XAIN, the eXpandable AI Network, is a Berlin-based technology company. At XAIN, we tackle the dilemma of unlocking the full power of AI, without compromising data privacy.
1. Processing activities
1.1. Accessing this website
Each time you access our website www.xain.io or a file from this website, your computer transfers data to us which we store in our logfiles. These data may include:
- browser type and browser version
- operating system used
- internet service provider
- the IP address
- hostname of the accessing computer
- time of the server inquiry
- websites from which you reach our website (so-called referrer)
- websites accessed by the user's system via our website
- bytes transferred
- access status
We process such data temporarily to provide you with the requested content (Art. 6 (1) lit. f) GDPR) and we store and process such data for a period of seven days (unless an unusual incident requires a longer storage period (e.g. after a hacker attack)) for security reasons in order to identify potential attacks on our systems and optimize our systems (Art. 6 (1) lit. f) GDPR). Thereafter, this data is being anonymized.
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
1.2. Contacting us
When you send us an e-mail or otherwise contact us, we process the personal data you provided us with, for example to answer your e-mail. The respective legal basis for such processing is our legitimate interest in responding to your enquiries (Art. 6 (1) lit. f) GDPR).
1.3. Social media
We operate the following social media websites:
The operators of the social media platforms (e.g. Twitter) are involved in the operation of the websites just listed. They are also responsible (controllers) within the meaning of data protection law. We cannot influence the data processing carried out by the platform operators and are dependent on the information the respective providers give us. To the extent we can exert influence and have a part in determining data processing, we aim to ensure that the operator of the social media platform treats the data in a manner appropriate to data protection.
Data processed by us
The data you disclose using our social media pages, such as comments, videos, pictures, likes, public news, etc. are published by the social media platform. We may comment on or delete content if this is necessary (e.g., in case it violates laws). In some cases, we share your content on our site (e.g., you compliment us publically) and communicate with you through the social media platforms (e.g., you contact us). We use the social media platforms for advertising purposes. The statistics made available to us by the provider of the social media platform can only be influenced to a limited extent and cannot be switched off. The legal basis is our legitimate interest in carrying out the aforementioned processes (Art. 6 (1) lit. f) GDPR). If you wish to object to a specific data processing on which we have an influence, please contact us.
Data processed by the operators of social media platforms
- Twitter: https://twitter.com/de/privacy
- YouTube: https://policies.google.com/privacy
- Medium: https://medium.com/policy/medium-privacy-policy-f03bf92035c9
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
We have entered into an agreement with LinkedIn Ireland Unlimited Company regarding joint responsibility for the processing of data (a Controller Addendum). This agreement determines which data processing activities we are responsible for when you visit our LinkedIn website and which are the responsibility of LinkedIn. You can view the agreement under: https://legal.linkedin.com/pages-joint-controller-addendum
On this website we use the service provider HubSpot for our online marketing activities. HubSpot is a software company from the USA with a subsidiary in Ireland: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others: e-mail marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing and reporting, reporting (e.g. traffic sources, access, etc. ...), contact management (e.g. user segmentation & CRM), landing pages and contact forms. Personal data from you which we process via HubSpot may include data you input in our website in forms provided by HubSpot (e.g., your e-mail address), data you send to us via e-mail or other communication channels and data based on your behaviour on our website (the latter if consented, see 1.4.2).
Were you give us your consent to contact you from time to time via e-mail for marketing purposes about relevant content, products, and services from XAIN AG, the legal basis for the processing of your contact data is Art. 6 (1) lit. a) GDPR. You can withdraw your consent at any time with effect for the future.
The cookies we use fall into two categories:
1.4.1 Essential/necessary cookies
Those are essential cookies to use our website and do not require a consent. The legal basis for the use of such cookies is Art. 6 (1) lit. f) GDPR.
This cookie can be set to prevent the tracking code from sending any information to HubSpot. (Expires: 13 months)
This cookie is used to consistently serve visitors the same version of a test page they’ve seen before. (Expires: end of session)
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page. (Expires: 14 days)
This cookie is used to save your selected language choice when viewing pages in multiple languages. (Expires: 2 years)
This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to our website and minimizes blocking legitimate users. It may be placed on your devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare's security features. Learn more about this cookie from Cloudflare. (Expires: session cookie that lasts a maximum of 30 days)
This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. (Expires: end of session)
1.4.2 Consent banner cookies
Those are non-essential cookies controlled by the consent banner. The legal basis for the use of such cookies is your consent (Art. 6 (1) lit. a) GDPR), which you can withdraw at any time with effect for the future by clicking here.
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). (Expires: 13 months)
This cookie keeps track of your identity. It is passed to HubSpot on form submission and used when deduplicating contacts. (Expires: 13 months)
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. (Expires: 30 min)
Whenever HubSpot changes the session cookie, this cookie is also set to determine if you have restarted your browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. (Expires: end of session)
To lean more about HubSpots cookies, please see their cookie information page.
Where you give us your consent for processing your personal data, Article 6 (1) lit. a) GDPR serves as the legal basis. You can withdraw your consent at any time with effect for the future.
Article 6 (1) lit. b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.
Insofar as a processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject (e.g. accounting, commercial and tax law), Article 6 (1) lit. c) GDPR serves as a legal basis.
Based on prevailing legitimate interests (Art. 6 (1) lit. f) GDPR) we collect information through, among other things, participation in conferences and events, business cards, etc., in case we see interesting business opportunities and you have provided us with such information.
2. Service providers
3. Transfer to recipients outside the EEA
We might transfer personal data to recipients located outside the European Economic Area (EEA) into so-called third countries. In such cases, prior to the transfer, we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.
4. Retention of Personal Data
Personal data are stored for as long as is necessary for the above-mentioned purposes. The data will be deleted at the latest after termination of the contractual relationship and after expiry of the statutory retention periods of civil, commercial and tax law. If we process data on the basis of legitimate interests (Art. 6 (1) lit. f) GDPR), these will be stored until you object to the processing or until your legitimate interests prevail.
5. Your Rights
5.1. General Rights
You can request access to the personal data stored about you and have the right to receive the data you provided in a common and machine-readable format. In addition, you may, in justified cases, request the deletion, correction or limitation of the processing of your personal data. If your personal data are transferred to a country outside the EU that does not offer adequate protection, you can request a copy of the contract that ensures adequate protection of personal data. You also have a general right to complain to us or a supervisory authority in particular in the member state of your residence, place of work or place of suspected infringement about our data processing.
5.2. Right to object
If we process your personal data on the basis of our legitimate interests (Art. 6 (1) lit. f) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data unless our interests prevail.
5.3. Right to withdraw a consent
If we process your personal data based on your consent (Art. 6 (1) lit. a) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data.
5.4. Contacting us or our data protection officer
In order to exercise the aforementioned rights, please contact us directly in writing or via e-mail or contact our data protection officer under email@example.com.