Data protection has a particularly high priority for mixxt GmbH ( "We" ) and its employees.
Personal data is processed exclusively in accordance with the statutory provisions. Essential for this is Regulation (EU) 2016/679 (General Data Protection Regulation). By means of this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data processed by us in connection with our tixxt service. Furthermore, as a data subject, you will be informed of your rights by means of this data protection declaration.
We have taken a number of measures to protect your data, but in principle and in practice there is no absolute protection. For this reason, we regularly adapt the measures we have taken, even if there are no specific gaps in protection, if only to keep up with the state of the art and to do justice to our responsibility for your data.
The terms originate from the above-mentioned General Data Protection Regulation.
We use the following terms, among others, in this privacy policy:
"Personal data" or "your data" means any information relating to an identified or identifiable natural person (hereinafter " data subject" or "you" ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing" means the marking of stored personal data with the aim of limiting your future processing.
"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
"controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
'recipient' means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
"Third party" means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
mixxt GmbH
Adenauerallee 134
53113 Bonn
Germany
Tel.: +49 228 286796 00
E-mail: hallo@tixxt.com
Website: https://www.tixxt.com/
Stephan Meyer
mixxt GmbH
Adenauerallee 134
53113 Bonn
Germany
E-Mail: datenschutz@tixxt.de
Website: https://www.tixxt.com/
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Users of tixxt:
Usage data (e.g. websites visited, interest in content, access times),
technical data (e.g. browser, IP addresses, operating system).
Names,
Contact details (e.g. email, phone numbers, address),
data freely set by the user.
Customer (users who administer an instance of tixxt and have ordered paid services):
Usage data (e.g. websites visited, interest in content, access times),
technical data (e.g. browser, IP addresses, operating system).
Names,
Contact details (e.g. email, phone numbers, address),
data freely set by the user,
Contract data,
Settlement data.
The purpose of the processing is the operation and security of tixxt, contract performance and compliance with legal requirements. Furthermore, they may be used for the purpose of optimising tixxt and providing assistance to customers and users.
If you are a user, we collect and process your data on the basis of consent (Art. 6 para. 1 lit. a and Art. 7 DSGVO).
If you are a customer, we collect and process data more extensively than for a user due to the necessity of processing for the fulfilment of contractual services and answering questions (Art. 6 para. 1 lit. b DSGVO).
Since it is sometimes important to know whether there are other grounds for permission in order to assess how to proceed, they are listed below.
One reason for permission is our legitimate interest (Art. 6 para. 1 lit. f DSGVO), but also our legal obligations (Art. 6 para. 1 lit. c DSGVO).
In, hopefully, individual cases, processing may also be necessary to protect vital interests (Art. 6 para. 1 lit. d DSGVO).
Processing may also be permitted if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6(1)(e) DSGVO).
tixxt uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser. Your chosen browser manages these.
Cookies are ubiquitous on the internet. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific browser in which the cookie was stored. This enables the visited websites and servers to distinguish your browser from other browsers. A specific browser can be recognised and identified via the unique cookie ID.
We use this technique to avoid having to ask you for your access data again and again after logging in. However, it expires after some time. The option "Stay logged in" increases the duration that such a cookie is valid.
We therefore use these to recognise you. The purpose of this recognition is to make it easier for you to use tixxt. For example, you do not have to re-enter your access data every time you use tixxt, because your browser and tixxt automatically handle authentication in the background. We do not use cookies in the tixxt application for other purposes.
You can prevent the setting of cookies by tixxt at any time by means of a corresponding setting in your browser and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the browser or other software programs. This is possible in all common browsers. If you deactivate the setting of cookies in your browser, most of the functions of tixxt cannot be used properly.
You have the option of registering for tixxt and creating a user account using the corresponding input masks. You will first be asked for your e-mail address and asked to enter a password. Before you can send this data, your consent to data processing will be requested. If you do not give your consent, we will not receive any of the data you have entered. If, on the other hand, you give your consent, we will use the data on the basis of your consent and for the fulfilment of the contract.
As users and customers of tixxt, we need to contact and inform you from time to time for various reasons. We do this exclusively by e-mail, except in special cases. For the compilation and dispatch, we use an online service that supports us in this. Your data will not be passed on to third parties. This service provider stores and processes this data in the USA as well as in Europe. We have concluded a data processing contract with this service provider to protect your data and rights. Furthermore, we have checked as far as possible the principles and history of the service provider with regard to IT security and data protection and are confident that this service provider will also comply with the written promises.
tixxt contains information on how you can also contact us by e-mail. If you contact us by e-mail or via a contact form, your data will be processed. As commercial and business letters, a retention obligation applies for 6 years from the end of the calendar year in which it was sent. In the case of related communication, this is based on the last message. After that, they will be deleted unless there are important reasons for not doing so (see deletion). This personal data is not passed on to third parties. However, we use a service provider for a customer relationship management system in which we store your name, contact, contract and billing data. This may involve data transfer to a third country (in this case the USA). We have concluded a contract with this service provider in accordance with the so-called EU standard contractual clauses so that your data and rights are protected. Furthermore, we have checked as far as possible the principles and history of the service provider with regard to IT security and data protection and are confident that this service provider will also comply with the written promises.
For an optimal user experience on mobile devices, we also provide mobile apps with which you can use tixxt. When using and installing these apps, data is already collected in accordance with the rules of the respective app stores. However, we are not the responsible party here, but the respective operators. The data collected from you is usually processed in the USA. For more detailed information, you must unfortunately ask the respective operators.
We routinely delete your data when the purpose of processing has ceased to apply and any retention periods have expired. The exercise of your rights and other legal obligations may also lead to deletion.
There are, however, important reasons that prevent deletion insofar as processing is necessary
to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes as referred to in Article 89(1) of the GDPR, where the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
for the assertion, exercise or defence of legal claims.
You have the right to have us confirm whether we process your data. If we do, you have the right to receive free information about the data we hold about you and the following further information:
the processing purposes
the categories of personal data that are processed
the recipients or categories of recipients to whom your data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations
if possible, the planned duration for which your data will be stored or, if this is not possible, the criteria for determining this duration
The existence of a right to rectify or erase the personal data concerning you or to have the processing restricted by the controller or to object to such processing
the existence of a right of appeal to a supervisory authority
if your data is not collected from you: All available information about the origin of the data
the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.
You also have the right to know whether personal data has been transferred to a third country or to an international organisation. If this is the case, you have the right to be informed about appropriate safeguards in connection with the transfer.
You also have the right to receive a copy of your data from us.
You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
You have the right to request that we delete your data immediately if one of the following reasons applies and insofar as the processing is not necessary:
Your data has been collected or otherwise processed for purposes for which it is no longer necessary.
You withdraw your consent on which the processing is based and there is no other legal basis for the processing.
You object to processing that we process on the basis of a legitimate interest or for the performance of a task in the public interest and there are no overriding legitimate grounds for the processing.
You object to processing for the purpose of direct marketing and/or related profiling.
Your data has been processed unlawfully.
The deletion of your data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
The personal data was collected in relation to information society services offered to children.
If your data has been made public by us and we are obliged to delete your data, we will take steps to inform others who process your published data that you have requested that they delete all links to or copies of that data.
You have the right to request us to restrict processing if one of the following conditions is met:
You dispute the accuracy of your data. The restriction is for a period that allows us to verify the accuracy of your data.
The processing is unlawful and you object to the erasure of your data and request the restriction of the use of your data instead.
We no longer need your data for the purposes of processing. However, you need it for the assertion, exercise or defence of legal claims.
You have objected to the processing we are carrying out on the grounds of legitimate interest and it is not yet clear whether our legitimate grounds outweigh your interest.
You have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on your consent or on a contract and the processing is carried out with the help of automated procedures. However, if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, this does not apply.
You also have the right to have your data transferred directly from us to another data controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data which we process for the purposes of a legitimate interest, for the performance of a task carried out in the public interest or in the exercise of official authority. This also applies to profiling based on these provisions.
We will no longer process your data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your data for the purpose of direct advertising, you have the right to object at any time to the processing of your data for the purpose of such advertising. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your data for direct marketing purposes, we will no longer process your data for these purposes.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task carried out in the public interest.
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for the conclusion or performance of a contract between you and us, or (2) is authorised by Union or Member State law to which we are subject and that law provides for adequate measures to safeguard your rights and freedoms and legitimate interests (3) with your explicit consent.
If the decision is (1) necessary for the conclusion or performance of a contract between you and us or (2) made with your express consent, we will take reasonable steps to protect your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express your point of view and to contest the decision.
You have the right to withdraw consent to the processing of your data at any time.
You also have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that data processing violates applicable law.
For users, the criterion for the duration of the storage of your data is the existence of a user account. After deletion of this access, the user's data is also deleted. Your data may still be stored in our backups and log files. These are also deleted at the latest three months after deletion, unless there is something important in the way. For customer data, the duration is also determined by the statutory retention periods for business and commercial letters (6 years) and the retention periods under tax law (10 years). After expiry of this period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.
We do not use automated decision making or profiling.
We do not use social share buttons in tixxt on external networks.
Users have the option of linking to other third-party content. In the standard case, this leads to the browser being prompted to call up the corresponding page. For certain third-party content, however, we have created the option of accessing this content without leaving tixxt. If this content is accessed by a user, data is transmitted to the person responsible for the content. This is a third party according to the above definition. We have taken technical measures to ensure that third parties do not receive their data simply by using tixxt. In the case of such content, each user must first confirm that the content is to be accessed. Content from the following third parties may be embedded in this way.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data where a data subject lives outside the USA or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If Facebook already knows you and you have an account with Facebook, this data will be assigned to your account.
The data policy published by Facebook is available at https://de-de.facebook.com/about/privacy/. In addition to providing information about the processing by Facebook, it explains which setting options Facebook offers to protect your data. In addition, various applications are available that make it possible to suppress data transmission to Facebook
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
If Twitter already knows you and you have an account with Twitter, this data will be assigned to your account.
You can find Twitter's privacy policy at https://twitter.com/privacy?lang=de.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If YouTube already knows you and you have an account with YouTube, this data will be assigned to your account.
You can find YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy/ .
The operating company of Slideshare for members outside the USA is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkeIn is a subsidiary of Microsoft Corporation.
If Slideshare already knows you and you have an account with Slideshare, this data will be assigned to your account.
You can find LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.
The operating company of Instagram is Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram LLC is a subsidiary of Facebook Inc.
If Instagram already knows you and you have an Instagram account, this data will be associated with your account.
You can find Instagram's privacy policy at https://help.instagram.com/155833707900388 .
Flickr belongs to Oath, which is part of the Verizon group of companies. AOL and Yahoo! were united in Oath. The responsible Oath company for Europe is Oath(EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland.
If Flickr already knows you and you have an account with Flickr, this data will be assigned to your account.
You can find Flickr's privacy policy in German at https://policies.oath.com/ie/de/oath/privacy/products/flickr/index.html .
The operating company of SoundCloud is SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin.
If SoundCloud already knows you and you have an account with SoundCloud, this data will be associated with your account.
SoundCloud's privacy policy can be found at https://soundcloud.com/pages/privacy .
The operating company of Kickstarter is Kickstarter, PBC, 58 Kent Street, Brooklyn, NY 11222, USA.
If Kickstarter already knows you and you have an account with Kickstarter, this data will be assigned to your account.
Kickstarter's privacy policy can be found at https://www.kickstarter.com/privacy?ref=global-footer .
The operating company of Spotify is Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden.
If Spotify already knows you and you have an account with Spotify, this data will be assigned to your account.
Spotify's privacy policy can be found at https://www.spotify.com/de/legal/privacy-policy/ .
The operating company of Dailymotion is Dailymotion Société anonyme, 140 boulevard Malesherbes - 75017 Paris.
If Dailymotion already knows you and you have an account with Dailymotion, this data will be assigned to your account.
You can find Dailymotion's privacy policy at https://www.dailymotion.com/legal/privacy .
The operating company of Viddler is Viddler, Inc., 520 Evans St, Suite 1, Bethlehem, PA 18015 USA.
If Viddler already knows you and you have an account with Viddler, this data will be assigned to your account.
You can find Viddler's privacy policy at https://blog.viddler.com/privacy-policy/ .
The operating company of Vimeo is Vimeo, Inc., 555 West 18th Street, New York, New York 10011.
If Vimeo already knows you and you have an account with Vimeo, this data will be assigned to your account.
You can find Vimeo's privacy policy at https://vimeo.com/privacy .
The operating company of DeviantArt is DeviantArt, Inc, 7095 Hollywood Blvd #788, Hollywood, CA 90028, USA.
If DeviantArt already knows you and you have an account with DeviantArt, this data will be assigned to your account.
The Privacy Policy of DeviantArt can be found at https://about.deviantart.com/policy/privacy/ .
We reserve the right to update this privacy policy, in particular if the legal or technical circumstances change. In addition, to correct errors or to make explanatory additions.
Status: 05/2023