Pursuant to the General Data Protection Regulation (“GDPR“), personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
You may register for a user account on our Site. You need a user account in order to purchase products or services on out platform. For creating a user account, we collect the following data:
If you buy a product from a vendor, we process the data mentioned above. In such case, we process further transaction-related data. These are data on purchases or sales you make when placing an order, or other transaction-related data, such as the time and price of the transaction, and financial information for settlement as well as shipping and billing information.
Moreover, we process the information related to an order on the amount and type of purchased products in aggregated form. For example, we store product and pricing information from a successful order process and aggregate that data to evaluate the use of our Industrial Platform. Your data is not affected by this. Rather, merely anonymous data is concerned which cannot be assigned to your person or user profile and which only allows a statistical evaluation of the use of the Industry Platform.
If you register your company for the first time on XOM, we will process the company data and with it in some cases also personal data during our “Know Your Customer” process. This means that we or a service provider selected by us will check your company data, such as legal form, field of business, tax ID, commercial register entry, address, management, ownership and management structure as well as the key (expected) financial indicators for validity and whether conducting business with you is subject to restrictions due to statutory regulations. In addition, we or a service provider selected by us will also process the contact data of the person registering in order to be able to verify whether they are actually connected with the registered company.
If you contact us by writing an email, we collect your email address and all information that is included in the email.
If you use the chat function on our website, we process all data provided to us through it.
You can register for an e-mail newsletter on our website. We will then process your e-mail address and any other analysis and usage data, e.g. whether you clicked on links and which links you clicked on.
We process your IP address only to allow your device to establish a connection to our webserver over the Internet. By storing logfiles we ensure security and integrity of our IT systems. This processing is based on Art. 6 par. 1 lit. f) GDPR.
If you register a user account with us, we process this data to create your user account and manage all related operations, for example for the purchase products or services. The legal basis is Art. 6 part. 1 lit. b) GDPR. If you purchase products or services on our platform, we process the collected data for the purposes of performance and conclusion of contract. The legal basis is Art. 6 par. 1 lit. b) GDPR. Additionally, we are legally obliged to store certain data, which is included in contracts and invoices as well as in business letters or other documents relevant for taxation or accounting. The legal basis is Art. 6 par. 1 lit. c) GDPR and Sec. 147 AO and Sec. 257 HGB.
We process personal data during the “Know Your Customer” process to meet statutory requirements regarding the prevention of money laundering, economic crime and/or terrorism and to be able to comply with foreign trade law, the EU’s dual-use regulation, embargos or similar provisions. The legal basis for such processing is Art. 6 par. 1 lit. c) GDPR in connection with Sec. 18 AWG (German foreign trade law) as well as Art. 6 par. 1 lit. f) GDPR. The legitimate interest we pursue is to be able to have and retain the necessary facts to comply with the aforementioned requirements and provisions and be able to prove compliance.
Some of our vendors perform their own compliance checks in addition to our checks before activating their shop for customers. To this end, we transfer certain types of company data to these vendors. As a rule, and in the majority of cases, this data does not contain any personal references as it relates exclusively to the company. In individual cases, e.g. if the company name is also the name of a natural person, a personal reference can also exist here. In these cases, transmission is made in order to safeguard the legitimate interest of the respective vendor in being able to carry out compliance reviews (Art. 6(1) (f)) GDPR). The respective vendor will inform you separately about the processing that takes place in their case.
If you contact us by email or by using a contact form, the processing is based on Art. 6 par. 1 lit. f) GDPR. The purpose as well as our legitimate interest is to answer your inquiry.
If you subscribe to an e-mail newsletter, we will process your data in order to send you the e-mail newsletter. This processing takes place on the basis of your consent to receive the newsletter (Art. 6(1) (a) GDPR). The analysis data is processed on the basis of our legitimate interest in evaluating the use of our newsletter and thus being able to improve it, if necessary. The legal basis for this is Art. 6(1) (f) GDPR. If you object to the processing of the usage data, you can unsubscribe from the newsletter at any time with future effect.
Within our company, the data is processed by the responsible department. Externally, we pass on your data to the respective vendor from whom you have purchased the products or services or who, in the exceptional cases described above, carries out a check before activating the shop. In certain cases we carry out a Know Your Customer process for which we use external service providers. We also use external IT service providers to offer our services. Some of these service providers process data in the USA. These service providers are EU-US Privacy Shield certified, which ensures an adequate level of protection for your personal data. Should we use service providers in other countries and where these countries do not already offer an adequate level of protection on the basis of a Commission Decision, we have concluded standard European Commission contractual clauses with the respective service providers. You can view the standard documents used at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
Our log files are stored for seven day.
The data processed in relation to your user account is stored until you terminate your user account. After termination, we delete your data immediately.
We store the data about your purchases as long as you have a user account with us. However, if personal data is relevant for our contracts or invoices, we store it until the end of the eleventh year after conclusion of contract. If personal data is stored in business letters or other documents relevant for taxation or accounting, we store it until the end of the seventh year after conclusion of contract.
We retain the personal data collected for and processed during the “Know Your Customer” process as long as you have an account with XOM and for an additional period of 5 years starting with the end of the year in that the account is terminated. We use your data in this period only to make or defend against claims as well as to assist or exonerate ourselves in official investigations.
Your emails will be stored for the time needed to answer your inquiry and for three more years, if you refer to us again.
If you wish to prevent us from storing cookies on your device, your web browser or device may provide you with certain settings to do so. Most web browsers accept cookies by default. However, you may change these default settings in order to prevent any kind of storage or only allow storage after an explicit request. You may find an instruction on how to change your settings in the help section of your browser or device. The respective settings only apply to the device you are currently using. If you use another device, change your web browser or reinstall your browser you may have to change the respective settings again. Please, be aware that not accepting cookies may lead to you not being able to fully use the Site. In particular, ordering products through the Site may not be possible without cookies. Our usage of cookies finds its legal basis in Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
We also use Google Analytics to inform you of target-group-specific advertising via the Google advertising network. For this purpose, we may transfer data to Google concerning the offers you have viewed or related features (e.g. interest in specific topics or products which can be identified based on the websites visited). Google uses such data to show you target-group-specific advertising when visiting our website or our advertising on other websites of the Google network (so-called “remarketing” or “Google Analytics Audiences”). With the aid of Remarketing Audiences we seek to ensure that our advertising complies with potential interest of the respective user.
You can prevent collection of data generated by the cookie and relating to your use of the website (including your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link:
You can also prevent collection of your data by Google Analytics by clicking on the button stated at the bottom of the page. An opt-out cookie is then set which prevents future collection of your data when visiting this website.
You can object to the use of data for presentation of target-group-specific advertising by executing appropriate settings at the following link:
The legal basis for the use of Google Analytics and its remarketing function is Art. 6 Par. 1 lit. f) DS-GVO. Our legitimate interest lies in the purposes described. Data are stored for 3 months.
Our website uses Google Tag Manager. This service allows website tags to be managed through a single interface. Google Tag Manager only implements tags. No cookies are used and no personal data is collected by the tool. The Google Tag Manager only triggers tags, which in turn may capture data (for example, via Google Analytics). However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
The session id is mandatory and is used to identify multiple concurrent requests from a user and assign them to a session.
Mandatory security cookie that is set after logging in. This cookie authenticates the user in the shop.
Mandatory auxiliary cookie to prevent cross-site request forgery (CSRF) attacks.
When an anonymous user sets a delivery address, this information is stored as a cookie to identify products for the selected region. Only country and postal code are stored.
Mandatory cookie that stores the information whether Google Analytics is disabled.
We use Google Analytics, to collect information about how users use our Site. The information generated by the cookie about your use of the site will be transmitted to and stored by Google on servers in the United States.
Cookie names:_ga, _gat, _gid, _gac, __utma, __utmt, __utmb, __utmc, __utmz, __utmv, collect