Privacy policy

CX1 Exchange (FSIT GmbH)

Language changed to English

Data status: 01.01.2023

Attention: this is a machine translation. Only the German version is legally binding.

CX1 collects and uses your personal data exclusively within the framework of the statutory provisions such as, in particular, the General Data Protection Regulation ("DSGVO") and the Federal Data Protection Act ("BDSG"). With this data protection declaration, we would like to inform you about the type, scope and purposes of the collection, use and processing of your personal data.

1. person responsible
The data controller within the meaning of DSGVO, BDSG, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Im Grund 17
53840 Troisdorf

If you have any questions or concerns about data protection, please contact: b2b@cx1.eu.

2. scope of data protection
Data protection concerns personal data as defined in the GDPR, i.e. any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics.

3. cookies
Our website only uses technically necessary cookies. Cookies are text files that are stored on a computer system via an internet browser.

Overview of the cookies and web storage objects used at CX1:

User Login/SessionPHPSESSIDStores the user's login token so that the user remains logged in to the website.CookieCX1
Display modedarkmodeAdapted colour scheme, with high contrast.CookieCX1
Privacy settingseu_cookieStores the user's cookie banner decision.CookieCX1
Input controlcaptcha_textStorage of the contact form captcha.Local StorageCX1
Session IDcx1_tokenSaves the session ID.Local StorageCX1
Input controlreleasePrevents forms from being sent twice.Local StorageCX1

4. collection of general data and information
Our website collects a series of general data and information with each call-up of the website by a data subject or an automated system. This general data and information is stored in the server's log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, we do not draw any conclusions about the data subject. This information is rather required in order to (1) correctly deliver the contents of our website, (2) optimise the contents of our website as well as the advertising for these, (3) ensure the permanent operability of our information technology systems and the technology of our website as well as (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the data and information collected anonymously is, on the one hand, evaluated statistically and is further evaluated with the aim of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

5. registration on our website
The data subject has the possibility to register on the website of the controller by providing personal data. The personal data that is transmitted to the data controller in this context results from the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented and, if necessary, this data makes it possible to clarify criminal offences that have been committed. In this respect, the storage of this data is necessary for the protection of the data controller. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
The registration of the data subject by voluntarily providing personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from the data of the controller.
The controller shall provide any data subject at any time, upon request, with information on what personal data is stored about the data subject. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any legal retention obligations. A data protection officer named in this data protection declaration and the entire staff of the controller are available to the data subject as contact persons in this context.

6. contacting CX1
On our website, we offer you the possibility to contact us via various contact forms. You can also contact us directly by e-mail.

7. routine deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

8. data protection in applications and the application procedure
The controller collects and processes the personal data of applicants for the purpose of managing the application procedure. The processing may also be carried out by electronic means. This is in particular the case when an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

9. legal basis of the processing
Article 6 I lit. a DS-GVO serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Article 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).

10. legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

11. duration for which the personal data are stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.

12. data security
Your connections to our website and to our apps are protected with state-of-the-art encryption technologies. The level of protection also depends on which encryption your internet browser or mobile device supports. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

13. your rights
You have the following rights granted by the European Directives and Regulations. If you wish to exercise any of the following rights, simply write to us at the above address.

  • Right of confirmation and right of access - we will be happy to confirm whether we process personal data about you, what the data is and for what purpose it is processed.
  • Right to rectification - if the data we hold is incorrect, we will of course be very happy to correct it.
  • Right to erasure - should you wish to have your personal data erased, we will comply with your request to the extent permitted by law.
  • Right to restrict processing - should you wish to restrict use, we will comply with your request where legally possible.
  • Right of revocation - if you wish to revoke any consent you have already given, we will comply with your request accordingly. A revocation does not affect the permissibility of the previous processing of your data.

In addition, you can object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 (1) sentence 1 lit. f), Art. 21 DSGVO). If we process your data for the purpose of direct advertising, you have a general right to object. If we do not process your data for advertising purposes, the objection must be based on your particular situation.
You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority, such as the data protection supervisory authority responsible for us: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2 - 4, 40213 Düsseldorf, e-mail: poststelle(at)ldi.nrw.de.

14. changes to the privacy policy
We reserve the right to change this privacy policy. The current version of the privacy policy is available on our website at all times.