Data Protection Statement Xolvis GmbH
1. Name and contact data of the controller responsible for processing, as well as the company data protection officer
This data protection information applies to data processing by:
Controller: Xolvis GmbH (“Xolvis”)
Im Thal 2
82377 Penzberg
represented by the CEO Martin Jacker,
e-mail: [email protected]
tel: + 49 89 413 2945 10
The companies’ data protection officer can be reached under:
e-mail: [email protected]
2. Collection and storage of personal data and the purpose of their use
Xolvis provides an Online Payment Tool to its customers, which allows them to optimize payment processes. Xolvis, therefore, acts as a processor of personal data on behalf of its customers. The present statement depicts the processing of personal data in connection with the Xolvis Online Payment Tool.
a) Personal data of our customers
For the purpose of performing the mutual contractual obligations we process required personal data of our customers and their employees as follows:
- contact data; e.g. names, addresses phone numbers, e-mail addresses
- correspondence
The legal basis for the data processing is Art. 6 (1) lit. b GDPR.
The personal data processed for this purpose are erased after the cease of contract, unless Union or Member State law requires storage of the personal data.
b) Personal data processed by Xolvis on behalf of our customers
For the purpose of providing the Xolvis Online Payment Tool, we process the following personal data on behalf of our customers:
- contact data, e.g. names, addresses, e-mail addresses
- license plates
- invoices
The legal basis for the data processing is Art. 6 (1) lit. b, 28 GDPR.
The personal data processed on behalf is stored until erased by the customer, unless Union or Member State law requires storage of the personal data
3. Forwarding data
a) Sub-processors
The legal basis for the using sub-processors for data processing is Art. 6 (1) lit. b), 28 GDPR. The processing is necessary for the performance of mutual contractual obligations. We want to provide our customers with the technical infrastructure that enables us to offer our services.
i) Amazon Web Services (AWS)
Xolvis uses Amazon Web Services, EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg, as hosting service. All data processed by Xolvis is processed on hosting platforms operated by AWS. This also includes personal data processed by Xolvis on behalf of its customers. The processing of personal data only takes place on servers located in the European Union. No personal data is transferred to third countries.
ii) Odoo S.A.
Xolvis uses Snailmail, OCR and SMS, provided by Odoo S.A., Chaussée de Namur, 40 1367 Grand Rosière, Belgium. The personal data processed by Odoo includes all data which is necessary for the performance of the Xolvis Online Tool. The processing of personal data only takes place on servers located in the European Union. No personal data is transferred to third countries.
b) Third parties
Your personal data will not be transferred to any third party for any purpose other than those listed below.
We shall forward your personal data to third parties only
- if you have given your explicit consent, in accordance with Art. 6 (1) lit. a) GDPR
- if under Art. 6 (1) lit. f) GDPR the transfer is necessary for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest, which must be protected, in the non-forwarding of your data
- if there is a legal obligation to forward the data under Art. 6 (1) lit. c) GDPR and if this is legally permissible and necessary under Art. 6 (1) lit. b) GDPR for the processing of contractual relationships with you.
4. Data subject rights
You have the right:
- pursuant to Art. 15 GDPR, to demand information about your personal data that we have processed. In particular, you can obtain information about the purposes of the processing, The categories of personal data concerned, the recipients or category of recipients to whom you data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request rectification, erasure, or restriction of the processing, or to object to it, the right to lodge a complaint with a supervisory authority, the source of your data, if these have not been collected by us, and on the existence of automated decision-making, including profiling, and any other meaningful information about their details or the logic involved;
- pursuant to Art. 16 GDPR, to demand the immediate rectification or completion of inaccurate personal data stored by us;
- pursuant to Art. 17 GDPR, to demand the erasure of personal data stored by us, unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data in cases where you contest the accuracy of the data, where the processing is unlawful yet you oppose the erasure of the personal data, where we no longer need the data but you still require them to establish, exercise or defend legal claims, or where you have objected to the processing of the data pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format and to demand the transfer of these data to another controller;
- pursuant to Art. 7 (3) GDPR, to withdraw your consent at any time, which will mean that in future we may no longer carry out the data processing that was contingent upon this consent and
- pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual residence or place of employment, or that of our company headquarters for this purpose.
5. Right of objection
Insofar as your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) lit. f) GDPR, you have the right, under Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons relating to your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, which shall be implemented by us without any reference to a particular situation.
If you wish to avail of your right to withdraw or object, an e-mail to [email protected] will suffice.