Privacy policy of X2E GmbH
Transparent information on the processing of your data in accordance with the GDPR
Below we inform you which personal data we process when you visit our website, for what purposes and on what legal basis this is done and what rights you are entitled to.
1. responsible person
The controller within the meaning of the GDPR is:
X2E GmbH
Große Ahlmühle 19
76865 Rohrbach
Germany
Email: info@x2e.de
Website: www.x2e.de
2. Contact for data protection inquiries
If you have any questions about data protection and the exercise of your rights as a data subject, you can contact us at any time at: datenschutz@x2e.de
Our data protection officer is Mr. Matthias Tielmann, who can be reached at NOTOS Xperts GmbH, Heidelberger Straße 6, 64283 Darmstadt, Germany.
3. General website processes
Beim Aufruf unserer Website erfasst unser System automatisiert Daten und Informationen vom aufrufenden Gerät. Dazu zählen unter anderem der Browsertyp, das Betriebssystem, die IP-Adresse, Datum und Uhrzeit des Zugriffs, die aufgerufenen Seiten, die zuvor besuchte Website (Referrer) sowie ähnliche technische Informationen. Diese Daten werden zur Auslieferung der Website, zur Systemsicherheit und -stabilität sowie zur Gefahrenabwehr – etwa im Falle eines Cyberangriffs – verarbeitet. No personal data is analyzed; the data is analyzed anonymously for statistical purposes. The legal basis for the processing is our legitimate interest, pursuant to Article 6(1)(f) of the GDPR, in achieving the purposes mentioned above.
The data is deleted after seven days at the latest; longer storage only takes place in anonymized form. Since the collection of this data is absolutely necessary for the operation of the website, there is no possibility of objection.
We use technically necessary caching mechanisms to speed up and ensure the stable delivery of our website. No personal evaluations are carried out; the processing is based on our legitimate interest in the secure and high-performance operation of the website (Art. 6 para. 1 lit. f GDPR).
4. Making contact
4.1. Contact requests
On our website, you have the option of contacting us – for example via a contact form provided, by e-mail or by telephone. We process the data transmitted exclusively for the purpose of processing your inquiry. The legal basis is our legitimate interest in responding to inquiries in accordance with Art. 6 para. 1 lit. f GDPR and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as it is no longer required for the purposes of communication, unless statutory retention obligations prevent deletion.
4.2 Contact within the framework of existing customer relationships
As part of ongoing customer relationships, we regularly contact our customers, for example to coordinate content, clarify open questions and changes to the contractual terms and conditions or to provide relevant information. The processing of personal data takes place for the execution of the contractual relationship, if the person contacted is a contractual partner, or otherwise on the basis of our legitimate interest in efficient communication (Art. 6 para. 1 lit. f GDPR). We delete the data of customers and contact persons as soon as the data is no longer required for the stated purposes. This is usually the case when the collaboration ends after 3 years at the latest.
4.3. Applications
We provide a careers page on our website with our current vacancies. Your application documents will then be sent by e-mail to the address given in the respective job advertisement. We process the personal data you send us to carry out the application process. This includes, in particular, your contact details, CV, references and all other information that you provide to us as part of your application.
The legal basis for the processing of your application data is the initiation of an employment relationship in accordance with Section 26 BDSG and – if necessary – our legitimate interest in defending legal claims within the framework of the AGG (Art. 6 para. 1 lit. f GDPR).
If you provide us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on your status as a severely disabled person) as part of your application, the processing is carried out on the basis of Section 26 para. 3 BDSG in conjunction with Art. 9 para. 2 lit. b GDPR in order to exercise rights under employment law and social protection and social law and to fulfill corresponding obligations.
In certain cases, the processing of special categories of personal data may also be based on Art. 9 para. 2 lit. h GDPR, e.g. if your information is required to assess your ability to work or if it is required in the context of occupational health examinations, recruitment examinations or for the implementation of health-related measures.
If you are not hired, your data will be deleted no later than six months after completion of the application process, unless you have expressly consented to longer storage. If you are hired, your data will be transferred to your personnel file.
5. Cookies and consent management
Our website uses so-called cookies. These are small text files that can be stored and read by the browser used on the user’s end device. Cookies can either be stored only for the duration of a session and then automatically deleted (session cookies) or remain permanently on the end device (persistent cookies).
Technically necessary cookies are absolutely essential for the operation and provision of our website and the optimized use of our services. The access to data already stored on your end device and the storage of these cookies are based on the necessity for a service requested by you (§ 25 para. 2 no. 2 TDDDG) as well as our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the functional, legally compliant, secure and user-friendly provision of our website.
For all cookies and processing that are not absolutely necessary – in particular for the services described in the “Web analysis” section – we obtain your consent via a consent management tool (“Complianz”, Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands). Your selection is documented in a cookie in your browser and can be adjusted or revoked at any time via the cookie settings on our website. The legal basis for the use of consent management is Art. 6 para. 1 lit. c GDPR in conjunction with § 25 TDDDG (fulfillment of a legal obligation to document consent).
The revocation of a given consent is possible at any time with effect for the future and does not affect the legality of the processing carried out until the revocation.
6. Web analytics and tag management
On our website, we use analytics and management services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”)—subject to your express consent via the cookie banner. The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. You can withdraw your consent at any time, effective for the future, through the cookie settings on our website.
6.1. Google Analytics (with IP anonymization)
We use Google Analytics to statistically analyze the behavior of website visitors and thereby continuously improve our website. IP anonymization (“anonymizeIp”) is used for this purpose, so that your IP address is truncated—and thus anonymized—before any analysis takes place. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the United States and stored there. Data may be transferred to the United States. The European Commission has issued an adequacy decision for Google (EU-US Data Privacy Framework); in addition, we have entered into standard contractual clauses in accordance with Article 46 of the GDPR.
The data collected by Google Analytics is deleted after 14 months at the latest. For more information, please see Google’s privacy policy at https://policies.google.com/privacy.
6.2. Google Tag Manager
We use Google Tag Manager to manage the tags used on our website. Google Tag Manager itself does not set any cookies and does not collect any personal data for analytical purposes. It is used solely to integrate and control other tags, which may in turn collect data. If tracking is disabled at the domain or cookie level, this setting will apply to all tracking tags implemented via Google Tag Manager.
7. Integrated fonts (Google Fonts)
To ensure consistent font display, we use web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When you visit our website, your browser downloads the necessary fonts from Google’s servers to display text and fonts correctly. For technical reasons, your IP address is transmitted to Google during this process. We use Google Fonts to ensure a consistent and visually appealing design for our website.
The legal basis is our legitimate interest in a uniform presentation of the website in accordance with Art. 6 para. 1 lit. f GDPR. Data may be transferred to the USA. An adequacy decision of the European Commission (EU-US Data Privacy Framework) is available; in addition, we have concluded standard contractual clauses with Google in accordance with Art. 46 GDPR.
8 Multilingual presentation of the website
We use the WordPress plugin WPML to provide our website in different languages. WPML stores your language selection in a technically required cookie so that the website can be delivered to you in the selected language on your next visit. A personal evaluation does not take place. The legal basis is § 25 para. 2 no. 2 TDDDG in conjunction with our legitimate interest in a user-friendly provision of the website (Art. 6 para. 1 lit. f GDPR).
9. Recipients and disclosure of personal data
In order to fulfill our contractual and legal obligations and to perform our services, it may be necessary to disclose personal data to third parties. This applies in particular to authorities, offices, parties to proceedings (e.g. opponents, affected parties, participants), tax authorities, banks and insurance companies.
To support our operational processes, we also use external service providers to whom personal data may be transmitted as part of their activities. If these service providers process personal data on our behalf, this is done on the basis of an order processing contract in accordance with Art. 28 GDPR. The processing takes place exclusively within the EU or the EEA or in compliance with suitable guarantees within the meaning of Art. 44 et seq. GDPR.
10. Storage period of your data
Personal data will be deleted as soon as the respective purpose of its processing no longer applies, provided that no statutory retention obligations – in particular under commercial and tax law – prevent deletion.
Insofar as specific deletion periods are specified in this data protection notice, these shall take precedence.
11. Your rights as a data subject
You have the following rights:
- Right to information: You can request information from us as to whether and which of your personal data we process (Art. 15 GDPR).
- Right to rectification: If data that we process from you is incorrect, you can inform us of this and have the right to have this data corrected (Art. 16 GDPR).
- Right to erasure / right to be forgotten: If personal data is no longer necessary for our processing purposes or the legal basis no longer applies due to another circumstance, you have the right to have your personal data erased (Art. 17 GDPR).
- Right to restriction of processing: Under certain conditions, you can request that we restrict the processing of your data (Art. 18 GDPR).
- Right to portability: You can request a copy of your data from us in a commonly used, machine-readable format or that we provide the data directly to a provider of your choice (Art. 20 GDPR).
- Right to object: You can object to the processing if it is based on our legitimate interests (Art. 21 GDPR).
- Automated decisions: You have the right not to be subject exclusively to an automated decision (Art. 22 GDPR).
- Right to complain to a supervisory authority: You have the right to complain to a data protection supervisory authority about the processing of your personal data by us if you do not agree with the handling of your data (Art. 77 GDPR).
- Right to withdraw consent given: You have the right to withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out until the revocation (Art. 7 para. 3 GDPR).
To exercise your rights vis-à-vis us, you can contact us at any time using the contact details given above for questions relating to data protection.
Status: April 2026
