Information about collection of personal data

In the following paragraphs, you can find more information about the personal data that is collected when you visit our website. Personal data is all data that is linked to you as a person, e.g. name, address, email addresses and user behaviour.
The data controller within the meaning of Article 4(7) of the EU Data Protection Regulation (GDPR) is Roland Fesenmayr, Bertoldstraße 48, 79098 Freiburg, Germany, [email protected] (see Imprint). You can contact our Data Protection Officer at datenschutz(at) or by using our postal address and addressing your letter to “der Datenschutzbeauftragte”.
If you contact us by email or by using a contact form, the data submitted (your email address and, if applicable, your name and telephone number) will be stored to answer your questions. This data will be deleted when it is no longer necessary to save the data. Should we be required by law to keep the data, we will restrict the processing of this data.
If we use subcontractors to provide individual parts of our offer, or if we would like to use your data for promotional purposes, we will give you more information about the relevant processes below. We will also inform you of the criteria defined for storage periods.

Your rights

You have the following rights regarding your personal data:

  • Right to information,
  • Right to correction or deletion (‘right to be forgotten’),
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability.

You also have the right to make a complaint to a data protection supervisory authority about how we process your personal data.

Collection of personal data when you visit our website

General information
If you access our website for information only, i.e. without registering or submitting personal data, we will only collect the personal data sent to us by your web browser. If you want to view our website, we collect the following data that is based on technical requirements and needed for displaying the website and provide stability and security (pursuant to Article 6(1)(1)(f) GDPR):

  • Date and time of the request 
  • Time zone difference to Greenwich Mean Time (GMT) 
  • Content of the request (specific page) 
  • Access status / HTTP status code 
  • Amount of data transferred 
  • Referring website 
  • Browser 
  • Operating system and its interface 
  • Language and version of your browser software. 

This information is utilised for the sole purpose of improving our services and does not provide any information as to who you are. The IP address is only stored temporarily to allow us to detect and prevent any possible attacks.

Personal data
The personal data you submit to us will be used for processing and fulfilling your order. We may process and save this data if this is necessary for performing the contract of sale and if legal requirements necessitate that we keep this data. We reserve the right to pass on your personal information to credit reference agencies if this is necessary for the purpose of credit checks, providing that the customer expressly agrees to this in the individual case. We will not pass on other personal customer data to third parties without your express agreement, unless we are required by law to hand over data. 


If you sign up for our newsletter, we will use the data you provide with your express permission to send our newsletter to you. Your email address is required but all other information is voluntary. Our newsletters contain topical informative contributions, as well as offers from OXID eSales and third-party providers. We use a “double opt-in” process to verify your subscription to the newsletter. This means that, once you have signed up, we will send an email to the address you have given, requesting confirmation that you wish to receive the newsletter. If you do not send confirmation within 24 hours, your information will be blocked and automatically deleted after one month. We also store the IP addresses you have used and the time at which you sign up and confirm. This provides proof that you have signed up and enables us to identify any possible misuse of your personal data. It is possible to unsubscribe at any time, either by clicking the link included in every newsletter email or by sending an email to the contact details given on the “Imprint” page.

Personal data security during the order process in OXID eXchange 

During the order process, your data is transferred over the internet in encoded form using Secure Socket Layer (SSL). Credit card details are not saved. They are directly collected and processed by our payment service providers PayPal or Skrill. We take technical and organisational steps to protect our website and other systems against loss, destruction, access, alteration or circulation of your data by unauthorised persons. It is only possible to access your customer account by entering your personal password. You should always keep your login details secret and close the browser window when you have finished communicating with us, especially if you are using a shared computer. 

Credit checks and scoring

If we make an advance payment, such as a purchase on account, we may request creditworthiness information based on mathematical and statistical processes in order to protect our legitimate interests from Bürgel Wirtschaftsinformationen GmbH & Co. KG, Gasstraße 18, 22761 Hamburg and Creditreform Freiburg Zimmermann KG Jacob-Burckhardt-Str. 15 - 17, 79098 Freiburg. To do this, we send the personal data needed for a credit check to Bürgel Wirtschaftsinformationen GmbH & Co. KG and Creditreform Freiburg Zimmermann KG. The information returned to us about the statistical probability of non-payment is then used to make a balanced decision about entering into, maintaining, or ending a contractual relationship. The creditworthiness information might contain probability values (score values) that are calculated on the basis of scientifically recognised mathematical and statistical processes. Address information, among other information, is used to calculate these values. Your interests worthy of protection are taken into account in accordance with the statutory provisions. 


We use PayPal for payments on our website. The responsible body is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg. 
For processing of payments, the necessary data will be sent to PayPal, pursuant to Article 6(1)(a) GDPR (consent) and Article 6(1)(b) GDPR (processing necessary for performance of contract).

Job applications

Applications for jobs at OXID eSales by email or via the job portal will only be processed as part of the recruitment process. Transfer of personal data for applications via the job portal is in encrypted form.
If a contract of employment is concluded, the data will continue to be stored for the working relationship. If the application does not lead to an employment contract, the data will be deleted 3 months after completion of the recruitment process as long as OXID is not obliged to store the data due to legal requirements or other legitimate interests.

Web analysis

Data on this website is captured and stored for marketing and optimisation purposes using technologies from WiredMinds AG (WiredMinds) and Google Inc. This data can be used to create usage profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are saved locally in the cache of the user’s internet browser. Cookies enable the internet browser to be recognised again. IP addresses that are captured are anonymised immediately after capture by deleting the last set of numbers. You can object to the data collection, processing and storage for the purposes of web analysis by Google Inc. and/or WiredMinds at any time with effect for the future.

Use of cookies

To make visiting our website attractive and to enable the use of certain functions, we use what are called cookies on various pages. Cookies are small text files that are stored on your end device. Most of the cookies we use are deleted again at the end of the browser session (the so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser when you next visit (persistent cookies). You can configure your browser to inform you when cookies are being stored so that you can decide in each case whether to accept them or to block them in all cases. Blocking cookies can limit the functions of our website.

Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (‘Google’). Google Analytics uses so-called cookies, i.e. text files that are stored on your computer and enable analysis of your use of the website. The information provided by the cookie about your use of this website is normally sent to a Google server in the USA, where it is saved. 

We have activated IP anonymisation on this website which means that Google will abbreviate your IP address first within the member states of the European Union or in other states party to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. 

Google has certified that it adheres to the “Privacy Shield” Principles, We are allowed to use Google Analytics according to Article 6(1)(1)(f) GDPR.

Google will use this information, on behalf of the operator of this website, to analyse and evaluate your use of the website, to compile reports about website activities and to provide the website operator with other services related to website and internet use. Google will not associate the IP address sent by your browser with other data in the context of Google Analytics. 

You can configure your browser to block cookies. However, this may mean that you are not able to make full use of all of the functions of this website. You can also prevent the data created by the cookie which relates to your use of the website (incl. your IP address) from being recorded and processed by Google by downloading and installing the browser plugin available at the following link ( 

You can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be stored that will prevent data from being recorded when you visit this website in future: Deactivate Google Analytics

You can find more detailed information about conditions of use and privacy at or


Our website uses web beacon technology from wiredminds GmbH ( to analyse visitor behaviour. 

Data is collected, processed and stored to create usage profiles under a pseudonym. Usage profiles are fully anonymised where possible and appropriate. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s internet browser and used to recognise the browser. The data collected, which may include personal data, is sent to WiredMinds or gathered by WiredMinds itself. WiredMinds may use information that is left behind when somebody visits a website to create anonymised usage profiles. Data collected in this way is not used to personally identify the visitor to this website without the express agreement of the person concerned, and it is not associated with the personal data of the holder of the pseudonym. If IP addresses are collected, they will immediately be anonymised by deleting the last set of numbers.

You can find WiredMinds’ privacy policy here.

You can rescind permission to collect, process and store data at any time, with effect for the future.


To enable us to provide an online offer with no technical issues, we use the analysis software Smartlook from s.r.o., Millay Horakove 13, 602 00 Brno, Czech Republic.

This software anonymously tracks mouse movements and interactions on the website. There is no transfer of personal data, and none of the collected data can be linked or traced back to individual users. If your personal data or the personal data of a third party is displayed on the website, Smartlook will automatically fade it out and it will not be recorded at any time.

If you do not consent to the recording, you can deactivate it using the opt-out switch under Smartlook Opt-Out .


When contacting us (via contact form or email), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) GDPR.

The user's details may be stored in our customer relationship management system and marketing automation platform ("CRM & Marketing System") or comparable inquiry organization.

We use the CRM, registration and marketing automation system "HubSpot", of the provider HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with offices in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin) based on our legitimate interests (efficient and fast processing of user inquiries, applications and optimization of our online offer). For this purpose, we have concluded a contract with HubSpot with so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. For more info on HubSpot's privacy policy, please click here: and

Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing.

We delete the requests if they are no longer necessary. We review the necessity every two years; we store requests from customers who have a customer account permanently and refer to the customer account details for deletion. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).


Getsitecontrol, a service by GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus, is used on this website to collect user feedback and support users of this site via live chat. We are allowed to use getsitecontrol according to Article 6(1)(1)(f) GDPR.

You can read the privacy policy for getsitecontrol here .

The services of getsitecontrol are provided by servers in the USA, so data is sent there. GetWebCraft Limited has certified that it and any processors acting on its behalf adhere to the “Privacy Shield” Principles.


This website uses services by Eventbrite Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147, USA to allow users to sign up to our events on this website. We are allowed to use Eventbrite according to Article 6(1)(1)(f) GDPR.

You can read the privacy policy for Eventbrite here .

The information you enter for signing up and/or ordering tickets for an event is sent to Eventbrite servers in the USA. Eventbrite Inc. has certified that it adheres to the “Privacy Shield” Principles. 


We use a survey tool from QuestionPro GmbH, Friedrichstraße 171, 10117 Berlin for online certification. The legal basis for the use of QuestionPro is Art. 6 para. 1 p. 1 lit. f DSGVO. You can read QuestionPro GmbH's privacy policy here.


Social Media Plugins

We use the following social media plugins and have implemented a “two-click solution”. This means that, initially, no data will be sent to the plugin providers when you visit our site. You can acknowledge the provider of the plugin by checking the box above its initial letters or the logo. We give you the option of communicating directly with the plugin provider via the button. Only by clicking the marked field and activating it will the plugin provider be informed that you have retrieved the corresponding website from our online presence. The data mentioned under § 3 of this statement is also sent. According to Facebook and Xing, they anonymise IP addresses immediately after collection in Germany. If you activate the plugin, your personal data is sent to the respective plugin provider, where it is saved (in the USA for US American providers). Plugin providers usually collect data using cookies, so we would recommend that you delete all cookies using your browser’s security settings, before clicking on the greyed-out box.

We have no influence over the data collected or the processes used for data processing. We are also not aware of the full extent of data collection, the purposes of processing or for how long the data is stored. We also have no information about deletion of the data collected by the plugin provider.

The plugin provider saves data collected about you as a usage profile that it uses for the purposes of advertising, market research and/or to design its website to meet needs. In particular, data is evaluated (even when you are not logged in) to show you advertisements that match your interests and to inform other users in the social network about your activities on our website. You have the right to object to creation of these user profiles. However, you must contact the plugin provider in question to exercise this right. We use plugins to enable you to interact with social networks and other users. This helps us to improve our presence and make it more interesting for you as a user. We are allowed to use plugins according to Article 6(1)(1)(f) GDPR.

Your personal data will be transmitted to the plugin provider even if you do not have an account with the plugin provider or if you are not logged into your account. If you are logged in, the information transmitted to the plugin provider will be linked to your account. If you interact with plugins, for example by clicking the ‘Like’ button or leaving a comment, this information is also sent straight to a server operated by the plugin provider where it is saved. The information is also published on your profile and is visible to your friends. To avoid data collection and having data linked to your account, we recommend logging out after using social networks and, particularly before clicking the button.

Additional information about purpose and extent of data collection and processing by the plugin provider can be found in the following privacy policies for these providers. You can also find information about your rights and settings to protect your privacy.

Plugin providers and their privacy policies:


We use Selfcampaign on this website, a service for integrating advertisements from B2B Media Group EMEA GmbH ("B2BMG"), Bahnhofstr. 5, 91245 Simmelsdorf, Germany. Selfcampaign uses so-called cookies, text files that are stored on users' computers and that allow an analysis of use of the website. Selfcampaign also uses “web beacons” (invisible graphics). Web beacons can be used to evaluate information such as visitor traffic on the pages of this offer. We are allowed to use Selfcampaign according to Article 6(1)(1)(f) GDPR.

The information generated by cookies and web beacons on the use of this website and delivery of advertising formats is transmitted to a server of B2BMG in Germany, where it is stored. This information may be shared by B2BMG with B2BMG contractors. You can read the privacy policy for SelfCampaign here .

Users can prevent the installation of cookies by setting their browser software accordingly; however, the provider points out to the users that in this case they may not be able to fully utilize all functions of this offer. By using this website, users agree to the processing of the data collected about them by B2BMG in the manner described above and for the purpose stated above.