Privacy policy

Privacy policy


Imprint hero illustration

XAIN, the eXpandable AI Network, is a Berlin-based technology company. At XAIN, we tackle the dilemma of unlocking the full power of AI, without compromising data privacy.

Imprint hero illustration

Privacy Policy

Version: 07.02.2020

This website is operated by XAIN AG, Unter den Linden 42, 10117 Berlin (Germany), services@xain.io (controller). For further details please see our imprint. With this Privacy Policy we inform you about how we use your personal data when you visit our website www.xain.io or our social media websites and when we provide our services and your rights in this respect.

1. Processing activities

1.1. Accessing this website

Each time you access our website www.xain.io or a file from this website, your computer transfers data to us which we store in our logfiles. These data may include:

  • browser type and browser version
  • operating system used
  • internet service provider
  • the IP address
  • hostname of the accessing computer
  • time of the server inquiry
  • websites from which you reach our website (so-called referrer)
  • websites accessed by the user's system via our website
  • bytes transferred
  • access status

We process such data temporarily to provide you with the requested content (Art. 6 (1) lit. f) GDPR) and we store and process such data for a period of seven days (unless an unusual incident requires a longer storage period (e.g. after a hacker attack)) for security reasons in order to identify potential attacks on our systems and optimize our systems (Art. 6 (1) lit. f) GDPR). Thereafter, this data is being anonymized.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

1.2. Contacting us

When you send us an e-mail or otherwise contact us, we process the personal data you provided us with, for example to answer your e-mail. The respective legal basis for such processing is our legitimate interest in responding to your enquiries (Art. 6 (1) lit. f) GDPR).

1.3. Social media

We operate the following social media websites:

The operators of the social media platforms (e.g. Twitter) are involved in the operation of the websites just listed. They are also responsible (controllers) within the meaning of data protection law. We cannot influence the data processing carried out by the platform operators and are dependent on the information the respective providers give us. To the extent we can exert influence and have a part in determining data processing, we aim to ensure that the operator of the social media platform treats the data in a manner appropriate to data protection.

Data processed by us

The data you disclose using our social media pages, such as comments, videos, pictures, likes, public news, etc. are published by the social media platform. We may comment on or delete content if this is necessary (e.g., in case it violates laws). In some cases, we share your content on our site (e.g., you compliment us publically) and communicate with you through the social media platforms (e.g., you contact us). We use the social media platforms for advertising purposes. The statistics made available to us by the provider of the social media platform can only be influenced to a limited extent and cannot be switched off. The legal basis is our legitimate interest in carrying out the aforementioned processes (Art. 6 (1) lit. f) GDPR). If you wish to object to a specific data processing on which we have an influence, please contact us.

Data processed by the operators of social media platforms

Social media platform operators use web tracking methods. Web tracking can be performed regardless of whether you are logged in or registered with the social media platform. We cannot influence the web tracking methods of the social media platform and for example cannot switch it off. It cannot be excluded that the provider of the social media platform may use data, for example to evaluate habits, personal relationships, preferences, etc. In this area we have no influence on the processing of data by the platform operator. Further information on data processing by the provider of the social media platform and further possibilities for objection can be found in the privacy policy of the operators:

We have entered into an agreement with LinkedIn Ireland Unlimited Company regarding joint responsibility for the processing of data (a Controller Addendum). This agreement determines which data processing activities we are responsible for when you visit our LinkedIn website and which are the responsibility of LinkedIn. You can view the agreement under: https://legal.linkedin.com/pages-joint-controller-addendum

1.4. HubSpot

On this website we use the service provider HubSpot for our online marketing activities. HubSpot is a software company from the USA with a subsidiary in Ireland: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others: e-mail marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing and reporting, reporting (e.g. traffic sources, access, etc. ...), contact management (e.g. user segmentation & CRM), landing pages and contact forms. Personal data from you which we process via HubSpot may include data you input in our website in forms provided by HubSpot (e.g., your e-mail address), data you send to us via e-mail or other communication channels and data based on your behaviour on our website (the latter if consented, see 1.4.2).

The legal basis for the use of Hubspot's services is usually Art. 6 (1) lit. f) GDPR (for cookies based on consent see below, 1.4.2). Our legitimate interest in using this service is to optimize our marketing activities and improve the quality of our service. HubSpot is certified under the “EU-U.S. Privacy Shield Framework” and the "Swiss-U.S. Privacy Shield Framework”. HubSpot's privacy policy is available under https://legal.hubspot.com/privacy-policy, more specific GDPR information here: https://www.hubspot.com/data-privacy/gdpr.

Were you give us your consent to contact you from time to time via e-mail for marketing purposes about relevant content, products, and services from XAIN AG, the legal basis for the processing of your contact data is Art. 6 (1) lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

HubSpot uses cookies. Cookies are small text files stored on your computer, in particular to re-identify yourself, or to store information about you, for example about a chosen language. The "Help" section on the menu bar of most internet browsers will tell you how to prevent your browser from accepting new cookies, how to make the browser notify you when you receive a new cookie and how to disable cookies altogether. Please note that certain features of our website may no longer be available to you if you disable cookies.

The cookies we use fall into two categories:

1.4.1 Essential/necessary cookies

Those are essential cookies to use our website and do not require a consent. The legal basis for the use of such cookies is Art. 6 (1) lit. f) GDPR.

  • __hs_opt_out

    This cookie is used by the opt-in privacy policy to remember not to ask you to accept cookies again. (Expires: 13 months)

  • __hs_do_not_track

    This cookie can be set to prevent the tracking code from sending any information to HubSpot. (Expires: 13 months)

  • hs_ab_test

    This cookie is used to consistently serve visitors the same version of a test page they’ve seen before. (Expires: end of session)

  • _key

    When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page. (Expires: 14 days)

  • hs_langswitcher_choice

    This cookie is used to save your selected language choice when viewing pages in multiple languages. (Expires: 2 years)

  • __cfduid

    This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to our website and minimizes blocking legitimate users. It may be placed on your devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare's security features. Learn more about this cookie from Cloudflare. (Expires: session cookie that lasts a maximum of 30 days)

  • __cfruid

    This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. (Expires: end of session)

1.4.2 Consent banner cookies

Those are non-essential cookies controlled by the consent banner. The legal basis for the use of such cookies is your consent (Art. 6 (1) lit. a) GDPR), which you can withdraw at any time with effect for the future by clicking here.

  • __hstc

    The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). (Expires: 13 months)

  • hubspotutk

    This cookie keeps track of your identity. It is passed to HubSpot on form submission and used when deduplicating contacts. (Expires: 13 months)

  • __hssc

    This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. (Expires: 30 min)

  • __hssrc

    Whenever HubSpot changes the session cookie, this cookie is also set to determine if you have restarted your browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. (Expires: end of session)

To lean more about HubSpots cookies, please see their cookie information page.

1.5. Other

Where you give us your consent for processing your personal data, Article 6 (1) lit. a) GDPR serves as the legal basis. You can withdraw your consent at any time with effect for the future.

Article 6 (1) lit. b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.

Insofar as a processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject (e.g. accounting, commercial and tax law), Article 6 (1) lit. c) GDPR serves as a legal basis.

Based on prevailing legitimate interests (Art. 6 (1) lit. f) GDPR) we collect information through, among other things, participation in conferences and events, business cards, etc., in case we see interesting business opportunities and you have provided us with such information.

2. Service providers

We work with service providers who assist us in providing our services (e.g. hosting providers, Hubspot (see 1.4)). These service providers process data solely on behalf of and under the control of us and only for the purposes described in this Privacy Policy.

3. Transfer to recipients outside the EEA

We might transfer personal data to recipients located outside the European Economic Area (EEA) into so-called third countries. In such cases, prior to the transfer, we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.

4. Retention of Personal Data

Personal data are stored for as long as is necessary for the above-mentioned purposes. The data will be deleted at the latest after termination of the contractual relationship and after expiry of the statutory retention periods of civil, commercial and tax law. If we process data on the basis of legitimate interests (Art. 6 (1) lit. f) GDPR), these will be stored until you object to the processing or until your legitimate interests prevail.

5. Your Rights

5.1. General Rights

You can request access to the personal data stored about you and have the right to receive the data you provided in a common and machine-readable format. In addition, you may, in justified cases, request the deletion, correction or limitation of the processing of your personal data. If your personal data are transferred to a country outside the EU that does not offer adequate protection, you can request a copy of the contract that ensures adequate protection of personal data. You also have a general right to complain to us or a supervisory authority in particular in the member state of your residence, place of work or place of suspected infringement about our data processing.

5.2. Right to object

If we process your personal data on the basis of our legitimate interests (Art. 6 (1) lit. f) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data unless our interests prevail.

5.3. Right to withdraw a consent

If we process your personal data based on your consent (Art. 6 (1) lit. a) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data.

5.4. Contacting us or our data protection officer

In order to exercise the aforementioned rights, please contact us directly in writing or via e-mail or contact our data protection officer under privacy@xain.io.

Note: We may change our Privacy Policy from time to time by publishing it here. Please check this Privacy Policy regularly.