1. Scope of Applicability

These SaaS Terms set forth the terms and conditions under which Xolvis GmbH, Gollierstraße 70E, 80339 München (“Xolvis“) will provide the customer (“Customer“) with access to certain applications as set forth on the Purchase Order of the Customer (“Hosted Software”) as well as to the user documentation (“Documentation“). The Hosted Software is a digital application suite for car dealerships, repair shops and other service providers.

2. License Grant and Right of Use

2.1 Xolvis makes available the Hosted Software to the Customer under a Software-as-a-Service (SaaS) model limited to the term of this Agreement as defined in clause 12 (“Subscription Term”).

2.2 Subject to all limitations and restrictions contained in this Agreement, Xolvis grants the Customer a non-exclusive, and non-transferable, non-sublicensable right to access the Hosted Software (and its Documentation) as hosted by Xolvis during the Subscription Term and to use it solely to perform those functions described in the Documentation for its internal business purposes (the “SaaS License”).

2.3 Unless otherwise expressly permitted in the Purchase Order, the Customer shall not permit any subsidiaries, affiliated companies, or third parties to access the Hosted Software.

2.4 Xolvis is entitled to update the Hosted Software on a regular basis as part of its overall lifecycle management and product improvement policy. Any updates to the Hosted Software are subject to the terms of this Agreement.

3. Customer Account and Authorized Users

3.1 The Customer may need to register for an account in order to place orders and/or access or receive the Hosted Software (the “Customer Account”). The Customer agrees to keep its Customer Account information current, accurate and complete so that Xolvis may send notices, statements and other information to Customer via email or through its Customer Account, which notifications will be subject to this Agreement and Xolvis’ website privacy notice. The Customer will be responsible for maintaining the confidentiality of user login information and credentials for accessing the Hosted Software and will notify Xolvis promptly of any loss, misuse, or unauthorized disclosure of such login information and/or credentials of which Customer becomes aware. Xolvis will not be liable for any damage or loss that may result from Customer’s breach of the foregoing obligations.

3.2 Unless agreed otherwise in the Purchase Order, the SaaS License is granted as a license for all car dealership locations of the Customer existing at the time of execution of this Agreement.

3.3 The Customer shall be obliged to inform its employees before the beginning of use of the Hosted Software about the rights and obligations set forth in this Agreement. The Customer will be liable for any violation of obligations by its employees or by other third parties who violate obligations within the Customer’s control.

4. Non-Permitted Uses

4.1 Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the SaaS License granted by the Service Provider to the Customer under this Agreement is subject to the following prohibitions:

a) the Customer must not permit any unauthorized person to access or use the Hosted Software;

b) the Customer must not use the Hosted Software to provide services to third parties, unless otherwise specified in the Agreement;

c) the Customer must not republish or redistribute any content or material from the Hosted Software;

d) the Customer must not make any alteration to the Software, except as permitted by the Documentation; and

e) the Customer will not, directly or indirectly: (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Hosted Software; (ii) modify, translate or create derivative works based on the Hosted Software (except to the extent expressly permitted in the Agreement).

4.2 The Customer agrees not to use the Hosted Software to

a) process data on behalf of any third party other than Customer’s Authorized Users; 

b) send unsolicited communications, junk mail, spam, or other forms of duplicative or unsolicited messages in violation of spamming or other laws; 

c) engage in unlawful conduct, including but not limited to violation of any person’s privacy or publicity rights; 

d) store or transmit any content that infringes upon any third party’s intellectual property rights; 

e) interfere with or disrupt the integrity or performance of the Hosted Software and its components;

f) post, transmit, upload, link to, send or store any content that is unlawful, racist, hateful, abusive, libelous, obscene, or discriminatory; 

g) post, transmit, upload, link to, send or store any viruses, malware, Trojan horses, time bombs, or any other similar harmful software; 

h) track cookies, ad exchanges, ad networks, data brokerages, or to send electronic communications (including e-mail) in violation of applicable law. 

4.3 Xolvis has the right (but not the obligation) to suspend access to the Hosted Software or remove any data or content transmitted via the Hosted Software without liability (i) if Xolvis reasonably believes that the Hosted Software is being used in violation of this Agreement or applicable law, (ii) if requested by a law enforcement or government agency or otherwise to comply with applicable law, provided that Xolvis shall use commercially reasonable efforts to notify the Customer prior to suspending the access to the Hosted Software as permitted under this Agreement, or (iii) as otherwise specified in this Agreement.

4.4 Information on Xolvis’ servers may be unavailable to the Customer during a suspension of access to the Hosted Software. Xolvis will use commercially reasonable efforts to give the Customer at least twelve (12) hours’ notice of a suspension unless Xolvis determines in its commercially reasonable judgment that a suspension on shorter or contemporaneous notice is necessary to protect Xolvis or its customers.

5. Service Fees

5.1 The Customer shall pay Xolvis the fees indicated on the Purchase Order (the “Service Fees”), which are determined in accordance with the number of car dealership locations of the Customer, unless otherwise agreed in the Purchase Order. 

5.2 Unless otherwise provided in a Purchase Order, all fees are to be paid to Xolvis within thirty (30) days of the date of invoice. 

5.3 Any late payment will be subject to any costs of collection (including reasonable legal fees) and will bear interest at the statutory rate.

5.4 If the Customer has set up a direct debit, Xolvis will not debit the Customer’s designated account before seven (7) days have elapsed from the date of the invoice. 

5.5 If the Customer is delinquent on a payment of Service Fees for fifteen (15) days or more, Xolvis may suspend access to the Hosted Software. 

5.6 Complaints concerning invoices must be made in writing within thirty (30) days from the date of the invoice. Invoices will be sent by electronic delivery unless requested otherwise by the Customer, additional fees will apply.

5.7 All amounts stated in or in relation to this Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes or other specific taxes such as withholding tax, which will be added to those amounts and are payable by the Customer to either the Service Provider or, as applicable, directly to the local tax authorities.

6. Hosting

6.1 The hosting of the Hosted Software shall be governed by the Service Level Agreement as attached in Annex A.

6.2 Xolvis reserves the right to subcontract any services under this Agreement.

7. IP Ownership

7.1 The Customer acknowledges that, subject to the SaaS Licenses granted herein, the Customer has no ownership interest in the Hosted Software or Xolvis materials provided to the Customer. 

7.2 Xolvis will own all right, title, and interest in such Software and Xolvis materials, subject to any limitations associated with intellectual property rights of third parties. Xolvis reserves all rights not specifically granted herein.

7.3 Xolvis’ and the Customer’s trademarks, trade names, service marks, and logos, whether or not registered, are the sole and exclusive property of the respective owning Party, which owns all right, title and interest therein. Xolvis may use the Customer’s name and/or logo within product literature, press release(s), social media, and other marketing materials and/or make such other use of the Customer’s name and/or logo as may be agreed between the Parties.

8. Confidentiality

8.1 "Confidential Information" means any information, documents, items, materials, substances or electronic files disclosed by one Party to the other Party in written, electronic, oral or any other form, which is marked confidential by the disclosing Party or is by its nature to be treated as confidential.

8.2 The Parties undertake to treat the Confidential Information of the other Party as confidential and to use them exclusively for the purposes of the performance of this Agreement. 

8.3 The disclosure of the Confidential Information of the disclosing Party by the respective recipient to third parties is only permitted to the extent that this is necessary for the performance of this Agreement, provided that the third party has committed itself to confidentiality vis-à-vis the Party making the Confidential Information available to the third party or is bound to confidentiality for professional reasons. Legal disclosure obligations remain unaffected. The respective Party making the Confidential Information available to the third party shall be responsible for ensuring that the obligations of this Agreement are also observed by such third parties. The Party making the Confidential Information available to the third party shall be liable for breaches of the confidentiality obligations under this Agreement by such third parties as if they were its own breach.

8.4 Each Party undertakes to protect the Confidential Information of the respective other Party by taking appropriate security measures.

8.5 The foregoing obligations shall not apply to information of which the receiving Party can prove that it (i) was or is available to the public in a lawful manner and in a manner not in breach of the provisions of this Agreement, (ii) was previously known to the receiving Party and was available to it without restriction, (iii) was disclosed to the receiving Party by a third party authorized to do so, or (iv) was developed by the receiving Party independently and without use of the Confidential Information disclosed by the disclosing Party.

8.6 The respective receiving Party undertakes to completely and permanently destroy all documents and records containing Confidential Information of the respective other Party or, in the case of electronic data, to permanently delete such data immediately after termination of this Agreement. This shall not affect any statutory storage and archiving obligations.

8.7 After termination of this Agreement, all rights and obligations of each Party with respect to the Confidential Information of the respective other Party shall continue to apply for a period of ten (10) years.

9. Customer Data and Data Protection

9.1 Before entering its data and information to the Hosted Software (such data the “Customer Data”), the Customer shall be obliged to check the same for viruses or other harmful components and to use state of the art anti-virus programs for this purpose. 

9.2 In addition, the Customer shall be responsible for the entry and the maintenance of its Customer Data. Xolvis shall create a back-up copy of the Customer Data at least on a weekly basis.

9.3 The Customer grants to Xolvis a non-exclusive, royalty-free license to access, use, reproduce, modify, perform, display and distribute Customer Data as is reasonable or necessary for Xolvis to perform or provide the Hosted Software. 

9.4 The Customer is solely responsible for all Customer Data, in particular that its transfer and use in accordance with this Agreement does not violate any applicable laws, including data protection laws, and/or intellectual property rights of third parties. 

9.5 The Customer acknowledges that Xolvis does not exercise any control over Customer Data and that Xolvis acts as a mere or passive conduit in transmitting and handling Customer Data. 

9.6 Any processing of personal data of the Customer by Xolvis shall be governed by a separate data processing agreement to be executed in accordance with Art. 28 GDPR.

10. Limitation of Liability

10.1 In case of wilful misconduct, Xolvis shall be liable according to the statutory provisions of applicable law.

10.2 In case of gross negligence, Xolvis shall be liable according to the statutory provisions of applicable law.

10.3 In case of ordinary negligence, Xolvis shall  – provided that the standard of liability is not limited according to statutory provisions of applicable law (such as any limitation to the duty of care observed in own affairs) – only be liable for breach of material contractual obligations (material contractual obligations are obligations the breach of which endangers the purpose of the agreement and the fulfilment of which the Customer generally relies and may reasonably rely on); in this case Xolvis’ liability shall be limited to the typical damages that were reasonably foreseeable. Therefore, indirect and consequential damages resulting from defects of the delivered goods and/or work are only eligible for compensation if such damages are typical and reasonably foreseeable and when the goods and/or work are used in conformity with their intended purpose. 

10.4 The aforementioned limitations do not apply to

a) damages resulting from injury to life, body or health; 

b) liability pursuant to the German Product Liability Act;

c) the assumption of a guarantee for the condition of goods and/or work or fraudulent concealment of defects by Xolvis.

10.5 The aforementioned limitations of liability shall, subject to the provisions of Section 10.4, apply to (i) any liability claims for whatever legal reason but in particular due to impossibility, default, defective or incorrect delivery, breach of contract, breach of obligations in contractual negotiations and tort, as far as such claims are subject to fault, and (ii) any breach of duty by vicarious agents or any other person for whose conduct Xolvis can be held liable according to the statutory provisions of applicable law.

11. Customer Indemnity

11.1 Customer will defend Xolvis from any third party claim (“Claim”), and will indemnify and hold harmless  Xolvis from and against any damages and costs awarded against Xolvis, or agreed in settlement by Customer (including attorneys’ fees) resulting from such Claim, to the extent caused by:

a) modifications of the Hosted Software by the Customer, his/her affiliates, users, or third party contractors, 

b) Customer’s or its affiliate’s unauthorized supply, disclosure, or processing of Customer Data, including personal data therein, and

c) Customer’s or its affiliate’s violation of laws applicable to Customer’s or its affiliate’s business.

11.2 The Customer will have no liability or obligation with respect to any Claim if such claim is caused in whole or in part by Xolvis’ breach of this Agreement or violation of applicable law. 

11.3 In the event of a potential indemnity obligation under this Section, Xolvis will: (i) promptly notify the Customer in writing of the claim, (ii) allow the Customer the right to control the investigation, defense and settlement (if applicable) of such claim at the Customer’s sole cost and expense, and (iii) upon request of the Customer, provide all necessary cooperation at the Customer’s expense.

11.4 Failure by Xolvis to notify the Customer of a claim under this Section will not relieve the Customer of its obligations under this Section, however, the Customer will not be liable for any litigation expenses that Xolvis incurred prior to the time when notice is given or for any damages and/or costs resulting from any material prejudice caused by the delay or failure to provide notice to the Customer in accordance with this Section.

11.5 The Customer may not settle any claim that would bind Xolvis to any obligation or require any admission of fault by Xolvis, without Xolvis’ prior written consent.

12. Term and Termination

12.1 The Subscription Term shall be defined in the Purchase Order.

12.2 If the Purchase Order does not contain any specific provisions on the Subscription Term, the Subscription Term shall commence upon execution of the Purchaser Order and shall run for an initial term of one (1) year. Thereafter, it shall extend automatically by consecutive one (1) year renewal terms, unless terminated by either Party with three (3) months’ written notice to the end of the initial term or any renewal term.

12.3 The right to termination for cause remains unaffected for both Parties. This Agreement may be terminated by Xolvis: (i) if the Customer fails to make any payments due hereunder within fifteen (15) days of the due date; (ii) on thirty (30) days written notice to the Customer if the Customer fails to perform any other material obligation required of it hereunder, and such failure is not cured within such thirty (30) day period; or (iii) the Customer files a petition for bankruptcy or insolvency, has an involuntary petition filed against it, commences an action providing for relief under bankruptcy laws, files for the appointment of a receiver, or is adjudicated a bankrupt concern.

12.4 Upon termination of this Agreement, the Customer shall no longer access the Hosted Software and the Customer shall not circumvent any security mechanisms contained therein. 

12.5 Termination of this Agreement will not limit either Party from pursuing other remedies available to it, including injunctive relief.  Furthermore, such termination will not relieve the Customer of its obligation to pay all Service Fees that have accrued or are otherwise owed by the Customer under this Agreement.

12.6 Within thirty (30) days following the termination of this Agreement for any reason and the submission of a request to transfer data (“Data Transfer Request”), depending on whichever is later, Xolvis will provide the Customer with an extract of all Customer Data stored on the Software at the moment of termination, in machine-readable format. A Data Transfer Request must be submitted within seven (7) days of termination. In case the Customer fails to submit such a Data Transfer Request in due time, Xolvis will delete the Customer Data from its Software.

12.7 Anonymized data previously produced from the Customer Data may be retained and used further on by Xolvis. Technical copies produced within an IT archiving system may be retained by Xolvis.

13. Customization Service

13.1 Insofar as the Customer commissions Xolvis to provide customization or other services within the scope of the Purchase Order or subsequently, these services shall be subject to the provisions of this Agreement.

13.2 Unless otherwise agreed in individual cases, these performances shall be rendered as services within the meaning of Sec. 611 German Civil Code.

13.3 Unless otherwise agreed in individual cases, the Customer shall receive those rights to the results of these services that are granted to him/her under this Agreement in respect of the Hosted Software.

13.4 Insofar as the Customer makes available trademarks, company logos or other rights of third parties within the scope of these services, e.g. for "branding" of the Software Solution, the Customer shall ensure and warrant that it is entitled and able to grant Xolvis the respective rights.

14. Final Provision

14.1 Each Party shall bear its own costs incurred in connection with the execution and performance of this Agreement, unless expressly agreed otherwise in this Agreement.

14.2 This Agreement fully reflects the agreements between the Parties regarding the subject matter; no oral or other side agreements exist. Unless expressly agreed otherwise in this Agreement, all previous agreements between the Parties regarding the subject matter shall be fully replaced by this Agreement with effect from the effective date of this Agreement.

14.3 Amendments or additions to this Agreement shall require written form to be effective, unless a stricter form is required under mandatory law. The same applies to the waiver of this written form requirement. Unless expressly agreed otherwise in this Agreement, e-mails do not comply with this written form requirement. The written form requirement under this Agreement shall be deemed to have been met when the copy of a declaration is being transmitted by telecommunications (e.g. as an attachment to an e-mail) and that copy contains the signature of the person making that declaration, unless a stricter form is required under mandatory law.

14.4 Neither Party is entitled to transfer this Agreement or to assign rights or obligations under this Agreement to a third Party without the prior written consent of the other Party.

14.5 This Agreement shall be governed by the laws of the Federal Republic of Germany, excluding the conflict of laws rules of private international law. The applicability of the UN Convention on Contracts for the International Sale of Goods (CISG) is excluded.

14.6 Exclusive place of jurisdiction for all disputes arising out of or in connection with this Agreement shall be headquarters of Xolvis, unless otherwise required by mandatory law.

14.7 Should any provision of this Agreement be or become invalid or unenforceable in whole or in part, the validity of the remaining provisions of this Agreement shall not be affected. The same shall apply if and insofar as a gap in this Agreement becomes apparent. In place of the invalid or unenforceable provision or to fill the gap, an appropriate provision shall apply which, as far as legally possible, comes closest to or corresponds to what the Parties economically intended or would have intended according to the spirit and purpose of this Agreement, had they considered this point.

I) Name and contact data of the controller responsible for processing, as well as the company data protection officer

This data security information applies to data processing by:

Controller:                  
Xolvis GmbH (“Xolvis”)
Gollierstr. 70E
80339 München

represented by the CEO Robert Wochermaier,

email:  info@xolvis.com
tel: + 49 89 413 2945 0
fax: + 49 89 413 2945 99

The companies’ data protection officer can be reached under:
email: privacy@xolvis.com

II) Data processing on our website www.xolvis.com

1. When visiting the website

When accessing our website the browser used on your end device automatically sends information to our website’s server. This information is stored temporarily in a so-called log file. The following information is collected and stored without any action on your part, until its automatic erasure:

– IP address of the accessing computer
– Date and time of the access
– Name and URL of the retrieved file
– Website from which access was made
– Browser used and, where applicable, the operating system of your computer

and the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

– Guaranteeing the smooth connection setup of the website
– Guaranteeing the comfortable use of our website
– Evaluating system security and stability, and
– Other administrative purposes

The legal basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is derived from the purposes listed above for data collection. Under no circumstances shall we use the data collected for the purpose of making any inferences to your person.

In addition, we also use cookies and analytical services for visits to our website. More information on this can be found in this data protection declaration.

2. When using our contact form

For queries of all kinds we offer you the possibility to contact us by means of a form provided on the website. This requires the input of a valid e-mail address, so that we know from whom the request has come, and in order to reply. Additional information can be provided voluntarily. We process data for the purpose of making contact in accordance with Art. 6 (1) lit. a GDPR on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be erased automatically once your query has been dealt with.

3. Sign up to our newsletter

If you have expressly consented in accordance with Art. 6 (1) lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address; further information can be provided voluntarily.

You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscribe request by e-mail to “info@xolvis.com ” at any time.

4. Forwarding Data

Your personal data will not be transferred to any third party for any purpose other than those listed below.

We shall forward your personal data to third parties only

– if you have given your explicit consent, in accordance with Art. 6 (1) lit. a GDPR
– if under Art. 6 (1) lit. f GDPR the transfer is necessary for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest, which must be protected, in the non-forwarding of your data
– in the event that there is a legal obligation to forward the data under Art. 6 (1) lit. c GDPR and
– if this is legally permissible and necessary under Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you.

5. Cookies

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. Borlabs cookie does not process any personal data. The borlabs-cookie stores the consent you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

6. Social Media

On the basis of Art. 6 (1) lit. f GDPR, we use social media plug-ins of the social networks Facebook, Instagram, Youtube Xing and LinkedIn on our Website.

No personal data will be transmitted to the providers of these plug-ins without you clicking on the button of a plug-in.

If you press the button of a plug-in personal data will be automatically transmitted to the provider of the plug-in and can be stored and used by that provider. Please note that this may be carried out overseas, i.e. in particular in the United States of America.

We do have no full knowledge of the type and scope of the data collection and their use and processing and cannot exert any influence on such processes either.

If you activate a plug-in, the plug-in provider will receive the information that you have activated this on the respective website of our Website or the corresponding subpage of the respective website from our Website. In addition, the log files, as stated in clause I. 2 of this privacy statement will be transmitted to the plug-in provider.

The data collection and transmission is carried out irrespective of whether you have a user account at the respective plug-in provider or not. If you have a user account at the respective plug-in provider and you are logged into this user account at the time, at which you click on the respective plug-in the data transmitted to the respective plug-in provider will be directly allocated to your user account. If you confirm the activated plug-in and e.g. link the page, the plug-in provider will also store this information in your user account and can also notify your contacts to the public. In order to prevent the allocation to your user account at the respective plug-in provider you should log-out from your user account at the respective plug-in provider before clicking the plug-in on Website.

The respective plug-in provider stores the data transmitted to it, irrespective of whether you are also logged-in to your user account at the respective plug-in provider as a rule as user profiles, which are used for the following purposes:

– Advertising suitable for the needs
– Market research
– Optimization of the websites of the plug-in provider suitable for the needs.

You are entitled to object to the formation of user profiles with the data collected about you. For this purpose, please contact the respective plug-in provider. We have no influence on the compliance with your objection and are not responsible for this either.

You can find further relevant information and regarding your rights in this respect in the privacy statements of the plug-in providers as the responsible bodies, which you can call as follows:

Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://www.facebook.com/help/568137493302217

Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
https://privacy.xing.com/en

Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
https://help.instagram.com/519522125107875

YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
https://policies.google.com/privacy?hl=de

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

7. Sub-processors

a) Active Campaign

Our newsletter is sent using “ActiveCampaign”, a newsletter sending platform located at 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on ActiveCampaign’s servers in the USA. ActiveCampaign uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, ActiveCampaign may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, ActiveCampaign does not use the data of our newsletter recipients to write to them itself or pass the data on to third parties.

ActiveCampaign undertakes to comply with the EU data protection regulations within the scope of standard data protection clauses. Furthermore, we have concluded a “Data Processing Agreement” with ActiveCampaign. According to this ActiveCampaign undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.

For more information see:
https://www.activecampaign.com/legal/privacy-policy

b) Google Fonts

We use “Google Web Fonts” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Web Fonts enables us to use external fonts, so-called Google Fonts. For this purpose, the required Google Font is loaded into the browser cache by your web browser when you call up our website. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts takes place via a server call, usually at a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of your browser is also stored by Google. We have no influence on the scope and further use of the data collected and processed by Google through the use of Google Web Fonts.

We use Google Web Fonts for optimisation purposes, in particular to improve the use of our website for you and to make its design more user-friendly. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 (1) lit. f) GDPR.

Further information on Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1                                                            
and https://www.google.com/fonts#AboutPlace:about.

c) Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of consent granted within the meaning of Art. 6 para. 1 lit. a. GDPR) Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

Google uses the so-called standard data protection clauses of the European Commission and thereby offers a guarantee of compliance with European data protection law.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on Google’s use of data, settings and objection options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

The users’ personal data is deleted or anonymised after 14 months.

d) Borlabs

In order to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law, we use the Cookie Consent Manager “Borlabs Cookie” from the provider Borlabs, Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany, as part of our legal obligation pursuant to Art. 6 (1) lit. c GDPR and thus also our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Only technically necessary cookies (borlabs-cookie) are set by the Borlabs cookie. If our website is accessed, the following data is transmitted to Borlabs Cookie:

– Your consent or revocation of your consent to the setting of cookies, a cookie set by Borlabs Cookie in your browser,
– the cookie runtime and version,
– domain and path of the WordPress website and the UID.

The UID is a randomly generated ID and not personal information. Borlab’s cookie does not process any personal data. If you wish to revoke your consent to the setting of certain cookies, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent. For detailed information on the Borlabs cookie privacy policy, please visit: https://de.borlabs.io/datenschutz/

e) WPML

We use WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong. WPML is a multi-language plugin for WordPress. We use WPML to display our website in different languages. When you visit our website, WPML stores a cookie on your terminal device to save the language setting you have selected. Personal data can be stored and evaluated, especially the activity of the user (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular the IP address and the operating system).

Further information on the collection and storage of data by WPML can be found here:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

The use of WPML serves to be able to present our website in multiple languages.

Legal basis for the processing of personal dataThe legal basis for data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in addressing visitors to our website in their native language.

WPML stores cookies on your terminal device. Information on the storage period of the cookies can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance.

You can prevent the collection and processing of your personal data by WPML by preventing third-party cookies from being stored on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (www.noscript.net) or Ghostery (www.ghostery.com) in your browser.

For more information on objection and removal options vis-à-vis WPML, please visit:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

III) Data processing in our Online Payment Tool

1. Collection and storage of personal data and the purpose of their use

Xolvis provides an Online Payment Tool to its customers, which allows them to optimize payment processes. Xolvis, therefore, acts as a processor of personal data on behalf of its customers. The present statement depicts the processing of personal data in connection with the Xolvis Online Payment Tool.

a) Personal data of our customers

For the purpose of performing the mutual contractual obligations we process required personal data of our customers and their employees as follows:

– contact data; e.g. names, addresses phone numbers, e-mail addresses
– correspondence

The legal basis for the data processing is Art. 6 (1) lit. b GDPR.

The personal data processed for this purpose are erased after the cease of contract, unless Union or Member State law requires storage of the personal data.

b) Personal data processed by Xolvis on behalf of our customers

For the purpose of providing the Xolvis Online Payment Tool, we process the following personal data on behalf of our customers:

– contact data, e.g. names, addresses, e-mail addresses etc.
– license plates
– invoices

The legal basis for the data processing is Art. 6 (1) lit. b, 28 GDPR.

The personal data processed on behalf is stored until erased by the customer, unless Union or Member State law requires storage of the personal data

2. Forwarding data

a) Sub-processors

The legal basis for the using sub-processors for data processing is Art. 6 (1) lit. b), 28 GDPR. The processing is necessary for the performance of mutual contractual obligations. We want to provide our customers with the technical infrastructure that enables us to offer our services.

i) Amazon Web Services (AWS)

Xolvis uses Amazon Web Services, EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg, as hosting service. All data processed by Xolvis is processed on hosting platforms operated by AWS. This also includes personal data processed by Xolvis on behalf of its customers. The processing of personal data only takes place on servers located in the European Union. No personal data is transferred to third countries. 

ii) Microsoft Office 365

Xolvis uses Microsoft Office 365, provided by Microsoft Corporation (“Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA as e-mail hosting service. For technical reasons, personal data may be processed on Microsoft infrastructure in the United States. Xolvis does not process any personal data processed on behalf of its customers on Microsoft infrastructure or services. Microsoft has invested in the operational processes necessary to meet the exacting requirements of the European Union Model Clauses for the transfer of personal data to processors. Microsoft has submitted itself to Model Clauses, referred to as Standard Contractual Clauses, that make specific guarantees around transfers of personal data for in-scope Microsoft services.

iii) Franz Martin IT Consultant

Xolvis cooperates with Franz Martin, Benedikt-Erhard-Straße 6, 83646 Bad Toelz, Germany as freelancing IT Consultant. For technical reasons, this includes the processing of all personal data processed by Xolvis. The processing of personal data by Franz Martin only takes place on Xolvis infrastructure.

b) Third parties

Your personal data will not be transferred to any third party for any purpose other than those listed below.

We shall forward your personal data to third parties only

– if you have given your explicit consent, in accordance with Art. 6 (1) lit. a) GDPR
– if under Art. 6 (1) lit. f) GDPR the transfer is necessary for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest, which must be protected, in the non-forwarding of your data
– if there is a legal obligation to forward the data under Art. 6 (1) lit. c) GDPR and if this is legally permissible and necessary under Art. 6 (1) lit. b) GDPR for the processing of contractual relationships with you.

IV) Data subject rights

You have the right:

– pursuant to Art. 15 GDPR, to demand information about your personal data that we have processed. In particular, you can obtain information about the purposes of the processing, The categories of personal data concerned, the recipients or category of recipients to whom you data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request rectification, erasure, or restriction of the processing, or to object to it, the right to lodge a complaint with a supervisory authority, the source of your data, if these have not been collected by us, and on the existence of automated decision-making, including profiling, and any other meaningful information about their details or the logic involved;
– pursuant to Art. 16 GDPR, to demand the immediate rectification or completion of inaccurate personal data stored by us;
– pursuant to Art. 17 GDPR, to demand the erasure of personal data stored by us, unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
– pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data in cases where you contest the accuracy of the data, where the processing is unlawful yet you oppose the erasure of the personal data, where we no longer need the data but you still require them to establish, exercise or defend legal claims, or where you have objected to the processing of the data pursuant to Art. 21 GDPR;
– pursuant to Art. 20 GDPR, to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format and to demand the transfer of these data to another controller;
– pursuant to Art. 7 (3) GDPR, to withdraw your consent at any time, which will mean that in future we may no longer carry out the data processing that was contingent upon this consent and
– pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual residence or place of employment, or that of our company headquarters for this purpose.

Insofar as your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) lit. f) GDPR, you have the right, under Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons relating to your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, which shall be implemented by us without any reference to a particular situation.

If you wish to avail of your right to withdraw or object, an e-mail to privacy@xolvis.com will suffice.