art. 22 GDPR takes place.

16. Data Subject Rights

You have the right to:
– Access (Art. 15 GDPR)
– Rectification (Art. 16 GDPR)
– Erasure (Art. 17 GDPR)
– Restriction (Art. 18 GDPR)
– Data portability (Art. 20 GDPR)
– Objection (Art. 21 GDPR)
– Withdrawal of consent (Art. 7(3) GDPR)

Contact: info@xindux.com

17. Right to Object (Art. 21 GDPR)

If processing is based on Art. 6(1)(f) GDPR, you may object at any time for reasons arising from your particular situation.

18. Supervisory Authority

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
https://www.ldi.nrw.de

19. Security Measures (Art. 32 GDPR)

We implement appropriate technical and organizational measures including:
– SSL encryption
– Secure EU hosting
– Access control restrictions
– Regular system updates

Get in Touch

Expert: +49 5223 81 960 - 55