The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection explanation.

If you use this website, personal data may be collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

As a visitor to this website, you have the right, within the framework of the applicable statutory provisions, to free information at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the following address if you have any further questions on the subject of personal data.

Name and address of the responsible person

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

Gerd Wetzel
XSXL GmbH
Osterwaldstraße 10
D-80805 München
+ 49 89 5527 947 240
info@xsxl.eu

Privacy officer

According to Article 37(1) of the EU Basic Data Protection Regulation (DSGVO), there is no need to appoint a Data Protection Officer.

General information on data processing

Scope of processing of personal data

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis.
Art. 6 para. 1 lit. b DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
Art. 6 para. 1 lit. d DSGVO serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

Secure data transmission

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests sent to us as the site operator. An encrypted connection can be recognized by the user by the fact that the address line of the browser changes from “http://” to “https://” and is marked with a lock symbol.

If SSL or TLS encryption is activated, the data transmitted to us by users cannot be read by third parties.

Provision of the website and creation of log files

Each time our website is accessed, the web server logs each individual access to an element (e.g. an HTML file or an image) of the same. Also failed or denied accesses (e.g. due to password protection) are noted.

Our web server stores the following information in log files:

In the event of an error, messages from the Apache web server are saved in log files. The following data is stored:

An evaluation of this data for marketing purposes does not take place, nor does storage together with other personal data of the user.

The storage in log files serves to ensure the functionality and optimisation of our website. This is our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f DSGVO.

The data are deleted as soon as they are no longer required for the purpose of their collection. For the data stored in log files, this is the case when the respective session has ended. Error logs that log erroneous page views are deleted after 30 days.

The collection of the data for the provision of the website and the storage of the data in log files are not permitted for the use of the website.

Use of cookies

Our website does not use cookies.

Contact by e-mail

You can contact us by e-mail at any time. In this case your personal data transmitted with the e-mail will be stored. The processing of your data serves us solely for communication with each other. The data will not be passed on to third parties in this context.

You have the possibility at any time to revoke and delete your consent to the processing of your personal data for communication with each other.

The legal basis is Art. 6 para. 1 lit. f DSGVO. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b DSGVO.

Your rights as a data subject

If your personal data (“your data”) is processed, you are a data subject within the meaning of the DSGVO. In the following, we would like to give you an initial overview of the rights to which you are entitled.

If you wish to assert your rights against us, just send us an e-mail.

Right to information

You can request information about which data we process from you (Art. 15 DSGVO). In addition, you can request information on how we handle this data, where we obtained it from, if it was not collected from us, whether automated decision-making exists (including profiling) and, if applicable, what this involves.

Right to rectification

You demand that we correct incorrect or incomplete data immediately if it is stored by us (Art. 16 DSGVO).

Right to deletion (“right to be forgotten”)

You can request that we delete your data stored with us (Art. 17 DSGVO).
Restrictions: The processing of your personal data is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, for asserting, exercising or defending legal claims.

Right to limitation of processing

You may request that the processing of your data be restricted (Art. 18 DSGVO ).

Right to transfer data

You may request that we transmit your data, if it is stored by us, to you or a responsible person in a structured, machine-readable form (Art. 20 DSGVO).

Right of objection

You may object to the processing of your data (Art. 21 and Art. 22 DSGVO).

Right of complaint to a supervisory authority

They may complain to a supervisory authority (Art. 77 DSGVO).

Right of objection

Pursuant to Art. 21 DSGVO, you are entitled to object to the processing of your data which we process on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO. In this case, you must submit reasons for your objection which result from your particular situation.

In the case of direct marketing, you have a general right of objection which you do not have to justify further.


The status of this data protection declaration is August 2019.