top of page

​Privacy Policy

1) Introduction and contact details of the person responsible

1.1 The data controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is X-Design GmbH, Pützerau 23, 53797 Lohmar, Germany, Email: hello@x-design.gmbh. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for informational purposes, i.e., when you do not register or otherwise provide us with information, we only collect data that your browser transmits to the web server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website you visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the page

  • Browser used

  • Operating system used

  • IP address used (if applicable, in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no disclosure or further use of the data. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

3) Cookies

To make your visit to our website attractive and enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period to store page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings of your web browser.

If any of the cookies we use also process personal data, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either to fulfill the contract, according to Art. 6 (1) lit. a GDPR in the case of consent given, or according to Art. 6 (1) lit. f GDPR to protect our legitimate interests in ensuring the optimal functionality of the website and providing a customer-friendly and effective browsing experience.

You can configure your browser to be informed about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) contact

In the context of contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted when it becomes clear from the circumstances that the matter in question has been conclusively resolved, provided there are no legal retention obligations preventing this.

5) Data processing when opening a customer account

In accordance with Art. 6 (1) lit. b GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us during the creation of a customer account. The data required for account creation can be found in the input fields of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the data controller. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded through the account have been fully settled, no legal retention periods are in place, and we have no legitimate interest in retaining the data.

6) Use of customer data for direct marketing

6.1 Newsletter Subscription

When you subscribe to our email newsletter, we send you regular information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and helps us address you personally. We use the so-called double opt-in procedure for newsletter dispatch, ensuring that you will only receive the newsletter after you have explicitly confirmed your consent to receive it by clicking on a verification link sent to your email address.

 By activating the confirmation link, you give your consent for the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. In this process, we store the IP address registered by your internet service provider (ISP), as well as the date and time of your subscription, to trace any potential misuse of your email address at a later time. The data collected during the subscription process will be used solely for this purpose.

You can unsubscribe from the newsletter at any time by using the dedicated link in the newsletter or by sending a corresponding message to the responsible entity mentioned above. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to further use the data in a legally permissible manner, about which we will inform you in this declaration.

 

6.2 Sending the E-mail Newsletter to Existing Customers

 

If you provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services, similar to those you have already purchased, from our range via email. According to § 7 (3) UWG, we do not need to obtain separate consent for this. The data processing is based solely on our legitimate interest in personalized direct marketing pursuant to Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.

You have the right to object to the use of your email address for this advertising purpose at any time with effect for the future by sending a message to the responsible entity mentioned at the beginning. You will only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will be immediately stopped.

 

6.3 HubSpot

 

The sending of our email newsletters is carried out via this provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass your data provided during the newsletter registration to this provider in accordance with Art. 6 (1) lit. f GDPR, so that they can take care of the newsletter dispatch on our behalf.

 

Subject to your express consent in accordance with Art. 6 (1) lit. a GDPR, the provider will also perform statistical evaluations of the success of newsletter campaigns using web beacons or tracking pixels in the sent emails, measuring open rates and specific interactions with the content of the newsletter. This also involves collecting and evaluating device information (e.g., time of access, IP address, browser type, and operating system), but it is not merged with other data records.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have entered into a data processing agreement with the provider, which protects the data of our website visitors and prohibits further sharing with third parties.

 

6.4 Product Availability Notification via E-mail

 

For temporarily unavailable items, you can sign up to receive email notifications about their availability. We will send you a one-time email notification about the availability of the item you selected. The only mandatory information for sending this notification is your email address. Providing additional data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure to ensure that you will only receive the notification after you have explicitly confirmed your consent by clicking on a verification link sent to your email address.

By activating the confirmation link, you give your consent for the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. In this process, we store the IP address registered by your ISP, as well as the date and time of your subscription, to trace any potential misuse of your email address at a later time. The data we collect during the sign-up for our product availability notification service will be used solely for this purpose.

You can unsubscribe from the availability notifications at any time by sending a corresponding message to the responsible entity mentioned above. After unsubscribing, your email address will be promptly deleted from our notification list, unless you have explicitly consented to further use of your data or we reserve the right to further use the data in a legally permissible manner, about which we will inform you in this declaration.

7) Online Marketing

7.1 HubSpot

 

This website uses the software-based marketing service provided by HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, for delivering and synchronizing various customer management services.

The service enables automated processing of feed activities, management of advertising in marketing channels, analysis of marketing success, as well as centralized email marketing and contact management.

To fulfill these functions, cookies are used, which are small text files stored locally in your web browser’s cache on your device. These cookies enable us to analyze your use of the website. The cookies collect certain information, such as your IP address, location, and the time of your visit to the site.

All of the described processes, especially the setting of cookies for reading information from the device used, will only be executed if you have explicitly given us your consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

Other legal grounds for data processing that apply in the context of specific service functions (e.g., the necessity for explicit consent under Art. 6 (1) lit. a GDPR for sending newsletters) remain unaffected.

We have entered into a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prohibit unauthorized disclosure to third parties.

8) Web analysis services

8.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows for the analysis of your use of our website.

By default, Google (Universal) Analytics sets cookies when you visit the website. These cookies are small text files placed on your device to collect certain information. This information includes your IP address, which is truncated by Google to exclude the last digits to prevent direct personal identification.

The information collected is transmitted to Google’s servers and processed there. This may include transmission to Google LLC based in the United States.

Google uses the collected information on our behalf to evaluate your website usage, compile reports on website activities for us, and provide additional services related to website and internet usage. The truncated IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data from Google. Data collected via Google (Universal) Analytics will be stored for a period of two months and then deleted.

All the described processes, especially the setting of cookies on the device used, are only carried out if you have explicitly given us your consent according to Art. 6 (1) lit. a GDPR. Without your consent, the use of Google (Universal) Analytics will not take place during your visit to the site. You can revoke your consent at any time with future effect. To exercise your right of withdrawal, please disable this service via the "Cookie-Consent-Tool" provided on the website.

We have concluded a data processing agreement with Google to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties. Regarding the transfer of data to the U.S., Google relies on standard contractual clauses from the European Commission, which aim to ensure compliance with European data protection standards.

Further legal information on Google (Universal) Analytics, including a copy of the mentioned standard contractual clauses, can be found at Google Privacy Policy and Google Technologies.

Demographic Features

Google (Universal) Analytics uses the "Demographic Features" function and can generate statistics that provide insights into the age, gender, and interests of website visitors. This is done through the analysis of advertisements and information from third parties. As a result, target audiences for marketing activities can be identified. However, the collected data cannot be attributed to any specific person and is deleted after two months.

Google Signals

As an extension to Google (Universal) Analytics, Google Signals may be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, with your consent to use Google Analytics according to Art. 6 (1) lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings. Follow the instructions on this page: Personalized Ads Settings. For more information on Google Signals, visit: Google Signals.

UserIDs
As an extension to Google (Universal) Analytics, the "UserIDs" feature may be used on this website. If you have consented to the use of Google (Universal) Analytics according to Art. 6 (1) lit. a GDPR, have created an account on this website, and sign in across multiple devices with this account, your activities, including conversions, can be analyzed across devices.

9) Retargeting & Remarketing & Conversion-Tracking

9.1 Facebook Pixel for Creating Custom Audiences

Within our online offering, we use the "Facebook Pixel" service provided by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").

When a user clicks on one of our Facebook ads, the URL of the linked page is extended by a parameter using "Facebook Pixel." This URL parameter is then entered into the user's browser via a cookie set by the linked page.

This enables Facebook to determine the visitors to our online offer as a target audience for the display of ads (so-called "Facebook Ads"). Therefore, we use the service to show our Facebook Ads only to those Facebook users who have already shown interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products determined by the visited websites), which we transmit to Facebook (so-called "Custom Audiences").

On the other hand, with "Facebook Pixel," it is possible to track whether users, after clicking on a Facebook ad, were redirected to our website and what actions they perform there (so-called "Conversion Tracking").

The collected data is anonymous to us, meaning it does not provide us with insights into the identity of the users. However, the data is stored and processed by Facebook, allowing it to be linked to the respective user profile, and Facebook can use the data for its own advertising purposes.

All of the above-described processes, especially the setting of cookies to read information on the used device, are only carried out if you have explicitly granted us your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service through the "Cookie-Consent-Tool" provided on the website.

We have entered into a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prevent unauthorized disclosure to third parties.

The information generated by Facebook is typically transmitted to a Facebook server and stored there; this may also involve transmission to servers of Meta Platforms Inc. in the USA.

For the transfer of data to the USA, the provider relies on standard contractual clauses from the European Commission, which are intended to ensure compliance with European data protection standards.

9.2 Google Ads Remarketing

Our website uses the features of Google Ads Remarketing to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). To this end, Google places a cookie in the browser of your device, which enables interest-based advertising based on the pages you have visited, using a pseudonymous cookie ID. Further data processing occurs only if you have given consent to Google to link your internet and app browsing history with your Google account and use information from your Google account to personalize ads you view across the web. If, during your visit to our website, you are logged into Google, Google uses your data, together with Google Analytics data, to create and define audience lists for cross-device remarketing. In this process, your personal data is temporarily linked with Google Analytics data to form audience segments. As part of using Google Ads Remarketing, it may also involve the transfer of personal data to servers of Google LLC. in the USA.

Details on the data processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here: Google Ads Partner Sites.

You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plugin available at the following link: Google Ads Opt-out.

Further information and the privacy policy regarding advertising and Google can be found here: Google Ads Privacy Policy.

All of the above-described processes, especially the setting of cookies to read information on the used device, are only carried out if you have explicitly granted us your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service through the "Cookie-Consent-Tool" provided on the website.

10) Tools & Other

Cookie-Consent-Tool

This website uses a "Cookie-Consent-Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie-Consent-Tool" is displayed to users upon visiting the website in the form of an interactive user interface, where users can give their consent for specific cookies and/or cookie-based applications by ticking checkboxes. By using the tool, only those cookies/services that require consent are loaded if the user has provided the corresponding consent by checking the box. This ensures that such cookies are only set on the user's device if consent is granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

In the event that personal data (such as the IP address) is processed for the purpose of storing, assigning, or recording cookie preferences, this processing occurs in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, therefore, in ensuring the lawful design of our online presence.

Another legal basis for processing is also Art. 6 (1) lit. c GDPR. As the data controller, we are legally obligated to make the use of technically unnecessary cookies dependent on the user's consent.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and prevent unauthorized disclosure to third parties.

For more information about the operator and the settings available for the Cookie-Consent-Tool, please refer to the relevant user interface on our website.

11) Rights of the data subject

11.1 Data Subject Rights

The applicable data protection law grants you the following rights regarding the processing of your personal data by the data controller, where the specific conditions for exercising these rights are referenced in the respective legal basis:

  • Right of access according to Art. 15 GDPR: You have the right to obtain confirmation from us as to whether personal data concerning you are being processed, and, if so, access to those data.

  • Right to rectification according to Art. 16 GDPR: You have the right to request the rectification of inaccurate or incomplete personal data concerning you.

  • Right to erasure according to Art. 17 GDPR: You have the right to request the erasure of your personal data if certain conditions are met.

  • Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data under certain conditions.

  • Right to notification according to Art. 19 GDPR: You have the right to be informed if there has been a rectification, erasure, or restriction of the processing of your personal data.

  • Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.

  • Right to withdraw consent according to Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of your personal data at any time.

  • Right to lodge a complaint according to Art. 77 GDPR: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in violation of the GDPR.

11.2 Right to Object

If we process your personal data based on our legitimate interests, you have the right to object to such processing at any time, for reasons related to your particular situation, with effect for the future.

If you exercise your right to object, we will cease the processing of the affected data. However, further processing may be allowed if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is being processed by us for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes at any time. You may exercise this right to object as described above.

If you exercise your right to object, we will cease the processing of the affected data for direct marketing purposes.

12) Duration of storage of personal data

Storage Duration of Personal Data

The duration of the storage of personal data depends on the respective legal basis, the purpose of processing, and, where applicable, the statutory retention periods (e.g., commercial and tax retention periods).

  • For the processing of personal data based on explicit consent under Art. 6(1)(a) GDPR: The affected data will be stored as long as you do not withdraw your consent.

  • For data that is processed based on statutory retention periods under Art. 6(1)(b) GDPR (e.g., for contractual or quasi-contractual obligations): These data will be routinely deleted after the expiration of the retention periods, unless they are still needed for contract fulfillment or initiation, or if we have a legitimate interest in retaining them.

  • For the processing of personal data based on Art. 6(1)(f) GDPR (legitimate interest): The data will be stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  • For the processing of personal data for direct marketing purposes under Art. 6(1)(f) GDPR: The data will be stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise specified in the additional information in this statement regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

bottom of page