XING is a service intended through a variety of different applications to improve and simplify users' professional lives. The combination of these applications gives users the best possible user experience and the widest range of functionality. With the boundaries between our professional and private lives becoming ever more intertwined, and correlations occurring between the two, XING is focused not only on a professional context but also includes applications in a private context. XING is particularly interested in opening up new capabilities for users (primarily in a professional context, but also in their private lives), making it easier for them to form horizontal networks, democratising information, fostering the exchange of information, and supporting lifelong learning. In order to fulfil these aims, XING makes offers, recommendations and services available to its users, often on the basis of data it has collected, and encourages interaction – both within and beyond a user’s network. The applications that make up the service XING include, in particular, the social network where users can acquire a membership, an employer rating platform and a talent acquisition platform. Some of the XING applications may appear online under another brand name or in the form of other XING Websites (e.g. kununu, onlyfy).
We provide this Privacy Policy to inform you about data processing in connection with the entire service XING (including all applications). We also provide additional information about data processing for the following applications, which you can access on the respective websites of the applications:
We, New Work SE, assume the role of controller as per the EU General Data Protection Regulation (GDPR). In other words, we are the legal entity that shall determine the purposes and means of the processing of personal data . Our contact details are as follows: Am Strandkai 1, 20457 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-mail: info@xing.com.
Our Data Protection Officer is Christian Schmidt, Am Strandkai 1, 20457 Hamburg, Germany, contact link: https://www.xing.com/support/contact/security/data_protection.
The purposes for which we process your personal data are outlined in the section 1. General statement about the purposes of data processing. We will inform you once again should we process your personal data for any other purpose, i.e. for a purpose other than the one the personal data was originally saved for.
You are not legally required to make your personal data available. Nevertheless, in order to close a user contract you must provide information such as your name and e-mail address. Without this information we are not able to enter into such a contract with you. Within the scope of the user contract, we are contractually obliged to keep the data provided in its precise and complete form for all applications used by you and for the entire duration of the contractual term. During the initial process of data entry we inform you if the provision of personal data is necessary for a particular feature or application ("mandatory field"). Where data is required, any failure to provide this information will result in the respective feature or application not being accessible to you the user. In the case of optional data, not making this information available may mean that our services cannot be provided in the same form or scope.
The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.
The main reason we process personal data is to fulfil our contractual obligations towards our users. The processing of data is required, for example, for us to be able to suggest suitable contacts, services and information to you.
Operating a service like XING is subject to dynamic change by its very nature. It is not therefore possible to share every single detail about our data processing with you, but we do intend to inform you of all the key information. We process data first and foremost in order to fulfil our contractual obligations towards our users. In addition to this, we process your data to preserve our justifiable interests while taking your interests into account (e.g. when we send you promotional newsletters). And, of course, in some cases we are legally obliged to process data (e.g. to pass the data on to any investigative authorities). In all other cases we will ask for your separate consent to process your data (e.g. when using tracking technologies for the measurement and optimisation of advertising or when you enter a prize draw). When it comes to fulfilling our contractual obligations towards our users, we try to tailor our products and services to the needs of users at all times. Personalisation is important here. Interest and usage profiles are created. In order to be able to show you recommendations, e.g. for jobs or contacts, and to suggest you as a valuable business contact or potential employee, we must have an idea of what your interests might be. In order to ascertain these interests we use information that you provide to us, in addition to implicit feedback, i.e. information that we automatically obtain through your usage of our service (by means of so-called "tracking"), as well as information that we may possibly receive indirectly (e.g. through a user's address book or upload). In order to meet our contractual obligations, we also serve you third-party advertising tailored to your needs and interests wherever possible. To this end, we provide advertisers with certain targeting criteria. Advertisers can state, for example, that they would like to target "directors" at companies with "1,000-5,000 employees".
If you give us your consent, we will use your data for targeting on third-party platforms (see measurement and optimisation of advertising). The legal basis for this processing of personal data is Article 6 (1) a) of the EU General Data Protection Regulation (GDPR).
This refers to data we obtain from you directly and information you publish and send on XING Websites such as:
This includes data that we have obtained from you directly and information that you publish or send on XING Websites. There are both mandatory entry fields (which as marked as such) and optional information you can provide.
When you register to be able to use XING applications we have to record and process certain personal data as your login data.
e.g.
Your login data is not visible to third parties. We will not ever pass this information on to third parties under any circumstances.
We delete this data when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
You are required to complete certain mandatory fields. The social network offers you a number of different ways for your to present yourself with your own user profile on XING websites and beyond, and to interact with other users and third parties in real time. This mandatory information is essential to serve the overarching purpose of XING.
e.g.
The following mandatory information is always visible without limitation to other users in the social network, and to users of certain other XING websites on which your user profile is displayed in full or in part:
We delete this data when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
As well as the mandatory information we require, you can also enter additional information to make it easier for users to get to know you better and, for example, identify and select you as a suitable employee or business contact.
e.g.
After entry, your optional information is visible to all users in the social network, and to users of certain other XING websites where your user profile is displayed in full or in part. In some cases, you can choose whether optional information should only be visible to certain users.
You can retract most optional information at any time for the future by deleting the respective data in your profile. With your contact details and date of birth, you can decide on a case-by-case basis whether and to what extent this information should be visible for a particular user.
If you delete the data, it will be removed from your user profile. We will erase the data in full when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
In order to provide our services we require certain information from you. On our employer review platform we only need your e-mail address.
e.g.
Whether and to what extent your mandatory information is visible to other users depends on whether and to what extent the respective application is geared towards anonymity. Please refer to the respective application for more information.
We delete this data when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
As well as the mandatory information we require, you can also enter additional information to make as effective use as possible of the respective application.
e.g.
Whether and to what extent your mandatory information is visible to other users depends on whether and to what extent the respective application is geared towards anonymity. Please refer to the respective application for more information.
If you delete the data, it will be removed from the respective application. We will erase the data in full when you delete your user account. We may also save certain information (e.g. employer reviews) in an anonymous form beyond this point.
This differs from recruiting applications for business customers (onlyfy) where multiple users at a company can work together and share information and content with one another. Such information and content shared by a business user in a business account remain there, even if the business user no longer has access to the business account. Current and future business users can continue to see this information and content.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
We use the electronic mail address(es) that you have provided to us to send you regular newsletters and/or status e-mails electronically, in addition to advertising for our own related products and services, or surveys for the purpose of our own market research, unless you have objected to this form of usage. The newsletters are a simple and effective way of finding out about new features on XING, for example, having interesting contacts suggested to you, or receiving certain personal statistics. We use the e-mail addresses you provided us with (with the exception of the login e-mail address) to ensure that your profile can be found by other users of the social network and to be able to display your profile to these users. If you give us your consent, we will use your data for targeting on third-party platforms (see measurement and optimisation of advertising).
You can unsubscribe to newsletters at any time, either in your notification settings in the social network or by clicking on the link provided at the end of e-mail newsletters. It’s possible to unsubscribe to newsletters and notifications in individual applications too, although there are different ways of going about this.
If you delete the e-mail address(es), it/they will be removed from the respective application. We will erase the e-mail address(es) in full when you delete your user account.
The legal basis for this processing of personal data are Article 6 (1) f) and Article 6 (1) b) of the EU General Data Protection Regulation (GDPR) as well as Article 6 (1) a) of the EU General Data Protection Regulation (GDPR) with regard to use for third-party platform targeting.
Those users in the social network who you ask to join your personal network will be saved on your profile in a list of contacts. If a user in the social network confirms your contact request, they become a so-called "confirmed contact" for you. Another way of connecting with users is the more non-committal "Follow" option. The user in the social network who you want to follow does not have to confirm your request.
Other users in the social network can only ever see your confirmed contacts and people you're following.
Your default privacy settings mean that the list of your confirmed contacts is visible to all users in the social network. You can alter this setting at any time so that your list of confirmed contacts is hidden from everyone or is only visible to certain groups of users, e.g. only to contacts of your confirmed contacts (second degree contacts).
We delete this data when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
You can exchange private messages with other users in the social network. As well as text, content you can send to other users includes images and your exact location. You will also receive e-mail notifications about new messages via the e-mail address your provided.
Private messages can never be accessed by anyone other than those individuals who send or receive them.
The default settings for messages is that all other users in the social network may send you messages. You can adjust these settings at any time so that either nobody can send you private messages or only users up to a certain degree of separation to you, e.g. only contacts of your confirmed contacts (second degree contacts).
We save this data until your user account is deleted. The recipients of your messages will not however have these conversations erased when you delete your user account. This data is only deleted in full once it has been deleted by both the sender and recipients.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
In the social network there are various ways of sharing content with others and reacting to content.
e.g.
Generally speaking, the content and reactions you share in the social network are visible to all users in the social network.
Any comments you make in XING Klartext/Zukunft.machen articles are subject to a greater degree of visibility. This information can also be accessed outside of the social network for non-users and can be found in online search engines.
For individual features the level of visibility may be more restricted (e.g. only visible to contacts). In such cases you will be informed about visibility when using the respective feature. Please be aware that even if you restrict visibility, the content and reactions that you share may become visible beyond your own network if your contacts choose to share this information with other users.
If you delete the content you shared and the reactions, they will be removed from the social network. We will erase them in full or make them anonymous when you delete your user account.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
If you use XING applications that you pay for, we will collect and use your billing details to process payments and invoices in accordance with the method of payment you choose. Your billing details are saved for payment and invoice processing when your user term is automatically renewed.
e.g.
Billing details cannot be seen by other users under any circumstances.
We save this data until your user account is deleted or beyond this point, until a time when the data is no longer subject to any tax-related, commercial or other statutory storage obligations.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
If you provide us with feedback of your own volition or when taking part in one of our surveys, we will process your data in order to conduct the survey, or to evaluate and, where applicable, implement your feedback.
In some cases we may ask for separate consent from you to process your data provided as part of a survey.
We want to understand your needs so we can make XING even better for everyone. To this end, we may link your profile and usage data to your answers.
Please note that we always handle and evaluate your data confidentially. We don't publish any of your data, and we don't disclose it to third parties.
We save this data until your user account is deleted, unless you have provided consent to it being processed beyond this point.
The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) and Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
If you choose to enter a prize draw we offer, we will process your data insofar as it is required for the purposes of this draw.
In some cases we may ask for separate consent from you to process your data provided as part of the prize draw in other ways.
The data collected as a result of your entering the prize draw will be deleted once the draw has closed, unless you have provided consent to your data being processed beyond this point.
The legal basis for this processing of personal data is Article 6 (1) a) (separate consent) and b) of the EU General Data Protection Regulation (GDPR).
If you contact our customer service team, we process the data you provide so as to be able to handle your query. We may request separate consent to process your data, and only process your data for other purposes in compliance with statutory requirements pursuant to Article 6 (4) of the EU GDPR
We only save copies of identification documents you provide us with for verification purposes to the extent required to perform said verification, with copies generally deleted after 30 days at the latest. Data we receive from you when contacting our customer service team is deleted in full 7 years following completion of the respective customer request at the latest.
The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) of the EU General Data Protection Regulation (GDPR), Article 6 (1) b) (processing necessary for the performance of a contract) of the EU General Data Protection Regulation (GDPR), Article 6 (1) f) (processing based on the weighing of interests) of the EU General Data Protection Regulation (GDPR), and Article 6 (1) c) (processing necessary for compliance with a legal obligation) of the EU General Data Protection Regulation (GDPR).
You can often apply for jobs directly via XING and onlyfy by entering your contact details and uploading your documents to an application form. We then send your application to the company that posted the job ad.
The "Leverage your application" feature also lets you use the data from your application, irrespective of whether or not you are a member of the social network. If you grant the necessary permission by opting to use this feature, we will save your data from your application and use it to offer you a wide range of professional opportunities and share your data with recruiters. The "Leverage your application" feature also allows us to send you regular job suggestions, while other recruiters/companies can view your CV and contact you about matching vacancies. You also have the option to use your job application data to apply for other jobs. We aim to provide you with the best-possible support for your professional life, which is why we also use the e-mail address you provide to send you information about our other products and services. The "Leverage your application" does not automatically create a visible profile for you on the social network.
Other than the companies you applied to, only you can see which vacancies you applied for. Other people are unable to see this information on XING. Only the company you apply to via XING can access the data and documents you provide in your application.
If you give your consent to use the "Leverage your application" feature, you allow us to make your application details and documents available to other companies we think may have a matching vacancy for you. The "Leverage your application" does not automatically create a visible profile for you on the social network.
We will delete the data and documents you provide in your application via XING after a period of 6 months. Some job application processes can take several months to complete, which is why we want to make sure that companies you apply to via XING have long enough access to your application data and documents.
By opting to use the "Leverage your application" feature, we will save your data until you withdraw your consent.
The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).
Data about you is automatically collated by means of tracking while you visit or make use of the XING service. Here you can find out:
Data about you is automatically collated by means of tracking whenever you visit or make use of the XING service. This takes place with the help of various tracking technologies.
You won't be tracked in the XING mobile app when browsing content from the xing.com website.
In the so-called "back end", at our web server level, we collect the data of logged-in users and other visitors, which we use first and foremost for the provision and preservation of the security of the service XING. In the "front end", on your end device, we, or third parties we use, use cookies, pixels, local storage and similar tracking technologies to collect data about logged-in users and other visitors to enable the provision of our service and the analysis of user behaviour, and for the measurement and optimisation of advertising. In addition, we record your usage behaviour in connection with e-mails we send you, e.g. whether and when you have opened an e-mail, and which links you clicked on. Tracking involves the processing of login data (e.g. date and time of the visit, referrer, IP address, cookie ID, location data, product and version information about the browser or app used, device ID or data) and interaction data (e.g. pages viewed, searches carried out, changes to job application status). In order to be able to identify you as a user during your visit to XING, we use so-called session cookies. These session cookies are automatically deleted at the end of a session. These cookies are required to be able to use XING. When you register you can choose to remain logged in. If you do, a cookie is then saved in the browser of your end device that means that you don’t need to log in again for as long as the cookie remains saved. We also conduct a very approximate geo-localisation that informs us of the towns/cities you have been to. In order to do this we use your shorted and anonymised IP address, and your geo-coordinates if you have agreed to this on your mobile end device. We do not save your precise location. We only store information about which cities you are in on a regular basis. Specific addresses or geo-coordinates are not saved.
One reason for tracking is to ensure and preserve the legitimate interest of the protection of users, the security of user data, XING Websites, and the XING service. To this end, we save the data we record for up to 12 months in its full form. Only a limited number of our employees with the respective authorisation rights have access to this data. The legal basis for this processing of personal data are Article 6 (1) f) and Article 32 of the EU General Data Protection Regulation (GDPR).
We mainly use tracking and the associated user behaviour analysis to meet our contractual obligations and to perform pre-contractual measures. The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR). If tracking is not used to meet our contractual obligations or to perform pre-contractual measures, but to provide the service you visit or use, the legal basis for this processing is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR). To this end, we pursue the legitimate interest of providing you with a smooth and user-friendly service.
Tracking and analysing user behaviour helps us to review and optimise the effectiveness of our service, and to identify and correct any errors and faults. To this end, we also use several services from third-party providers, such as Google. If we use third-party providers, data may be processed outside of the EU in so-called third countries where the level of data protection applied may not match EU standards. This means there is a risk that authorities in third countries may be able to access third-party provider data, possibly without any means of redress, for monitoring or surveillance purposes. We endeavour at all times to adapt our products and services to the needs of our users. Personalisation is an important aspect here. Analysing data obtained from tracking is necessary to make personalised services available to you in accordance with the contractual purpose of XING and to ensure that you gain the greatest possible benefit from XING. The implicit feedback that you provide to us through our tracking of your usage of XING forms an important part of understanding what content you are more or less interested in, and being able to suggest you to other users as a valuable business contact or potential employee. This implicit feedback is enormously important as the information you provide to us is reflective of the past and the present for the most part, and says little about what interests you have with regard to the future. Interest profiles produced, for example, with the help of click data or searches you have conducted often form a better basis for estimating whether you, for example, are interested in finding a new job and what type of job openings you might be particularly interested in. When you delete your user account we delete or anonymise the personal data we have obtained through tracking in order to provide our service.
One important feature to result from our analyses is, for example, the provision of the "Clickpath". This is an essential part of contact management and as such an essential feature of XING. Clickpath is a function of the service XING which registers access to users’ profiles by other users, as well as to event pages, Business Pages, Employer Branding Profiles, job ads, or access to specific information contained therein. The information registered by Clickpath is only available to Premium members, users who post job ads, operators of Business Pages and Employer Branding Profiles, and organisers who have booked the Event Plus option for their events. By using Clickpath you can see, as a Premium member, e.g. which other users have visited your profile. By the same token, all other Premium members can do the same, i.e. they may see whether you have visited their profile, event page, Business Page, Employer Branding Profile or job ad. You are not able to deactivate this feature in your privacy settings. If you do not agree that other users may see that you have visited their profile, Business Page, etc., you should refrain from using the service XING.
Another important feature resulting from our analyses are recommendations that we tailor to you personally on the basis of your user data. We can, for example, recommend job offers, relevant news or interesting contacts to you.
In order to be able to identify you as a valuable business contact or potential employee, we may show other users information about your personal XING usage. This might include your level of user activity, the number of things you have in common with a respective profile visitor, the number of times your profile has been visited, how long you have been a member and what kind of membership you have.
We use the tracking tool Adobe Digital Analytics. Whenever you are logged in as a user on XING your data is matched with your user ID during the tracking process. If you are not logged in as a user, tracking is pseudonymous, i.e. we are not able to directly deduce information regarding your identity from information we obtain from tracking. The cookies used for the web analysis contain an ID which allows us to identify your end device’s browser. We have closed a data processing agreement with the provider and your IP addresses are anonymised immediately after collection.
You can opt out of tracking by Adobe Digital Analytics at any time, simply by clicking on the following link and opting to exclude yourself from visitor session aggregation and analysis:
xing.com: https://consent.xing.com/adobe/optout.en.html
onlyfy.io: https://consent.onlyfy.io/adobe/optout.en.html
Please note that this opt-out option installs a cookie on the end device you’re using when you click on the link. You therefore might not be excluded from tracking if you then delete the cookie in question. When using mobile apps, you need to opt out in the respective app settings.
We use the web analysis tool Google Analytics, developed by Google Inc. ("Google"). Google Analytics uses so-called "cookies": text files that are saved on your computer and enable the analysis of your usage of a website. The information generated by the cookie about your use of this website (including your IP address) is transferred to a server of Google in the USA and saved there. We use the so-called "_anonymizeIp()" script here, which ensures that your IP address (after identifying the geolocation) is immediately anonymised by Google. We have also closed a data processing agreement with Google. Google will use this information to evaluate your use of the website, to compile reports about website activity for website operators, and to provide other services relating to website and online usage. Google may also pass this information on to third parties if this is required by law or if these third parties process the data on behalf of Google. Google will not link your IP address to any other data about you it has stored.
You can prevent the installation of cookies by adjusting the settings in your browser software accordingly; please note though that you may not be able to use all the features of the XING Websites in full as a result. Google also offers so-called deactivation tools for some web browsers, where you can opt out of your user behaviour being recorded and analysed. You will find more information and download options for these tools here: http://tools.google.com/dlpage/gaoptout?hl=en-GB
We use the 'Braze' service to collect your usage of some parts of the platform to be able to serve you personal tips and information.
You can enable or deactivate this data collection. We recommend you enable it so we can provide you with useful tips and information (e.g. about updates to the features you use, or current billing information).
We use a tool called VWO to run A/B tests. You can opt out of this kind of web analysis here
We use the web analysis tool Mouseflow from Mouseflow ApS, Denmark. You can opt out of this form of web analysis by clicking on the following link: https://mouseflow.com/opt-out/
With your permission, we and third-party providers we commission will use cookies, device identifiers or other information saved or viewed on your device (tracking) and your data (see also information you provide us with) to measure the success of advertising campaigns, to build up a profile of your interests, and to serve you relevant ads based on this profile. If you opt in, a cookie is set on your end device that enables us to recognise you on XING web pages even if you’re not logged in. The cookies have a lifespan of up to 2 years.
In this context, the servers of third-party providers (e.g. marketers) might be accessed directly when using XING. Here, the respective third-party provider may record the fact that you visited our website(s). In addition, such site visits may lead to information being sent to some of these third-party providers with the aim of optimising and measuring the performance of our advertising. This includes, for example, information about the kind of pages you visited, or encoded user attributes such as you belonging to a certain target audience we have defined (e.g. that you are a XING member). Calling third-party provider servers directly allows third-party providers to use cookies and advertising IDs for retargeting purposes. Retargeting technologies enables third-party providers to show you personalised advertising based on your previous browsing behaviour on partner websites. Third-party providers are, to some extent, able to link your various technical IDs and thus show you personalised advertising across multiple devices. Third-party providers such as Xandr or The AdEx enable us to offer advertising campaigns outside of XING so that advertisers can also promote their products and services on and outside of XING based on targeting criteria we supply to advertisers. To ensure maximum protection of your data, we use a complex hashing algorithm which encrypts your information stored in the cookie. To measure and evaluate an advertising campaign's performance, we may send the third-party provider randomly generated click IDs which enable us to assign user conversions to a certain campaign.
In addition, an advertising partner can also send us their randomly generated user ID which may be linked to a XING user ID. By linking these technical IDs, we can identify users and provide advertising partners with information such as whether a user is a registered XING user. This may also include information such as an IP address or device IDs (e.g. a combination of browser version and operating system). The aforementioned link serving to transfer information between our website and third-party providers, be it for conversion measurement or as remarketing technology, is generally provided in the form of a pixel or other similar technology.
When remarketing on third-party-provider platforms such as Google, we also create custom audiences on these third-party platforms (e.g. Google Customer Match or Facebook Custom Audiences). These custom audience features (e.g. from Meta Platforms Ireland Limited, Facebook) are designed to serve users with targeted advertising based on their interests when visiting the respective third-party platform (e.g. Facebook or some other Meta platform). In addition to cookies and technical IDs, we use hashed information such as your e-mail address or phone number along with the aforementioned encoded user attributes and other technical IDs to create custom audiences. Custom audience data is only supplied to respective third-party providers such as Meta in highly hashed form. To recognise repeat visitors to their platform, third-party providers apply the same method to hash their users' e-mail addresses and phone numbers. Better user identification means better use of targeting technologies and matching job offers for you in ads.
Third-party providers are solely responsible for operating their IT systems in line with applicable data-protection practices and law. Third-party providers are responsible for deciding how long data is stored for. If we use third-party providers, data may be processed outside of the EU in so-called third countries where the level of data protection applied may not match EU standards. This means there is a risk that authorities in third countries may be able to access third-party provider data, possibly without any means of redress, for monitoring or surveillance purposes. To ensure an appropriate level of protection, we use the EU Standard Contract Clauses (SCCs) on a regular basis.
Tracking and processing of your data as described here are based on your consent, see Section 25 (1) of the New German Telecommunications and Telemedia Data Protection Act (TTDSG) and Article 6 (1) a) of the EU General Data Protection Regulation (GDPR). Along with our protective measures, data processing in third countries is based on your consent, see Article 49 (1) of the EU General Data Protection Regulation (GDPR). You can withdraw your consent at any time.
In the following you will find further information about the tracking technologies used and information from providers about data processing.
More information is available here
More information is available here
More information in German is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information in German is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
More information is available here
The links below allow you to select your tracking settings for individual applications.
Please note that tracking opt-outs are handled by way of a cookie set on your end device. Should you delete this cookie or use a different end device or browser, you'll need to opt out of tracking again.
When using mobile apps, you need to opt out in the respective app settings.
We do not erase cookies saved on your end device if you withdraw your consent. By withdrawing your consent in the tracking settings for individual XING applications, you only opt out of tracking for the measurement and optimisation of advertising in the respective applications.
If you visit third-party sites that are not covered by these tracking settings, those third parties will still be able to access cookies saved in your end device. If you'd like to prevent this, please erase the third-party provider cookies from your end device. But please don't delete the "userConsent" cookies we set as otherwise we won't be able to determine whether you opted in or out of tracking for the measurement and optimisation of advertising in the respective XING applications. If you delete this cookie, you'll then be prompted to opt in or out of tracking for the measurement and optimisation of advertising when you next visit our application.
The process required to delete cookies and set what information your browser saves depends on the browser you use. Please refer to the help section of your browser for further details.
ID settings (e.g. ad ID) for a certain iOS or Android device are provided in your iOS or Android settings.
You will also find content produced by external providers on XING applications. This content is integrated into the XING environment you’re familiar with from external websites. When it comes to this external content we have no control over the type of tracking used.
If you’d like to prevent tracking by external providers within the XING environment, you can deactivate the integration. As soon as you begin using any of the external content you will leave the XING environment and be automatically forwarded directly to the page of the provider. Please note: This doesn’t necessarily result in less tracking – it is only means that the tracking does not take place on XING.
Opting out of tracking within the XING environment
You have the option to opt out of data collection and storage by SalesViewer in the future by clicking on this link. This will set what's known as an opt-out cookie in your browser. Please note that you'll need to click on the above link again if you delete this cookie and want to continue to opt out of data collection and storage by SalesViewer.
Some information about you that we process does not come directly from you. This might be the case, for example, if a user shares this information with us or we obtain it from other sources.
We also process data that we haven’t obtained directly from you. This occurs whenever a user provides us with information or we collect information from other sources. In such cases we process the respective data within the scope of fulfilment of our contractual obligations towards the respective user and/or to safeguard our legitimate interests, while giving due consideration to your interests.
This includes data which can be extracted from an address book or list (e.g. smartphone address book, e-mail address book or CSV file), e.g.:
We provide users with various address book and list upload features to enable them to expand their network on XING or to invite non-users. If we permanently save the data uploaded by way of an aforementioned feature, we make appropriate functions available to users to manage the data and, in particular, to delete this data. Users have the right and the option to cease the processing of personal data at any time.
Users who already have access to your data can upload this information to XING.
No third parties have access to the uploaded data.
If the respective upload feature is only used for a single user search, categorisation or grouping, the data uploaded will be deleted immediately afterwards. If the respective upload feature requires permanent storage of the uploaded data, we save this data until the respective user either deletes this data themselves or their user account is deleted.
The invited non-users can select an opt-out link in the invitation e-mail to object to the sending of further invitations or invitation reminders to their respective e-mail address.
The legal basis for this processing of personal data is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR) .
You can find out here who we disclose data to, what purpose this serves, and how you can customise your privacy settings on XING. By the way, we only ever pass your personal data on to third parties when:
We only pass your personal data on to third parties when this is required to fulfil our business purposes (i.e. in particular to perform the services we are obliged to provide you with, e.g. making your profile available to another user), when you have given your consent to this (e.g. when using an external application), or when we are obliged to on legal grounds, by court order, or at the request of another official authority. In cases where we work together with external service providers for our data processing (e.g. in software development), this is usually carried out on a commissioned processing basis, whereby we remain responsible for data processing. We review each of these service providers beforehand with regard to the measures they have undertaken to ensure data protection and data security, thereby safeguarding the contractual provisions as stipulated by law for the protection of the personal data.
Other users means any users of the comprehensive XING service and all its applications (XING, kununu, onlyfy, etc.). Other users can also include companies and their authorised users that use an application which is part of the XING service (business user). You can learn more about how visible you are to other users under “Information you provide to us” and by way of the examples of how we use your usage data to meet our contractual obligations and to render the service you use.
You can determine whether you want non-users to be able to find and access the information in your profile, e.g. via search engines. Separate privacy settings are available to you here. If you opt not to restrict these settings, the information in your profile will be visible and accessible to non-users, although this does not include any personal contact details such as e-mail addresses and phone numbers.
The standard external accessibility of profile information by non-users forms a central element of XING as a way of fostering networking between users, as many business contacts are made in the first instance when other users (or third parties) find the name of a user when conducting research in search engines.
With some features on XING another user determines whether and to what extent the data used or shared for a particular function is visible or accessible to other users and non-users, and who is authorised to read this content and add to this content. If you aren’t able to change these settings through your own privacy settings, we will inform you about the respective use of your data in the respective feature.
As a user, you can invite other people to join and use XING. We process the data recorded here solely for this purpose.
After a certain period we send out a reminder e-mail ("automatic reminder") on your behalf to the person you invited. You can prevent this automatic reminder from being sent by deleting the invitation in your settings. You also have the option of sending your own reminder e-mails manually. We save the e-mail addresses that invitations are sent to in encrypted form. This encryption is temporarily suspended to display the e-mail addresses in your account. You can delete this data in your account at any time.
Every person you invite has the option to object to invitations being sent to their e-mail address from that point onwards.
Please note that, depending on the invitation feature used, recipients may be shown the following information in the invitation you send:
We provide the XING API to selected developers and companies ("API Partners") so that they can develop and manage applications that grant users of API Partner applications access to data and content beyond XING while also allowing said users to integrate external content on XING. The aim of integrating external applications is to make XING more appealing and useful to users. API stands for Application Programming Interface, meaning that the XING API is an interface provided by us that allows API partners to integrate one or more applications on XING provided they adhere to our contractual terms.
Users wishing to use an API Partner application must grant the application access to data; an API application of an API Partner can therefore only ever access data with the express allowance of the user. Depending on the application in question, a separate declaration of consent for data processing may be required. When API Partners process XING user data, this is performed on behalf of the user that activated the application.
Every API Partner application that accesses the data and content of users requires our prior consent. XING has therefore compiled a list of criteria in order to ensure that the data of users is safe and secure.
If an application involves personal data being processed in countries outside of the European Union, we will stipulate the legal privacy provisions required in order to ensure that API Partners maintain an appropriate level of protection for personal data.
If you use features on XING that you pay for, we process your payment details such as credit card and bank details for the purpose of payment processing and invoicing in accordance with the method of payment you choose. Your payment details will be transferred, to the extent needed, along with other required data for processing the transaction, including invoicing and debt collection where applicable, to providers such as credit card institutes, payment providers and debt collection providers, and processed there, or the data will be collected directly by these providers.
Your payment details are saved to enable payment processing and invoicing for the automatic extension of your user term.
Data may be transferred to third countries. This however shall always take place in compliance with the admissibility requirements as regulated by law.
In particular, we make certain data available to other users or third parties worldwide to fulfill our contractual obligations. This does not require either an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR.
In cases where the transfer of data to a third country does not serve the fulfilment of our contractual obligations, we have not received consent from you, the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies, we shall only transfer your data to a third country when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
In general, we provide for appropriate safeguards by closing standard data protection clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
You can obtain copies of the EU standard data protection clauses on the Website of the European Commission.
Public authorities and courts
Technical service providers
Hosting providers
Ad server providers
E-mail sending providers
E-mail marketing providers
Marketing automation software providers
CRM providers
Software developers
Agencies
e.g. to carry out prize draws
Postal providers (letter shops)
Market research and survey tool providers
Remarketing/Retargeting providers
Sales service providers and call centres
Service providers for advertising campaigns and the display of ads
Providers of tools for website use analysis
Cooperation partners
You can often apply for jobs directly via XING and onlyfy by entering your contact details and uploading your documents to an application form. We then send your application to the company that posted the job ad. If you're logged in to XING, we'll also send your XING profile as a link and PDF overview. Companies you apply to via XING receive your application via the e-mail address used in the job ad or via the company's applicant tracking system. If you give your consent to use the "Leverage your application" feature, you allow us to make your application details and documents available to other companies we think may have a matching vacancy for you.
Certain XING features use partner technologies from Google, e.g. to generate previews when users post YouTube videos on the platform.
Information about this is available on https://policies.google.com/technologies/partner-sites and in Google's Privacy Policy: https://policies.google.com/privacy
Acting as a service provider for commissioned data processing
You can find detailed information here about your various rights:
You have legal rights available to you with regard to data access, rectification, erasure, restriction of processing and objection to processing, as well as the right to data portability, amongst others. In addition, you can withdraw any consent you may have given to data processing at any time, and have the right to lodge a complaint with a supervisory authority.
You have the right to object at any time to the processing of personal data concerning you, pursuant to Article 6 (1) f) of the EU GDPR. This shall also apply to any profiling carried out on the basis of these provisions. Please use our contact form to submit any objection.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This includes profiling to the extent that it is related to such direct marketing. You can unsubscribe to our newsletters at any time in your notifications settings on XING, or in your e-mails by clicking on the link provided at the end of the respective newsletter, without incurring any costs other than the transmission costs in accordance with the basic tariffs. In some applications there are different ways of unsubscribing to a newsletter or notifications. In the XING ReferralManager you can deactivate the option to receive the newsletter by going to your profile settings in the XING ReferralManager.
You have the right to demand confirmation as to whether we process your personal data. If this is the case you are entitled to receive information about this personal data.
As a user of the social network you can request this information at https://www.xing.com/settings/privacy/data/disclosure.
As a kununu, kununu Research Community, HalloFreelancer, onlyfy TalentService, XING Exchange, or applications via XING user you can also easily access the data we have saved about you there. Simply send an e-mail request:
Use the following link to request the data we saved about you in this application: kununu data disclosure report. Please e-mail support@kununu.com if you don't have a kununu account.
Use the following e-mail address to request the data we saved about you in the kununu Research Community: research@kununu.com
Use the following e-mail address to request the data we saved about you in this application: HalloFreelancer data disclosure report
Use the following e-mail address to request the data we saved about you in onlyfy TalentService: gdpr_xts@xing.com
Use the following e-mail address to request the data we saved about you in this application: xing-exchange@xing.com
Use the following e-mail address to request the data we saved about your applications via XING: xing-exchange@xing.com
You also have a right to access the following information:
If personal data is passed on to a third country or an international organisation, you have the right as the person affected to be informed about the respective guarantees (pursuant to Article 46 of the EU GDPR) regarding this sharing of data.
You have the right to demand that we correct any incorrect personal data concerning you with immediate effect. Taking the purposes of processing into account, you have the right to demand the completion of any incomplete personal data – including by means of a supplementary explanation.
You are entitled to demand that we delete your personal data without delay if one of the following applies: The personal data is no longer required for the purposes for which it was collected or processed in some other way. You withdraw your consent that the processing was based on pursuant to Article 6 (1) a) or Article 9 (2) a) of the EU GDPR , and there are now no valid legal grounds for processing. You submit an objection to the processing of your data pursuant to Article 21 (1) of the EU GDPR and there are no overriding justifiable grounds for the processing, or you submit an objection to the processing of your data pursuant to Article 21 (2) of the EU GDPR . The personal data was processed unlawfully. The deletion of the personal data is required to fulfil a legal obligation in accordance with EU law or the law of individual member states. The personal data was recorded in relation to the offer of information society services directly to a child, pursuant to Article 8 (1) of the EU GDPR. Once you have made your request we are obliged to delete the data with immediate effect. The lawfulness of the data processing for the period between the consent and the withdrawal of this consent shall remain unaffected.
You are entitled to demand a restriction to the processing of your personal data in cases where you dispute the correctness of the personal data, for a period of time that allows the controller to review the correctness of that personal data. If the processing is unlawful and you reject the erasure of the personal data in favour of demanding a restriction to the use of the personal data we will fulfil this request. Processing will also be restricted if we no longer require your personal data for the purposes of processing but do require it for the establishment, exercise or defence of legal claims. Or if you have objected to processing pursuant to Article 21 (1) of the EU GDPR, for as long as is not yet ascertained whether the justifiable grounds of the controller outweigh your grounds. We will inform you in advance should the restriction be revoked.
You have the right to receive personal data concerning you that you have made available to us in a structured, conventional and machine-readable format, and you also have the right to transfer this data to another controller without being impeded by us to whom the personal data has been made available. The condition is that a) processing is based on consent pursuant to Article 6 (1) a) of the EU GDPR or Article 9 (2) a) of the EU GDPR or on a contract pursuant to Article 6 (1) b) of the EU GDPR, and b) the processing is conducted with the help of automated processes. When exercising your right to data portability you have the right to demand that the personal data is transferred directly from us to another controlling body, provided this is technically viable.
If processing is subject to your consent you have the right to withdraw this consent at any time. This shall not affect the lawfulness of any processing that took place with your consent up until its withdrawal.
The supervisory authority responsible for our company is: Freie und Hansestadt Hamburg The Hamburg Commissioner for Data Protection and Freedom of Information, 7th floor, Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany Tel.: +49 40 / 428 54 – 4040, Fax: +49 40 / 428 54 – 4000, further details are available by visiting https://datenschutz-hamburg.de (in German)
If you feel that the processing of your personal data infringes upon the EU GDPR, you have the right to lodge a complaint with the supervisory authority in your regular place of residence, your place of work, or alleged place of infringement. Further information about the complaints procedure is available in Article 77 of the EU GDPR.
XING: The service XING and the applications belonging to the service XING (XING, kununu, onlyfy, etc.).
XING Websites: All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.
EU GDPR: The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.
Personal data: Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Social network: The professional social network and jobs network belonging to the applications of the service XING.
Profile: The page on the XING websites where the personal data made available by the user is displayed in the social network.
Cookies: Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.
Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone, etc.). Pixels are usually used in conjunction with cookies.
Profiling: Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Newsletter: Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.
Third country: A country outside of the European Union.
Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.
A country outside of the European Union.
The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.
Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.
Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone). Pixels are usually used in conjunction with cookies.
The page on the XING Websites where the personal data made available by the user is displayed in the social network.
Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or move-ments.
The contact and communication forums belonging to the applications of the service XING.
The service XING and the applications belonging to the service XING (XING, kununu, onlyfy. etc.).
All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.