Last updated: 20.09.2023
The person responsible under data protection law for the data processing that takes place on our website is
XOM Materials GmbH
Our data protection officer can be reached at:
XOM Materials GmbH
- Datenschutzbeauftragter -
According to the GDPR, personal data is "any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Purposes: We generally only process personal data if you actively provide us with this data. Notwithstanding the foregoing, however, the web server of our hoster automatically registers accesses to the website and collects the following information in the process:
The processing of your IP address during the connection is done so that we can provide you with our website. The storage of log files serves to ensure the security and integrity of our systems.
Recipients and Third Party Transfers: We use the services of Google Ireland Ltd. to operate and host our website, which acts as our data processor. In principle, the data processing takes place on European systems.If a transfer to a third country occurs in this context, the conclusion of standard contractual clauses of the European Commission ensures that an appropriate level of data protection exists. A copy of the clauses can be downloaded at https://cloud.google.com/terms/eu-model-contract-clause.
Legal basis: The processing is based on Art. 6 para. 1 lit. f) DS-GVO. Our legitimate interest lies in the stated purpose.
Storage period: Our log files are stored for seven days.
Purpose: In order to use our eProcurement service, you need to have a user account. We will request the following information from you and create an account for you:
As well as contact details:
When you register a company for an eProcurement Service account for the first time, we process company data and therefore also certain personal data, if applicable, as part of a "Know Your Customer process". This means that we or a service provider selected by us will check your company data, such as type of company, activity, tax number, commercial register entry, address, management, ownership and management structure as well as the most important (expected) financial key figures to check their validity and whether trading with you is subject to restrictions due to legal regulations. In addition, we or a service provider selected by us also process the contact details of the person registering in order to be able to check whether they are actually connected with the registered company.
Users of the own company as well as suppliers and buyers for the company can then be invited via the created user account. For this purpose, the procuring and supplying company will inform us in each case of an e-mail address and the associated company and we will send an invitation e-mail in the role of processor.
Suppliers become, when they register, part of our supplier network. This means we can suggest them to buyers, which then can ask them to supply quotes (see further details under "Tendering").
To create a user account as an invited person, the link in the email must be followed and additional information may need to be provided to open the user account.
Recipients and Third Party Transfers: We use the services of The Rocket Science Group LLC, 675 Ponce de Leon Ave, Suite 5000, Atlanta, GA 30308, United States, which acts as our processor, to send onboarding emails. It is ensured by the conclusion of standard contractual clauses of the European Commission that an adequate level of data protection exists. A copy of the clauses can be downloaded at https://mailchimp.com/legal/data-processing-addendum.
For access management, we use the services of Cloud-IAM Société par Actions Simplifiée, 37 Boulevard Solférino, Immeuble Eurosquare, 35000, Rennes, France, which acts as our processor.
Legal basis: If you open a user account, we use your data to create this account for you and to carry out all related processes, such as the purchase of products or services. The legal basis for this is Art. 6 para. 1 lit. b) DS-GVO or Art. 6 para. 1 lit. f) DS-GVO as far as it concerns the data of employees of the companies.
The Know Your Customer process is carried out in order to comply with the legal requirements for the prevention of money laundering, white-collar crime and/or terrorism and in order to be able to comply with prohibitions of foreign trade law, the Dual-Use Regulation, embargoes or similar requirements. The legal basis is Art. 6 para. 1 lit. c) DS-GVO in conjunction with. § 18 AWG (Foreign Trade and Payments Act) as well as Art. 6 (1) f) DS-GVO, whereby our legitimate interest is to create and maintain the necessary factual basis to implement and fulfill the above-mentioned obligations and to be able to prove this.
Storage period: We store your data processed within the scope of a user account until you cancel your user account. After that, your data will be deleted. Data about your purchased products and related processes are generally stored for the same length of time as your user account. To the extent that personal data is relevant to our contracts or invoices, we store it for a period of at least eleven years, beginning at the end of the year in which you purchased the product. As far as personal data are included in business letters or other documents, we store them for seven years from the end of the year in which the contract was concluded.
We store the personal data of the Know Your Customer process for the defense and assertion of legal claims as well as for support or assistance in the event of an official investigation as long as you have a user account with us and thereafter for a period of five years with the end of the year in which the contractual relationship was terminated.
Purpose: Through the eProcurement service, procuring entities can submit requirements to selected suppliers for bidding. Next to the suppliers which the procuring entity chose itself, we are suggesting to the procuring entity suppliers from our supplier network, which we find suitable. Suppliers can bid on the requirement and negotiate the price or other parameters with the procuring company. If an agreement is reached, the procuring company can create and send a purchase order. In this context, we process all transaction-related data that is generated in this process.
Furthermore, we process the information on the number and type of purchased products in the orders and make that information transparent to the procuring company and the supplier in the user account. We also use these analyses for our own market research purposes and for product improvement.
Finally, with regard to personal data in invoices and contracts as well as business letters and other accounting or tax-related documents, we are subject to statutory storage obligations for the purposes of which we process the documents and the information contained therein.
Recipients and Third Party Transfers: We use the services of Tableau Software LLC North Edge 1621 N 34th St. Seattle, WA 98103, United States, which acts as our processor, for analysis. It is ensured by the conclusion of standard contractual clauses of the European Commission that an adequate level of data protection exists. A copy of the clauses can be downloaded at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.
Legal basis: We process the data in order to provide our services and to initiate the contract between the procuring company and the suppliers. The legal basis for this is Art. 6 para. 1 lit. b) DS-GVO or Art. 6 para. 1 lit. f) DS-GVO as far as it concerns the data employees of the companies. The use of the analyses is based on our legitimate interest in using the findings to improve our products (Art. 6 para. 1 lit. f) DSGVO). The storage for this purpose is based on Art. 6 para. 1 lit. c) DS-GVO in conjunction with. § 147 AO and § 257 HGB.
Storage period: The aforementioned data and information are generally stored as long as the respective associated user account is not deleted. The storage period for documents subject to retention depends on the respective statutory periods from §§ 147 AO and 257 HGB and is generally either 6 or 10 years from the end of the year in which the respective documents were created.
Purposes: When you enter data on our platform (e.g., searches, product requests, log-ins, placing orders, negotiation results), we store this information in both individual and aggregate form. We store this information both on a per-user (buy-side and sell-side) and aggregate level in order to provide customer support when needed.
We also use this information to analyze the use of our services and to improve product features based on data.
Legal basis: Processing for support purposes serves to fulfill the usage agreement concluded with your company. It therefore serves our legitimate interest in being able to offer these services. Product improvement is also in our legitimate interest (Art. 6 para. 1 lit. f) DSGVO).
Storage period: The aforementioned data and information will be stored as long as the contractual relationship exists and then deleted.
Purposes: If you contact us at the e-mail address provided on our website, you will at least provide us with your e-mail address, as well as any other information you may disclose in your e-mail. If you use the chat function on our website, we process all the data provided to us there.
Legal basis: The processing in the context of contacting us takes place so that we can process and respond to your request. The legal basis is Art. 6 para. 1 lit. f) DS-GVO. Our legitimate interest lies in the purpose just mentioned.
Storage period: We store your e-mails and contacts for as long as is necessary to process your inquiry and then store them for a period of three years if you contact us again with reference to your original inquiry.
Purposes: As a customer, you will automatically receive information about software updates and/or other product news from us after registration. In addition, you have the option of registering for an e-mail newsletter on our site. In doing so, we process your e-mail address and, if applicable, further analysis and usage data, e.g., whether andand what links you have clicked on..
We offer our users white papers on various topics. To gain access to these, you must provide us with your e-mail address. If you choose to do so, you can also sign up for our newsletter. We will then send you an email with a link to download and activate the newsletter.
Legal basis: If you as a customer receive the newsletter on product innovations, this is done on the basis of our legitimate interest in direct advertising. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO. Otherwise, if you have subscribed to an email newsletter, we process your data to send you the email newsletter. This processing is based on your consent to receive the newsletter (Art. 6 para. 1 lit. a DS-GVO). The processing of the analysis data is based on our legitimate interest in evaluating the use of our newsletter and thus being able to improve it if necessary. The legal basis for this is Art. 6 para. 1 lit. f) DS-GVO.
Right of revocation/right to object: You can revoke your consent at any time with effect for the future or object to the sending of the newsletter. Please contact one of the contact addresses known to you. Also, if you do not agree to the processing of usage data, you can unsubscribe from the newsletter at any time with effect for the future.
Storage period: Your data will be deleted immediately after revocation of consent.
Purposes: From time to time, we conduct surveys on our website. To the extent that we collect and process personal data in the survey, we will inform you in advance of the purpose of the processing. Prior to the survey, we specifically ask for your consent to data processing operations that are necessary to conduct and analyze the surveys. In any case, the required data includes the information submitted in the course of participation.
We also process your data in order to provide you with assistance, convey information and obtain user feedback. In addition, information on the use of the functions is also collected. We also use the information collected in this way to improve our products and services.
Recipients and Third Party Transfers: We also use the tool Productfruits, of Product Fruits s.r.o., Rozdelovska 1999/7, 169 00 Praha 6, Czech Republic. In this context, connections to non-European servers may also be established and data processed there. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, standard contractual clauses of the European Union have been concluded by us as suitable guarantees for the export of data in order to create an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://productfruits.com/gdpr-dpa.pdf.
Legal basis: Participation in surveys is based on your consent. Your consent will be logged.
Right of withdrawal: You can withdraw your consent at any time by sending an e-mail with future effect to firstname.lastname@example.org.
Storage period: Your data will be deleted immediately after revocation of consent.
Within our company, data is processed by the respective responsible department. In addition, we use external IT service providers to offer our services. In certain cases, we conduct a Know Your Customer process for which we use external service providers.
Insofar as we use service providers in other countries and these countries do not offer an adequate level of protection anyway due to a Commission decision, we have concluded standard contractual clauses of the European Commission with the respective service providers. You can view these standard documents used at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The General Data Protection Regulation guarantees you certain rights that you can assert against us - insofar as the legal requirements are met.
Art. 15 DS-GVO - Data subject's right to information: You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if so, what these are and the more detailed circumstances of the data processing.
Art. 16 DS-GVO - Right to rectification: You have the right to demand that we rectify any inaccurate personal data relating to you without undue delay. In this context, taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
Art. 17 DS-GVO - Right to erasure: You have the right to demand that we delete personal data concerning you without delay. Please note the exception described under point II. 4 here.
Art. 18 DS-GVO - Right to restriction of processing: You have the right to demand that we restrict processing.
Art. 20 DS-GVO - Right to data portability: You have the right, in the event of processing based on consent or for the performance of a contract, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and to transfer this data to another controller without hindrance from us, or to have the data transferred directly to the other controller, insofar as this is technically feasible.
Art. 77 DS-GVO in conjunction with § 19 BDSG - Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates applicable law.
In particular: Right to object and withdraw consent.
Art. 21 DS-GVO - Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for legitimate interests on our part or for the performance of a task carried out in the public interest, or which is carried out in the exercise of official authority. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. Insofar as we process your personal data for the purpose of direct marketing, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Withdrawal of consent: If the processing is based on your consent, you have the right to withdraw your consent at any time. This will not affect any processing that has previously taken place. To send us your revocation, please send us a message to email@example.com.
You have no contractual, or legal obligation to provide us with personal data. However, we are not able to offer you our services without the data you provide.
We do not use automated decision-making that has legal effects on you or affects you.
On our behalf, Google will use your IP address to transfer cookies for the playout of the preset tools to your end device. Connections to non-European servers of Google may also be established in this context. Insofar as data is processed outside the EU/EEA and a level of data protection corresponding to the European standard does not exist, standard contractual clauses of the European Union have been concluded by the respective exporting company as suitable guarantees for the export of data in order to create an appropriate level of data protection.
There you will also find specific information about the individual cookies used, their purpose and storage period.
The services used on the basis of consent are the following:
We also use Google Analytics to show you target group-specific advertising via the Google advertising network. For this purpose, we may transmit data to Google about the offers you have viewed or certain related characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited). Google uses this data to serve you targeted advertisements when you visit our site or our advertisements on other sites in the Google network (so-called "Remarketing Audiences", or "Google Analytics Audiences"). With the help of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of users.
The data is stored for 1 year.
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of your consent in order to collect and save data on marketing, market research and optimization purposes.
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
We use technical and organizational security measures to protect accrued and collected data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.