Pursuant to the General Data Protection Regulation (“GDPR“), personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
You may register for a user account on our Site. You need a user account in order to purchase products or services on out platform. For creating a user account, we collect the following data:
If you buy a product from a vendor, we process the data mentioned above. In such case, we process further transaction-related data. These are data on purchases or sales you make when placing an order, or other transaction-related data, such as the time and price of the transaction, and financial information for settlement as well as shipping and billing information.
Moreover, we process the information related to an order on the amount and type of purchased products in aggregated form. For example, we store product and pricing information from a successful order process and aggregate that data to evaluate the use of our Industrial Platform. Your data is not affected by this. Rather, merely anonymous data is concerned which cannot be assigned to your person or user profile and which only allows a statistical evaluation of the use of the Industry Platform.
If you register your company for the first time on XOM, we will process the company data and with it in some cases also personal data during our “Know Your Customer” process. In this process we will check your company information for validity and whether conducting business with you is subject to legal restrictions. This information may include your legal form, your field of business, tax ID, trade register information, address, legal representatives, company ownership and management structure as well as some information on your (expected) financial situation. We also process the information of the registering person to verify whether he or she stands in connection to the company.
If you contact us by writing an email, we collect your email address and all information that is included in the email.
We process your IP address only to allow your device to establish a connection to our webserver over the Internet. By storing logfiles we ensure security and integrity of our IT systems. This processing is based on Art. 6 par. 1 lit. f) GDPR.
If you register a user account with us, we process this data to create your user account and manage all related operations, for example for the purchase products or services. The legal basis is Art. 6 part. 1 lit. b) GDPR.
If you purchase products or services on our platform, we process the collected data for the purposes of performance and conclusion of contract. The legal basis is Art. 6 par. 1 lit. b) GDPR. Additionally, we are legally obliged to store certain data, which is included in contracts and invoices as well as in business letters or other documents relevant for taxation or accounting. The legal basis is Art. 6 par. 1 lit. c) GDPR and Sec. 147 AO and Sec. 257 HGB.
We process personal data during the “Know Your Customer” process to meet statutory requirements regarding the prevention of money laundering, economic crime and/or terrorism and to be able to comply with foreign trade law, the EU’s dual-use regulation, embargos or similar provisions. The legal basis for such processing is Art. 6 par. 1 lit. c) GDPR in connection with Sec. 18 AWG (German foreign trade law) as well as Art. 6 par. 1 lit. f) GDPR. The legitimate interest we pursue is to be able to have and retain the necessary facts to comply with the aforementioned requirements and provisions and be able to prove compliance.
If you contact us by email or by using a contact form, the processing is based on Art. 6 par. 1 lit. f) GDPR. The purpose as well as our legitimate interest is to answer your inquiry.
Internally, the relevant department processes your data. Externally, we share the relevant data with the vendor, you purchased products or services from. Additionally, we use IT service providers.
Some of our service providers process data in the U.S. These service providers are certified under the EU-US-Privacy Shield, which ensures an adequate level of protection for your personal data.
Additionally, we use service providers during the “Know Your Customer” process.
Our log files are stored for seven day.
The data processed in relation to your user account is stored until you terminate your user account. After termination, we delete your data immediately.
We store the data about your purchases as long as you have a user account with us. However, if personal data is relevant for our contracts or invoices, we store it until the end of the eleventh year after conclusion of contract. If personal data is stored in business letters or other documents relevant for taxation or accounting, we store it until the end of the seventh year after conclusion of contract.
We retain the personal data collected for and processed during the “Know Your Customer” process as long as you have an account with XOM and for an additional period of 5 years starting with the end of the year in that the account is terminated. We use your data in this period only to make or defend against claims as well as to assist or exonerate ourselves in official investigations.
Your emails will be stored for the time needed to answer your inquiry and for three more years, if you refer to us again.
Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to firstname.lastname@example.org.
If you wish to prevent us from storing cookies on your device, your web browser or device may provide you with certain settings to do so. Most web browsers accept cookies by default. However, you may change these default settings in order to prevent any kind of storage or only allow storage after an explicit request. You may find an instruction on how to change your settings in the help section of your browser or device. The respective settings only apply to the device you are currently using. If you use another device, change your web browser or reinstall your browser you may have to change the respective settings again. Please, be aware that not accepting cookies may lead to you not being able to fully use the Site. In particular, ordering products through the Site may not be possible without cookies. Our usage of cookies finds its legal basis in Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
We also use Google Analytics to inform you of target-group-specific advertising via the Google advertising network. For this purpose, we may transfer data to Google concerning the offers you have viewed or related features (e.g. interest in specific topics or products which can be identified based on the websites visited). Google uses such data to show you target-group-specific advertising when visiting our website or our advertising on other websites of the Google network (so-called “remarketing” or “Google Analytics Audiences”). With the aid of Remarketing Audiences we seek to ensure that our advertising complies with potential interest of the respective user.
You can prevent collection of data generated by the cookie and relating to your use of the website (including your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link:
You can also prevent collection of your data by Google Analytics by clicking on the button stated at the bottom of the page. An opt-out cookie is then set which prevents future collection of your data when visiting this website.
You can object to the use of data for presentation of target-group-specific advertising by executing appropriate settings at the following link:
The legal basis for the use of Google Analytics and its remarketing function is Art. 6 Par. 1 lit. f) DS-GVO. Our legitimate interest lies in the purposes described. Data are stored for 3 months.
Our website uses Google Tag Manager. This service allows website tags to be managed through a single interface. Google Tag Manager only implements tags. No cookies are used and no personal data is collected by the tool. The Google Tag Manager only triggers tags, which in turn may capture data (for example, via Google Analytics). However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
The session id is mandatory and is used to identify multiple concurrent requests from a user and assign them to a session.
Mandatory security cookie that is set after logging in. This cookie authenticates the user in the shop.
Mandatory auxiliary cookie to prevent cross-site request forgery (CSRF) attacks.
When an anonymous user sets a delivery address, this information is stored as a cookie to identify products for the selected region. Only country and postal code are stored.
Mandatory cookie that stores the information whether Google Analytics is disabled.
We use Google Analytics, to collect information about how users use our Site. The information generated by the cookie about your use of the site will be transmitted to and stored by Google on servers in the United States.
Cookie names:_ga, _gat, _gid, _gac, __utma, __utmt, __utmb, __utmc, __utmz, __utmv, collect