PRIVACY POLICY APP

Responsible Authority

We are happy about your visit to our website. We would like to introduce ourselves as the responsible authority within the meaning of data protection law:

XVESTOR.APP
Sole proprietor Dr. Thomas Schön
Quellenstraße 7a
70376 Stuttgart
Phone: +49 711 – 96881941
E-Mail: info@xvestor.app

General Information

Pursuant to our statutory obligations, we would like to inform you about the collection and use of your personal data.

When you use our website, personal data about you will be collected. This may happen by you entering the data yourself, for example your e-mail address. But our system also collects your data automatically, for example whenever you visit our website. This happens irrespective of the device or the software that you use to visit our website.

All data that you enter in our app is provided voluntarily; there are no disadvantages to you if you do not provide data. But without certain data, we are unable to provide services or to conclude contracts. Whenever such information is necessary, we will point it out to you.

On this website, the user’s personal data is only collected within the framework of the existing data-protection law, in particular the General Data Protection Regulation (GDPR). The legal terms used in the text are defined in Art. 4 of the GDPR.

The GDPR allows data processing in three cases in particular:

  • in accordance with Art. 6 para. 1 (a) and 7 GDPR, when you have consented to us processing your data; in this Privacy Policy and in the cases of consent pursuant to Art. 4 no. 11 GDPR, we will inform you in detail and each time for what purposes and under what circumstances your data will be processed by us;
  • in accordance with Art. 6 para. 1 (b) GDPR, when processing your personal data is necessary for negotiating, concluding or performing a contract;
  • in accordance with Art. 6 para. 1 (f) GDPR, if the balancing of interests leads to the conclusion that the processing is necessary to protect our legitimate interests; this means in particular our interests to analyse, optimise and secure the offers on our website – meaning primarily the analysis of user behaviour, setting up profiles for advertisement purposes and storage of access data as well as the use of third-party providers.

Inventory Data, Usage Data

Inventory Data

We collect inventory data (for example name, address and e-mail address, possibly services used) insofar as they are required for establishing, defining or amending a contract between us and the user.

Usage Data

We also collect usage data (for example visits to the website, interest in products) to allow the user to use the services on our website and to invoice them.

We will only combine usage data if and insofar as it is necessary for billing purposes. Otherwise, we will only put together usage data pseudonymously and only insofar as you have not objected. You may send this objection to the address indicated in the “Legal Notice” section or the responsible authority indicated in this Privacy Policy at any time.

The legal basis for this data processing are our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR in analysing the website and your use, possibly also the statutory permission to store data as part of the negotiation of a contract pursuant to Art. 6 para. 1 (b) GDPR.

Furthermore, our provider stores information, the so-called server log files, each time the website is used; this is information which is automatically transferred by your browser. In detail, this data consists of:

  • your IP address
  • type and version of your browser
  • host name
  • time of visit
  • the page from which you came to our page
  • name of the page opened
  • exact time of usage as well as
  • the amount of data transferred

This data will only be used for statistical purposes and do not allow us to identify you as a user.

Advertisements

Before sending you advertisements, we will ask for your explicit consent pursuant to Art. 4 no. 11 GDPR, except in cases of advertisements for similar products to the one you already acquired. This will happen in particular when you grant us consent to mail our newsletter or when you fill out a contact form.

You may withdraw your consent at any time in accordance with the subsequent section “Consent”.

INSOFAR AS WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING, YOU MAY ALSO OBJECT TO THE USE OF YOUR DATA FOR THAT PURPOSE AT ANY TIME. THIS MAY BE DONE THROUGH ANY OF OUR MEANS OF CONTACT, PARTICULARLY BY E-MAIL TO THE E-MAIL ADDRESS LISTED IN THE “LEGAL NOTICE” SECTION WITHOUT ANY FORMAL REQUIREMENTS. WE WILL THEN NO LONGER USE YOUR DATA FOR DIRECT MARKETING.

Consent

Whenever we ask you for your consent for the processing of your data, we will inform you in clear language and in an easily accessible way about the cases for which you will be granting your consent. Any consent that we ask you for is voluntary. Any advantage that you wish to gain by granting consent is also available without consent; simply ask us.

Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “Legal Notice” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.

Storage Period

Your data will generally only remain stored for as long as the purpose of the relevant data processing requires it. Storage beyond that is mainly possible when it is still necessary for us to pursue our rights or for our other legitimate interests or if we are compelled by law to keep your data stored (for example based on tax-law requirements to maintain files, which is generally 6 years, but may last up to 10 years).

Transfer of Data

Transfer to Third Parties

We dislike spam as much as you do. We will therefore not transfer your data to third parties, unless permitted by law.

Transfer of customer data may either

  • be required for the performance of a contract and in that case be permitted according to Art. 6 para. 1 (b) GDPR, or
  • be permitted based on our legitimate interest in an effective service structure pursuant to Art. 6 para. 1 (f) GDPR, or
  • covered by your consent pursuant to Art. 6 para. 1 (a) GDPR, or
  • become necessary if we will be legitimately asked by a government or an agency to hand over your data pursuant to Art. 6 para. 1 (c) GDPR.

If your data are transferred to third parties, this is mentioned in this privacy policy.

Transfer to other countries, particularly USA

Our website uses external providers located outside of the EU for different features. In particular, the use of cookies, active Java scripts and other technology can lead to processing and storage of your data outside of the EU. But we will not transfer your data to a third country, unless the EU Commission has determined that there is a similar level of data protection as in the EU or unless you have provided us with your informed consent or we have agreed on the standard contractual clauses for the protection of your data with the provider. Regarding the USA, the Privacy Shield Agreement – see https://www.privacyshield.gov/welcome – has re-established sufficient data protection under certain conditions.

You will find more information about your rights in the case of each of the data transfers to the USA mentioned subsequently at https://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf.

Users‘ Rights

Information

You may request us anytime to provide information about the personal data stored about you free of charge. To avoid misuse, this will require personal identification.

Deletion, Correction, Limitation

You may at any time demand from us that we correct (or complete) incorrect data as well as a limitation of the processing of data or deletion of your data. This applies in particular if the reason for processing the data is no longer valid, if a required consent has been revoked and there is no other legal basis or if our data processing is unlawful. We will then correct, block or even delete your personal data without delay as far as permitted by law.

Objection

The right to object to advertisement is governed by our text regarding consent:

Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “Legal Notice” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.

Data Transfer

You may request us to transfer the data stored about you in machine-readable form.

Complaint

If you feel that our data processing has violated any of your rights, you may file a complaint with the competent regulatory agency (here you find a list of the agencies).

Changes to the Privacy Policy

If and when factual or legal reasons will compel us to amend the Privacy Policy, we will update this page accordingly. This will not change the consent provided by the user.

Communication

When you fill out a contact form or when you send us an e-mail or another electronic message, your information will be stored for the processing of the request, for possible follow-up questions or for other related questions and will only be used to follow up with the request.

Basis for this storage is your consent pursuant to Art. 6 para. 1 (a) GDPR, which you grant us by filling in the contact form or by your other requests. You may revoke this consent at any time, you just need to contact us without any particular formal requirement (for example in the contact form or by e-mail). This withdrawal has no effect on the legality of the data processing that has occurred up to that point.

Your data remains stored for as long as the processing of the request requires, in particular as long as the storage is still necessary to perform the contract, to pursue our rights or for our other legitimate interests or we are compelled by law to keep your data stored (for example based on tax-law requirements to maintain files).

Registration

If you register in our app, we will ask for compulsory and potentially also non-compulsory data in accordance with our registration form and other questionnaires in the app for the purposes listed hereinafter. 
The legal basis for this storage is our legitimate interest in communication with users in accordance with Art. 6 para. 1 (f) GDPR and also the storage of contractual data in accordance with Art. 6 para. 1 (b) GDPR in case of contracts, including non-remunerated ones.
Your data will remain stored for as long as you remain registered, particularly as long as the storage is still required to perform the contract, to pursue our rights or for our other legitimate interests or for as long as we are required by law to store your data (for example pursuant to tax-law requirements to store documents).

Registration with Facebook Connect

You can also log into our website with your Facebook account. To that purpose, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, offers the Connect service. If you log in with the Facebook Connect button/link, your request will be forwarded to Facebook. If you log into your account, your Facebook account will be connected with our website. This allows us to access your data with Facebook, in particular

  • your Facebook name
  • your Facebook ID number
  • your Facebook profile and header images
  • the e-mail address you use for Facebook
  • your friends on Facebook
  • your likes
  • your birthday
  • your gender
  • the country you listed on Facebook
  • the language you listed on Facebook

We use this information to offer you the best possible services.

Information regarding the data stored with Facebook can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/ and Facebook’s terms of use at https://www.facebook.com/legal/terms/.
The basis for this storage is the data processing for the purpose of performing the contract pursuant to Art. 6 para. 1 (b) GDPR and your consent pursuant to Art. 6 para. 1 (a) GDPR, which you can grant us via about Facebook Connect when you register. You may withdraw that consent at any time, for which any notice to us, without any formal requirement, is sufficient (for example through the contact form or by e-mail). This withdrawal has no effect on the legality of the data processing carried out up to that point.

Your data remains stored for as long as you are registered on our website, as long as required for the performance of the contract, for pursuing our rights or for our other legitimate interests or if we are bound by law to keep your data longer (for example pursuant to tax-law requirements to keep documents).

Registration with Google Sign In

You can also log into our website with your Google account. To that purpose, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, offers the Sign In service. If you log in with the Google Sign In button/link, your request will be forwarded to Google. If you log into your account, your Google account will be connected with our website. This allows us to access your data with Google, in particular 

  • your Google name
  • your Google ID number
  • your Google profile image
  • the e-mail address you use for Google

We use this information to offer you the best possible services.

Informations regarding the data stored with Google can be found in Google`s privacy policy https://policies.google.com/privacy?hl=en.
The basis for this storage is the data processing for the purpose of performing the contract pursuant to Art. 6 para. 1 (b) GDPR and your consent pursuant to Art. 6 para. 1 (a) GDPR, which you can grant us via Google Sign In when you register. You may withdraw that consent at any time, for which any notice to us, without any formal requirement, is sufficient (for example through the contact form or by e-mail). This withdrawal has no effect on the legality of the data processing carried out up to that point.

Your data remains stored for as long as you are registered on our website, as long as required for the performance of the contract, for pursuing our rights or for our other legitimate interests or if we are bound by law to keep your data longer (for example pursuant to tax-law requirements to keep documents).

Youtube

Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR we use YouTube, a service provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland in order to embed videos.
To protect your data, we have installed a two-click solution. That way, Google won’t learn about your visit once you access our website, but only once you actually click the button. If you confirm the plugin while being logged in at YouTube, Google may attribute your use to your user account.

The data collected by Google may be transferred by Google to countries outside of the EU, in particular to the USA, but YouTube/Google is registered with Privacy Shield and must adhere to the EU data protection rules. You will find more information about your rights thereunder at
http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf.

The collection and use of your data which is possibly carried out by YouTube after clicking on the link is beyond our knowledge or control. You may find further information in YouTube’s privacy policy at

https://policies.google.com/privacy?hl=en.

Regarding the general approach to cookies and their deactivation, we refer you to our general information in this Privacy Policy.

Google

Google Analytics

Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we use the Google Analytics tool provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. This allows to analyse the use of websites and to put together pseudonymous profiles of users based on the data. In order to do this, Google applies different technologies, among them also storing cookies on your computer. These store information about the use of our page, which we will use to improve our offers.

The data collected by Google may be transferred by Google to countries outside of the EU, in particular to the USA. Google has subjected itself to the Privacy Shield Framework; you can read more about your rights thereunder at

http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf

We have taken additional precautions to ensure the appropriate protection of your data as far as possible. Before transferring it to Google, we anonymize your IP address. This is achieved by activating the Anonymizelp() feature in the tracking code of Google Analytics.

We have also concluded a contract with Google about the processing of data, according to which Google will not combine your data with other data collected by Google in order to find out your identity.

If this should not be sufficient for you, you can also use the link http://tools.google.com/dlpage/gaoptout to download and install a browser plugin provided by Google to block Google Analytics, preventing Google from collecting and transferring your personal data.

You can prevent Google Analytics from collecting your data by clicking on the following link:

deactivate Google Analytics

to deactivate Google Analytics by setting an opt-out cookie which will also prevent the collection of your data (see also: https://developers.google.com/analytics/devguides/collection/gajs/)

You will find more information about Google’s precautions regarding data protection at the following link:
https://policies.google.com/privacy?hl=en.

Google Cloud Firestore

Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we use the Google Cloud Firestore provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. All your data we collect in the app (nickname, mail-address, picture, current portfolio, planned cashflow, your market prospects and your messages with us) will be stored on Cloud Firestore Servers.

The data collected by Google may be transferred by Google to countries outside of the EU, in particular to the USA. Google has subjected itself to the Privacy Shield Framework; you can read more about your rights thereunder at

http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf

We have also concluded a contract with Google about the processing of data, according to which Google will not combine your data with other data collected by Google in order to find out your identity.

You will find more information about Google’s precautions regarding data protection at the following link:
https://www.google.de/intl/de/policies/privacy/.