Privacy Policy (printable version)

General information

How is your personal data processed?

What rights can you exercise?

Terms used in our Privacy Policy

General information

  • Last updated: 3 September 2018
  • This Privacy Policy shall apply to the entire service XING and its applications.
  • XING SE is the body responsible for the processing of personal data.
  • Our Data Protection Officer is Felix Lasse.

Scope of this Privacy Policy

XING is a service intended through a variety of different applications to improve and simplify users' professional lives. The combination of these applications gives users the best possible user experience and the widest range of functionality. With the boundaries between our professional and private lives becoming ever more intertwined, and correlations occurring between the two, XING is focused not only on a professional context but also includes applications in a private context. XING is particularly interested in opening up new capabilities for users (primarily in a professional context, but also in their private lives), making it easier for them to form horizontal networks, democratising information, fostering the exchange of information, and supporting lifelong learning. In order to fulfil these aims, XING makes offers, recommendations and services available to its users, often on the basis of data it has collected, and encourages interaction – both within and beyond a user’s network. The applications that make up the service XING include, in particular, the social network where users can acquire a membership, an "events platform" and an "employer rating platform". Some of the XING applications may appear online under another brand name or in the form of other XING Websites (e.g. kununu).

This Privacy Policy shall apply to the entire service XING (including all applications). Additional Privacy Policies apply to the following applications, which you can access on the respective websites of the applications:

Responsible body

We, XING SE, assume the role of controller as per the EU General Data Protection Regulation (GDPR). In other words, we are the legal entity that shall determine the purposes and means of the processing of personal data . Our contact details are as follows: Dammtorstrasse 30, 20354 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-mail: info@xing.com.

Data Protection Officer

Our Data Protection Officer is Felix Lasse, Dammtorstrasse 30, 20354 Hamburg, Germany, E-mail: Datenschutzbeauftragter@xing.com.

Processing for another purpose

The purposes for which we process your personal data are outlined in the section 1. General statement about the purposes of data processing. We will inform you once again should we process your personal data for any other purpose, i.e. for a purpose other than the one the personal data was originally saved for.

Duty to provide and necessity of personal data for contract closure

You are not legally required to make your personal data available. Nevertheless, in order to close a user contract you must provide information such as your name and e-mail address. Without this information we are not able to enter into such a contract with you. Within the scope of the user contract, we are contractually obliged to keep the data provided in its precise and complete form for all applications used by you and for the entire duration of the contractual term. During the initial process of data entry we inform you if the provision of personal data is necessary for a particular feature or application ("mandatory field"). Where data is required, any failure to provide this information will result in the respective feature or application not being accessible to you the user. In the case of optional data, not making this information available may mean that our services cannot be provided in the same form or scope.

How is your personal data processed?

1. General statement about the purposes of data processing

The main reason we process personal data is to fulfil our contractual obligations towards our users. The processing of data is required, for example, for us to be able to suggest suitable contacts, services and information to you.

Operating a service like XING is subject to dynamic change by its very nature. It is not therefore possible to share every single detail about our data processing with you, but we do intend to inform you of all the key information. We process data first and foremost in order to fulfill our contractual obligations towards our users. In addition to this, we process your data to preserve our justifiable interests while taking your interests into account (e.g. when we send you promotional newsletters). And, of course, in some cases we are legally obliged to process data (e.g. to pass the data on to any investigative authorities). In all other cases we will ask for your separate consent to process your data (e.g. when you enter a prize draw). When it comes to fulfilling our contractual obligations towards our users, we try to tailor our products and services to the needs of users at all times. Personalisation is important here. Interest and usage profiles are created. In order to be able to show you recommendations, e.g. for jobs, events, groups or contacts, and to suggest you as a valuable business contact or potential employee, we must have an idea of what your interests might be. In order to ascertain these interests we use information that you provide to us, in addition to implicit feedback, i.e. information that we automatically obtain through your usage of our service (by means of so-called "tracking"), as well as information that we may possibly receive indirectly (e.g. through a user's address book upload).

2. Information you provide to us

This refers to data we obtain from you directly and information you publish and send on XING Websites such as:

  • Login details (e.g. username and password)
  • Profile information (e.g. job title, company name, industry, educational background, contact options, photo)
  • Messages, group posts, event participation, billing details

This includes data that we have obtained from you directly and information that you publish or send on XING Websites. There are both mandatory entry fields (which as marked as such) and optional information you can provide.

Login details

When you register to be able to use XING applications we have to record and process certain personal data as your login data.

Category

e.g.

  • Username
  • E-mail address to log in
  • Mobile number to log in
  • Password

Visibility

Your login data is not visible to third parties. We will not ever pass this information on to third parties under any circumstances.

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Mandatory information in the social network

You have to fill in certain mandatory fields when you register. This information is essential for a functioning professional network.

Category

e.g.

  • Title, first name and last name
  • Job title and company name
  • Industry
  • Place: City and country

Visibility

social network

  • First name, last name
  • Job title and company name
  • Industry
  • Place: City and country

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Optional information in the social network

As well as the mandatory information we require, you can also enter additional information to make it easier for users to get to know you better and, for example, identify and select you as a suitable business contact.

Category

e.g.

  • Business e-mail address and phone number
  • Private interests
  • Private contact
  • Educational background
  • Photo
  • Portfolio

Visibility

social network

Privacy

You can retract most optional information at any time for the future by deleting the respective data in your profile.
With your contact details and date of birth, you can decide on a case-by-case basis whether and to what extent this information should be visible for a particular user in the social network.

Period saved for

If you delete the data, it will be removed from the social network. We will erase the data in full when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Mandatory information in other applications

In order to provide our services we require certain information from you. On our employer review platform we only need your e-mail address. On our events platform more detailed information is required in order to process and bill your participation in events.

Category

e.g.

  • First name, last name
  • E-mail address

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Optional information in other applications

As well as the mandatory information we require, you can also enter additional information to make as effective use as possible of the respective application.

Category

e.g.

  • Employer reviews

Period saved for

If you delete the data, it will be removed from the respective application. We will erase the data in full when you delete your user account. We may also save certain information (e.g. employer reviews) in an anonymous form beyond this point.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

E-mail address(es)

We use the electronic mail address(es) that you have provided to us to send you regular newsletters and/or status e-mails electronically, in addition to advertising for our own related products and services, or surveys for the purpose of our own market research, unless you have objected to this form of usage. The newsletters are a simple and effective way of finding out about new features on XING, for example, having interesting contacts suggested to you, or receiving certain personal statistics. We also use the e-mail addresses you provided us with (with the exception of the login e-mail address) to ensure that your profile can be found by other users of the social network and to be able to display your profile to these users.

Privacy

You can unsubscribe to newsletters at any time, either in your notification settings in the social network or by clicking on the link provided at the end of e-mail newsletters. It’s possible to unsubscribe to newsletters and notifications in individual applications too, although there are different ways of going about this.

Period saved for

If you delete the e-mail address(es), it/they will be removed from the respective application. We will erase the e-mail address(es) in full when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) f) (newsletters) of the EU General Data Protection Regulation (GDPR).

Your contacts in the social network

Those users in the social network who you ask to join your personal network will be saved on your profile in a list of contacts. If a user in the social network confirms your contact request, they become a so-called "confirmed contact" for you. Another way of connecting with users is the more non-committal "Follow" option. The user in the social network who you want to follow does not have to confirm your request.

Visibility

Other users in the social network can only ever see your confirmed contacts.

Privacy

Your default privacy settings mean that the list of your confirmed contacts is visible to all users in the social network. You can alter this setting at any time so that your list of confirmed contacts is hidden from everyone or is only visible to certain groups of users, e.g. only to contacts of your confirmed contacts (second degree contacts).

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Private messages on the social network

You can send and receive private messages with other users in the social network. As well as text, content you can send to other users includes images and your exact location.

Visibility

Private messages can never be accessed by anyone other than those individuals who send or receive them.

Privacy

The default settings for messages is that all other users in the social network may send you messages. You can adjust these settings at any time so that either nobody can send you private messages or only users up to a certain degree of separation to you, e.g. only contacts of your confirmed contacts (second degree contacts).

Period saved for

We save this data until your user account is deleted. The recipients of your messages will not however have these conversations erased when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Your shared content and reactions on the social network

In the social network there are various ways of sharing content with others and reacting to content.

Category

e.g.

  • Shared posts and links to the start page
  • Posts in groups
  • Recommendations
  • Comments
  • Likes
  • Consents

Visibility

Generally speaking, the content and reactions you share in the social network are visible to all users in the social network.
Any comments you make in XING Klartext articles and any content you post in groups marked as "public" are subject to a greater degree of visibility. This information can also be accessed outside of the social network for non-users and can be found in online search engines.
For individual features the level of visibility may be more restricted (e.g. only visible to contacts). In such cases you will be informed about visibility when using the respective feature. Please be aware that even if you restrict visibility, the content and reactions that you share may become visible beyond your own network if your contacts choose to share this information with other users.

Privacy

You can deactivate the traceability of your posts in groups marked as "public" by Internet search engines or by so-called RSS readers in your privacy settings under "Privacy".

Period saved for

If you delete the content you shared and the reactions, they will be removed from the social network. We will erase them in full or make them anonymous when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Billing details

If you use XING applications that you pay for, we will collect and use your billing details to process payments and invoices in accordance with the method of payment you choose. Your billing details are saved for payment and invoice processing when your user term is automatically renewed.

Category

e.g.

  • Bank details

Visibility

Billing details cannot be seen by other users under any circumstances.

Period saved for

We save this data until your user account is deleted or beyond this point, until a time when the data is no longer subject to any tax-related, commercial or other statutory storage obligations.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Events data

As a user it is possible to create events and other similar services on XING Websites. You can invite other users and/or third parties to certain events.

Visibility

The event host can determine whether or not, or which data about an event is visible for users and/or third parties. This might include information detailing whether the event is open to users only or the general public and therefore third parties, whether the number of participants is limited, and whether the guest list is publicly accessible or restricted.

Period saved for

We save this data until the event has been deleted.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Data when providing user feedback

If you provide us with feedback of your own volition or when taking part in one of our surveys, we will process your data in order to conduct the survey, or to evaluate and, where applicable, implement your feedback.
In some cases we may ask for separate consent from you to process your data provided as part of a survey.

Period saved for

We save this data until your user account is deleted, unless you have provided consent to it being processed beyond this point.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) a) (separate consent) and b) of the EU General Data Protection Regulation (GDPR).

3. Information we automatically obtain through your use of XING

Data about you is automatically collated by means of tracking while you visit or make use of the XING service. Here you can find out:

  • How tracking works
  • Why we make use of tracking (ensuring security, provision of our service, measurement and optimisation of advertising, and determination of statistics).

Data about you is automatically collated by means of tracking whenever you visit or make use of the XING service. This takes place with the help of various tracking technologies.

How does tracking work?

In the so-called "back end", at our web server level, we collect the data of users and third parties, which we use first and foremost for the provision and preservation of the security of the service XING. In the "front end", on your end device, we use cookies, pixels and similar tracking technologies to collect data about users and third parties to enable the provision of our service and the analysis of user behaviour, for the measurement and optimisation of advertising, and for statistical purposes. In addition, we record e.g. whether and when you have opened an e-mail (if your e-mail program permits HTML). Tracking involves the processing of login data (e.g. date and time of the visit, referrer, IP address, cookie ID, location data, product and version information about the browser or app used, device ID or data) and interaction data (e.g. pages viewed or searches carried out). 
When we measure user behaviour for the provision and improvement of our product experience the data is linked during the analysis with your user ID. In all other cases tracking is carried out without any linking to the user ID – for example, to measure the success of advertising campaigns or for statistical purposes. In order to be able to identify you as a user during your visit to XING, we use so-called session cookies. These session cookies are automatically deleted at the end of a session. These cookies are required to be able to use XING. When you register you can choose to remain logged in. If you do, a cookie is then saved in the browser of your end device that means that you don’t need to log in again for as long as the cookie remains saved. We also conduct a very approximate geo-localisation that informs us of the towns/cities you have been to. In order to do this we use your shorted and anonymised IP address, and your geo-coordinates if you have agreed to this on your mobile end device. We do not save your precise location. We only store information about which cities you are in on a regular basis. Specific addresses or geo-coordinates are not saved.

The purposes of tracking and your opt-out options

Ensuring security

One reason for tracking is to ensure and preserve the legitimate interest of the protection of users, the security of user data, XING Websites, and the XING service. To this end, we save the data we record for up to 90 days in its full form. Only a limited number of our employees with the respective authorisation rights have access to this data. The legal basis for this processing of personal data is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR).

Provision of our service

The tracking and analysis of user behaviour helps us to review and optimise the effectiveness of our service, and to correct any errors and faults. We endeavour at all times to adapt our products and services to the needs of our users. Personalisation is an important aspect here. Analysing data obtained from tracking is necessary to make personalised services available to you in accordance with the contractual purpose of XING and to ensure that you gain the great possible benefit from XING The implicit feedback that you provide to us through our tracking of your usage of XING forms an important part of understanding what content you are more or less interested in, and being able to suggest you to other users as a valuable business contact or potential employee. This implicit feedback is enormously important as the information you provide to us is reflective of the past and the present for the most part, and says little about what interests you have with regard to the future. Interest profiles produced, for example, with the help of click data or searches you have conducted often form a better basis for estimating whether you, for example, are interested in finding a new job and what type of job openings you might be particularly interested in. When you delete your user account we delete or anonymise the personal data we have obtained through tracking in order to provide our service.

Examples

Clickpath

One important feature to result from our analyses is, for example, the provision of the "Clickpath". This is an essential part of contact management and as such an essential feature of XING. Clickpath is a function of the service XING which registers access to users’ profiles by other users, as well as to event pages, Business Pages, Employer Branding Profiles, job ads, or access to specific information contained therein. The information registered by Clickpath is only available to Premium members, users who post job ads, operators of Business Pages and Employer Branding Profiles, and organisers who have booked the Event Plus option for their events. By using Clickpath you can see, as a Premium member, e.g. which other users have visited your profile. By the same token, all other Premium members can do the same, i.e. they may see whether you have visited their profile, event page, Business Page, Employer Branding Profile or job ad. You are not able to deactivate this feature in your privacy settings. If you do not agree that other users may see that you have visited their profile, Business Page, etc., you should refrain from using the service XING.

Recommendations

Another important feature resulting from our analyses are recommendations that we tailor to you personally on the basis of your user data. We can, for example, recommend job offers, relevant news, events or interesting contacts to you.

Personal statistics

In order to be able to identify you as a valuable business contact or potential employee, we may show other users information about your personal XING usage. This might include your level of user activity, the number of things you have in common with a respective profile visitor, events you have attended, the number times you have visited a user’s profile, how long you have been a member and what kind of membership you have.

Third-party tracking tools used and your opt-out options.

Adobe Digital Analytics

We use the tracking tool Adobe Digital Analytics. Whenever you are logged in as a user on XING your data is matched with your user ID during the tracking process. If you are not logged in as a user, tracking is pseudonymous, i.e. we are not able to directly deduce information regarding your identity from information we obtain from tracking. The cookies used for the web analysis contain an ID which allows us to identify your end device’s browser. We have closed a data processing agreement with the provider and your IP addresses are anonymised immediately after collection and personal data is processed within the European Union.

You can opt out of tracking by Adobe Digital Analytics at any time, simply by clicking on the following link and opting to exclude yourself from visitor session aggregation and analysis: https://nats.xing.com/optout.html?locale=en_US

Please note that this opt-out option installs a cookie on the end device you’re using when you click on the link. You therefore might not be excluded from tracking if you then delete the cookie in question. When using mobile apps, you need to opt out in the respective app settings.

Google Analytics

We use the web analysis tool Google Analytics, developed by Google Inc. ("Google"). Google Analytics uses so-called "cookies": text files that are saved on your computer and enable the analysis of your usage of a website. The information generated by the cookie about your use of this website (including your IP address) is transferred to a server of Google in the USA and saved there. We use the so-called "_anonymizeIp()" script here, which ensures that your IP address (after identifying the geolocation) is immediately anonymised by Google. We have also closed a data processing agreement with Google. Google will use this information to evaluate your use of the website, to compile reports about website activity for website operators, and to provide other services relating to website and online usage. Google may also pass this information on to third parties if this is required by law or if these third parties process the data on behalf of Google. Google will not link your IP address to any other data about you it has stored.

You can prevent the installation of cookies by adjusting the settings in your browser software accordingly; please note though that you may not be able to use all the features of the XING Websites in full as a result. Google also offers so-called deactivation tools for some web browsers, where you can opt out of your user behaviour being recorded and analysed. You will find more information and download options for these tools here: http://tools.google.com/dlpage/gaoptout?hl=en-GB

Overheat Heatmaps

In order to make our websites more user-friendly, we use a system that records the activities of individual site visitors selected at random. When recording such activities, any and all personal references are removed so that we are unable to link users to the collected data. The recorded activities are mouse movements and clicks, while information about the operating system, browser, screen resolution and device type are also collected for statistical purposes.

You can opt out of this form of web analysis by clicking on the following link: http://overheat.de/opt-out.html

Braze

We use the 'Braze' service to collect your usage of some parts of the platform to be able to serve you personal tips and information.

You can enable or deactivate this data collection. We recommend you enable it so we can provide you with useful tips and information (e.g. about updates to the features you use, or current billing information).

  • Opt in to data collection with Braze
    Please note that opting out of cookies is device-specific. This means that if you delete your cookie or use a different computer or web browser, you will need to opt out again. When using mobile apps, you can opt out in the app settings.

Wingify/VWO

We use a tool called VWO to run A/B tests. You can opt out of this kind of web analysis here

Measurement and optimisation of advertising

Tracking helps us to obtain metrics for the success of advertising campaigns and to optimise the way that online ads are displayed. Your user ID is not associated with the data collated here in any way.
When it comes to the display of ads, the servers of third-party providers (e.g. marketers) might be accessed directly when using XING. Third-party providers are responsible themselves for ensuring that the operation of the IT systems they use meets the required data protection provisions. Determination of the period of time that data is stored for is incumbent upon the provider.

You can opt out of tracking for the measurement and optimisation of advertising by third-party providers. In the following you will find further information about the tracking technologies used and information from providers about data processing.

Opting out of tracking for the measurement and optimisation of advertising in our applications

Below you can opt out of tracking for the measurement and optimisation of advertising. In some cases we use technologies that you can only opt out of directly on your end device.

  • Opt in to tracking on XING
    As a non-member these changes only apply in the browser you're currently using.
  • Opt in to tracking on XING events
    Your changes only apply in the browser you're currently using.
  • Opt in to tracking on kununu
    Your changes only apply in the browser you're currently using.

Opting out applies to the following tracking technologies:

Google
More information is available here

Bing
More information is available here

Criteo
More information is available here

LinkedIn
More information is available here

Facebook Pixel

We use the so-called "Facebook Pixel" developed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA to create "custom audiences". This serves the purpose of optimising our advertising in the social network Facebook, of placing only relevant advertising there, and measuring the success of our Facebook advertising campaigns. The Facebook Pixel makes it possible for Facebook to identify visitors to the XING Websites as a target group for the display of ads in the social network Facebook.

A direct link to the Facebook servers is established via the Facebook Pixel implemented on the XING Websites when a user visits the XING Websites. The Facebook server is informed here that you have visited the XING Websites, and information is also transferred about which specific pages you viewed. In addition, individual information and parameters are transferred that are required for the optimisation of our ads, to increase relevance and measure success. This relates in particular to information about so-called "conversion events" on XING (e.g. whether a registration or a purchase was completed).

Further information about the collection and usage of data by Facebook and about your corresponding right and options for protecting your privacy can be found in the Facebook Data Policy at https://www.facebook.com/about/privacy/.

Twitter

We use Twitter, a service provided by Twitter Inc., to track conversion and to post target-group-based online advertisements. To do so, we implemented a Twitter tag on our website. When you visit our websites, this tag creates a direct link to the Twitter servers so that Twitter knows you visited our websites and whether you performed any requests or similar. Twitter assigns this information to your personal Twitter user account. We are then able to serve (remarketing) advertisements based on your previous page views and activity. The data Twitter processes in this regard does not allow us to identify you. These pseudonyms are also not linked to any of your other personal data. To learn about your rights and privacy options, and for more information about how Twitter collects and uses data, visit the Twitter Privacy Policy: https://twitter.com/privacy?lang=de

Ad-defend

More information is available here

Performance Media

More information is available here

Adjust

More information about: https://www.adjust.com/

Adition

More information is available here

You can only opt out of the following tracking technologies directly on your end device:

Advertising Identifier/ Advertising ID

In order to track installs of apps on XING we use what is known as an Advertising Identifier (IDFA, on iOS) or an Advertising ID (on Android). These are unique, non-personalised and non-permanent identification numbers which iOS and Android assign to a certain end device. We use information about the number of installs to provide recommended app providers with an indication of how effective the recommendations are. No personal data is displayed when doing so, only the number of installs.

We are unable to create a link to apps promoted on XING and any installations of these apps if you select the no ad tracking option in the iOS settings (Settings - Privacy - Advertising) or in the Android settings (Settings - Google - Ads - Opt out of Ads Personalisation). You can delete the Advertising Identifier (IDFA) at any time in your device settings (reset ad ID). A new identification number will then be generated that is not linked to previously collected data.

Determination of statistics

The objective of audience measurement is to statistically determine the intensity of use, the number of users of a particular website, and their surfing behaviour based on a standardised process in order to obtain values that can be compared on a market level. The respective provider is responsible for determining how long data is saved for this purpose.

Tracking technologies used:

INFOnline, AGOF, IVW

We use the measurement system (SZMng) developed by INFOnline GmbH (https://www.infonline.de) gather statistics about the use of our websites. The objective of audience measurement is to statistically determine the frequency and intensity of use, the number of users on our websites, and their surfing behaviour based on a standardised process in order to obtain values that can be compared on a market level.

All digital offerings, the operators of which are members of the German Audit Bureau of Circulation (IVW) or which participate in studies organised by Working Group for Online Media Research (AGOF) will have their audience usage statistics processed and published by AGOF and the Arbeitsgemeinschaft Media-Analyse e.V. together with the number of unique users, and also processed and published by the IVW together with the number of page impressions and visits. These reach figures and statistics are provided on the respective websites.

Legal basis for processing

Measurements using the SZMnG measurement system provided by INFOnline GmbH are performed with a legitimate interest as defined in Article 6(1)(f) of the EU GDPR.

Processing personal data serves the purpose of generating statistics and creating user categories. We use statistics to gain an understanding of how our products are used. User categories form the basis of serving advertisements in line with personal interests. Usage measurements, which enable us to compare ourselves with our competitors, are essential to marketing our websites and applications. Our legitimate interest arises from the economic value of the insights gleaned from the statistics and user categories, as well as the market value of our websites and applications - also when compared directly with third-party websites and applications - determined using statistics.

We also have a legitimate interest in providing the pseudonymised data from INFOnline, AGOF and IVW for market research (AGOF, agma) and statistical (IVW, INFOnline) purposes. In addition, we have a legitimate interest in providing the pseudonymised data from INFOnline to develop and provide advertisements based on personal interests.

Data type

INFOnline GmbH collects the following data deemed personal according to the EU GDPR:

  • IP address: Any device that accesses the Internet requires a unique address known as an IP address. Due to the nature of how the Internet works, we need to temporarily save your IP address. Your IP addresses are always truncated prior to processing and only ever forwarded in anonymised form. IP addresses are never saved or processed in their full form.
  • A randomly generated client identifier: To recognise computer systems, the audience measurement process either sets an 'ioam.de' cookie, a local storage object, or a signature created from various items of information automatically transferred by your browser. This identifier is unique to a browser as long as the cookie or local storage object is not deleted. Data measurement and subsequent assignment to the respective client identifier may therefore also be possible if you visit other websites that also use the SZMnG measurement system provided by INFOnline GmbH. Cookies are valid for a maximum of one (1) year.
  • A device identifier: To recognise devices, the audience measurement process uses the end device's IDs or a signature created from various items of information automatically transferred by your device. Data measurement and subsequent assignment to the respective identifier may therefore also be possible if you open other applications that also use the SZMnG measurement system provided by INFOnline GmbH. The following unique device identifiers may be sent as a hash to INFOnline GmbH:
    • Advertising identifier
    • Installation ID
    • Android ID
    • Vendor ID

Data usage

We use the measurement system provided by INFOnline GmbH on our websites and in our applications to collect usage data, including page impressions, visits and clients along with other statistics such as qualified clients. The data collected is used as follows:

  • So-called geolocalisation, which involves assigning a website visit to the place where it was visited, only takes place using an anonymised IP address and is only narrowed down to a regional level. The geographical information generated does not enable us to determine a user's exact location or place of residence.
  • The website and application usage data of a technical client (e.g. device browser) is collected and saved in a single database. This information is used to estimate the age and gender of users and is sent to AGOF service providers for audience measurement purposes. When conducting an AGOF study, random samples are used to estimate sociographics in the following categories: Age, gender, nationality, occupation, marital status, general household information, household income, place of residence, Internet usage, online interests, usage location, user type.

Scorecard Research

We have implemented the Scorecard Research service on our websites. This service collects data pertaining to browsing behaviour on the websites of companies that registered with ComScore, a company that produces market research studies and reports for economic sectors. You can find out more about data processing here.

You have the option to object to this kind of data collection and opt out of further data collection by clicking on the following link: http://www.scorecardresearch.com/OptOutTag.aspx
This will set what's known as an opt-out cookie in your browser. Please note that Scorecard Research will be used again if this opt-out cookie is deleted.

Data storage period

INFOnline GmbH does not save your full IP address. Instead, it saves a truncated IP address for up to 60 days. Usage data linked to a unique identifier is saved for a maximum of 6 months.

Data transfer

Your IP address and abridged IP address are not transferred or passed on. Data with client identifiers are passed on to the following AGOF service providers in order to create the AGOF study:

Right to object

If you would prefer not to take part in measurements performed on our websites, you can opt out via the following link: https://optout.ioam.de (in German). A cookie will then be set to ensure from a technical perspective that you are no longer being measured. Should you delete your browser's cookies, you will need to repeat the opt-out process via the above link to ensure you are again not being measured. When using mobile apps, you need to opt out in the respective app settings.

More information

More information about privacy regarding the measurement system is provided on the website of the operator (INFOnline GmbH), AGOF's privacy website (in German), and IVW's privacy website (in German).

Tracking of content and your opt-out options

Tracking in embedded third-party content

You will also find content produced by external providers on XING applications. This content is integrated into the XING environment you’re familiar with from external websites. When it comes to this external content we have no control over the type of tracking used.

Opting out of tracking within the XING environment

If you’d like to prevent tracking by external providers within the XING environment, you can deactivate the integration. As soon as you begin using any of the external content you will leave the XING environment and be automatically forwarded directly to the page of the provider. Please note: This doesn’t necessarily result in less tracking – it is only means that the tracking does not take place on XING.

  • Opt in to tracking on XING
    Your changes only apply in the browser you're currently using.

4. Information we obtain about you from other sources

Some information about you that we process does not come directly from you. This might be the case, for example, if a user shares this information with us or we obtain it from other sources.

We also process data that we haven’t obtained directly from you. This occurs whenever a user provides us with information or we collect information from other sources. In such cases we process the respective data within the scope of fulfilment of our contractual obligations towards the respective user and/or to safeguard our legitimate interests, while giving due consideration to your interests.

Data from address book uploads

This includes the following data, which can be extracted from another person’s vCard:

  • First and last name
  • E-mail addresses
  • Phone numbers
  • Job title and company name
  • Place: City and country
  • Twitter and Facebook handles

Intended purpose

We make it possible for users to expand their network on XINGand invite non-users.
When a user makes use of this feature, personal data is processed on their behalf and under their responsibility. XING makes appropriate functions available to users to manage the data processed on their behalf and in particular to delete this data. Users have the right and the option to cease the processing of personal data on their behalf at any time.

Source of the data

Users who want to expand their personal network and already have access to your data can upload this information to XING.

Visibility

No third parties have access to the uploaded data.

Period saved for and objection

We save this data until the respective user either deletes this data themselves or their user account is deleted.
The invited non-users can select an opt-out link in the invitation e-mail to object to the sending of further invitations or invitation reminders to their respective e-mail address.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR) .

5. Who may receive information about you?

You can find out here who we disclose data to, what purpose this serves, and how you can customise your privacy settings on XING. By the way, we only ever pass your personal data on to third parties when:

  • This is required for us to fulfil our business purposes, e.g. when we make your profile accessible to another user
  • You have granted your consent (e.g. for use of an external application)
  • We are obliged to do so on legal grounds, by court order, or at the request of another official authority.

We only pass your personal data on to third parties when this is required to fulfil our business purposes (i.e. in particular to perform the services we are obliged to provide you with, e.g. making your profile available to another user), when you have given your consent to this (e.g. when using an external application), or when we are obliged to on legal grounds, by court order, or at the request of another official authority.
In cases where we work together with external service providers for our data processing (e.g. in software development), this is usually carried out on an order processing basis, whereby we remain responsible for data processing. We review each of these service providers beforehand with regard to the measures they have undertaken to ensure data protection and data security, thereby safeguarding the contractual provisions as stipulated by law for the protection of the personal data.

Users of the social network

You can learn more about how visible you are to other users under “Information you provide to us”.

Non-users of the social network

You can determine whether you want non-users of the social network to be able to find and access the information in your profile, e.g. via search engines. Separate privacy settings are available to you here. If you opt not to restrict these settings, the information in your profile will be visible and accessible to non-users of the social network, although this does not include any personal contact details such as e-mail addresses and phone numbers.
The standard external accessibility of profile information forms a central element of XING as a way of fostering networking between users, as many business contacts are made in the first instance when other users (or third parties) find the name of a user when conducting research in search engines.
With some features on XING (e.g. with posts in groups on guest lists) another user determines whether and to what extent the data used or shared for a particular function is visible or accessible to other users and non-users, and who is authorised to read this content and add to this content. If you aren’t able to change these settings through your own privacy settings we will inform you about the respective use of your data in the respective feature.

People you want to invite to your network

As a user, you can invite other people to join and use XING. We process the data recorded here solely for the expansion of your network and not for any other purposes.
After a certain period we send out a reminder e-mail ("automatic reminder") on your behalf to the person you invited. You can prevent this automatic reminder from being sent by deleting the invitation in your settings. You also have the option of sending your own reminder e-mails manually. We save the e-mail addresses that invitations are sent to in encrypted form. This encryption is temporarily suspended to display the e-mail addresses in your account. You can delete this data in your account at any time.
Every person you invite has the option to object to invitations being sent to their e-mail address from that point onwards.
Please note that recipients are shown the following information in the invitation you send:

  • Your name
  • Your company
  • Your position
  • Your e-mail address
  • Your photo
  • Your user status

Selected developers and companies ("API Partners")

We provide the XING API to selected developers and companies ("API Partners") so that they can develop and manage applications that grant users of API Partner applications access to data and content beyond XING while also allowing said users to integrate external content on XING. The aim of integrating external applications is to make XING more appealing and useful to users. API stands for Application Programming Interface, meaning that the XING API is an interface provided by us that allows API partners to integrate one or more applications on XING provided they adhere to our contractual terms.
XING users wishing to use an API Partner application must grant the application access to data; an API application of an API Partner can therefore only ever access data with the express allowance of the XING user. Depending on the application in question, a separate declaration of consent for data processing may be required. When API Partners process XING user data, this is performed on behalf of the XING user that activated the application.
Every API Partner application that accesses the data and content of users requires our prior consent. XING has therefore compiled a list of criteria in order to ensure that the data of XING users is safe and secure.
If an application involves personal data being processed in countries outside of the European Union, we will stipulate the legal privacy provisions required in order to ensure that API Partners maintain an appropriate level of protection for personal data.

Payment service providers, receivables management providers, debt collection providers, XING S.à r.l.

If you use features on XING that you pay for, we process your payment details such as credit card and bank details for the purpose of payment processing and invoicing in accordance with the method of payment you choose. Your payment details will be transferred, to the extent needed, along with other required data for processing the transaction, including invoicing and debt collection where applicable, to providers such as credit card institutes, payment providers and debt collection providers, and processed there, or the data will be collected directly by these providers.
Your payment details are saved to enable payment processing and invoicing for the automatic extension of your user term.
If you choose a credit card as your method of payment and pay using your Mastercard or Visa credit card (not American Express), processing of your payment details and the information required to complete the payment (e.g. name and billing address) will be carried out by XING S.à r.l. XING SE and XING S.à r.l. shall process your data in this case in accordance with the applicable statutory conditions in Luxembourg. In addition, particularly when using another method of payment, processing is not carried out by XING S.à r.l.

Third countries

Data may be transferred to third countries. This however shall always take place in compliance with the admissibility requirements as regulated by law.
In particular, we make certain data available to other users or third parties worldwide to fulfill our contractual obligations. This does not require either an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR.
In cases where the transfer of data to a third country does not serve the fulfilment of our contractual obligations, we have not received consent from you, the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies, we shall only transfer your data to a third country when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
One of these adequacy decisions is the so-called "Privacy Shield" for the USA. For transfers to companies certified in accordance with the Privacy Shield, the level of data protection is deemed in principle as adequate, pursuant to Article 45 of the EU GDPR.
Generally speaking we do not rely on the Privacy Shield alone however. Instead we provide for appropriate safeguards by closing standard data protection clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
You can obtain copies of the EU standard data protection clauses on the Website of the European Commission.

Other categories of recipients

Public authorities and courts

Technical service providers

Hosting providers

Ad server providers

E-mail sending providers

E-mail marketing providers

Marketing automation software providers

CRM providers

Software developers

Agencies

e.g. to carry out prize draws

Postal providers (letter shops)

Market research and survey tool providers

Remarketing/Retargeting providers

Sales service providers and call centres

Service providers for advertising campaigns and the display of ads

Providers of tools for website use analysis

Cooperation partners

Other platform providers that fall under "Social Plugins"

On some XING Websites we use so-called "Social Plugins" of various social networks (Facebook, Google+, Twitter, Pinterest). When you click on a page on one of the XING Websites that contains a plugin like this, your browser will establish a direct connection to the servers of the respective provider. The content of the plugin is sent from the provider directly to your browser and embedded in the page. This embedding means that the provider receives the information that your browser has accessed the respective page in question, even if you don’t have an account and are not currently logged in with this provider. This information (including your IP address) is sent from your browser directly to a server of the provider (usually located in the USA) and saved there. If you are logged in with the provider they will be able to immediately align the visit to our website with your profile. If you interact with the plugins, e.g. if you press a button or post a comment, this information will also be transferred directly to the server of the provider and saved there. The provider in question can potentially publish this information on your profile or share it with your contacts.
If you don’t want the provider to match the data collected on our website with your profile in the respective social network, make sure you log out of that network before visiting our website.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
Overview of Facebook Plugins and their component parts Facebook’s Data Protection Policy

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Overview of Google Plugins and their component parts Google’s Data Protection Policy

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Overview of Twitter Plugins and their component parts Twitter’s Privacy Policy

Pinterest is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA Pinterest’s Data Protection Policy

ClimatePartner

If the "CO2 compensation" option is selected with the purchase of a ticket, the attendee will receive a certificate from ClimatePartner with the attendee’s name and the name of the event. The attendee’s name and the event’s title will be sent in this case only to ClimatePartner. If this option is not selected, no user data will be sent to ClimatePartner.

Event partners

The attendee data gathered for an event (e.g. during a ticket purchase or event registration) will be accessible to the respective event organiser. This is necessary for the performance of a contract (e.g. for managing the entry at an event).
The event host can determine whether certain participant data are displayed on a publicly accessible attendee list. As an attendee, you are able to remove your details from the attendee list or to contact the event organiser and XING Events with regard to this matter.

What rights can you exercise?

You can find detailed information here about your various rights:

  • Your right to object
  • Your right of access
  • Your right to erasure
  • Other rights

You have legal rights available to you with regard to data access, rectification, erasure, restriction of processing and objection to processing, as well as the right to data portability, amongst others. In addition, you can withdraw any consent you may have given to data processing at any time, and have the right to lodge a complaint with a supervisory authority.

Right to object

General

You have the right to object at any time to the processing of personal data concerning you, pursuant to Article 6 (1) f) of the EU GDPR. This shall also apply to any profiling carried out on the basis of these provisions. Please use our contact form to submit any objection.

Direct marketing / newsletters

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This includes profiling to the extent that it is related to such direct marketing. You can unsubscribe to our newsletters at any time in your notifications settings on XING, or in your e-mails by clicking on the link provided at the end of the respective newsletter, without incurring any costs other than the transmission costs in accordance with the basic tariffs. In some applications there are different ways of unsubscribing to a newsletter or notifications. In the XING ReferralManager you can deactivate the option to receive the newsletter by going to your profile settings in the XING ReferralManager.

Right of access

You have the right to demand confirmation as to whether we process your personal data. If this is the case you are entitled to receive information about this personal data.

As a user of the social network you can request this information at https://www.xing.com/settings/privacy/data/disclosure.

As a kununu, kununu engage, XING TicketingManager or HalloFreelancer user you can also easily access the data we have saved about you there. Simply send an e-mail request or follow the respective link:

You also have a right to access the following information:

  • The reasons for the data processing
  • The categories of personal data that are processed
  • If possible the planned period of time that the personal data will be saved for, or if this isn't possible then the criteria used to determination this time period
  • The existence of a right to rectification or erasure of your personal data and/or the right to restriction of processing by the controller, or a right to object to this processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • All available information about the origin of the personal data if the data was not obtained from the person in question
  • The existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of the EU GDPR and – at least in some cases – insightful information about the logic involved plus the scope and aims of the repercussions of this kind of processing for the person affected

If personal data is passed on to a third country or an international organisation, you have the right as the person affected to be informed about the respective guarantees (pursuant to Article 46 of the EU GDPR) regarding this sharing of data.

Right to rectification

You have the right to demand that we correct any incorrect personal data concerning you with immediate effect. Taking the purposes of processing into account, you have the right to demand the completion of any incomplete personal data – including by means of a supplementary explanation.

Right to erasure

You are entitled to demand that we delete your personal data without delay if one of the following applies: The personal data is no longer required for the purposes for which it was collected or processed in some other way. You withdraw your consent that the processing was based on pursuant to Article 6 (1) a) or Article 9 (2) a) of the EU GDPR , and there are now no valid legal grounds for processing. You submit an objection to the processing of your data pursuant to Article 21 (1) of the EU GDPR and there are no overriding justifiable grounds for the processing, or you submit an objection to the processing of your data pursuant to Article 21 (2) of the EU GDPR . The personal data was processed unlawfully. The deletion of the personal data is required to fulfil a legal obligation in accord-ance with EU law or the law of individual member states. The personal data was recorded in relation to the offer of information society services directly to a child, pursuant to Article 8 (1) of the EU GDPR. Once you have made your request we are obliged to delete the data with immediate effect. The lawfulness of the data processing for the period between the consent and the withdrawal of this consent shall remain unaffected.

Right to restriction of processing

You are entitled to demand a restriction to the processing of your personal data in cases where you dispute the correctness of the personal data, for a period of time that allows the controller to review the correctness of that personal data. If the processing is unlawful and you reject the erasure of the personal data in favour of demanding a restriction to the use of the personal data we will fulfil this request. Processing will also be restricted if we no longer require your personal data for the purposes of processing but do require it for the establishment, exercise or defence of legal claims. Or if you have objected to processing pursuant to Article 21 (1) of the EU GDPR, for as long as is not yet ascertained whether the justifiable grounds of the controller outweigh your grounds. We will inform you in advance should the restriction be revoked.

Right to data portability

You have the right to receive personal data concerning you that you have made available to us in a structured, conventional and machine-readable format, and you also have the right to transfer this data to another controller without being impeded by us to whom the personal data has been made available. The condition is that a) processing is based on consent pursuant to Article 6 (1) a) of the EU GDPR or Article 9 (2) a) of the EU GDPR or on a contract pursuant to Article 6 (1) b) of the EU GDPR, and b) the processing is conducted with the help of automated processes. When exercising your right to data portability you have the right to demand that the personal data is transferred directly from us to another controlling body, provided this is technically viable.

Right to withdraw consent

If processing is subject to your consent you have the right to withdraw this consent at any time. This shall not affect the lawfulness of any processing that took place with your consent up until its withdrawal.

Right to lodge a complaint

The supervisory authority responsible for our company is: Freie und Hansestadt Hamburg The Hamburg Commissioner for Data Protection and Freedom of Information, Prof. Dr. Johannes Caspar, Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany Tel.: +49 40 / 428 54 – 4040, Fax: +49 40 / 428 54 – 4000, further details are available by visiting www.datenschutz-hamburg.de (in German)

If you feel that the processing of your personal data infringes upon the EU GDPR, you have the right to lodge a complaint with the supervisory authority in your regular place of residence, your place of work, or alleged place of infringement. Further information about the complaints procedure is available in Article 77 of the EU GDPR.

Terms used in our Privacy Policy

XING: The service XING and the applications belonging to the service XING.

XING Websites: All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.

EU GDPR: The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.

Personal data: Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Social network: The contact and communication forums belonging to the applications of the service XING.

Profile: The page on the XING websites where the personal data made available by the user is displayed in the social network.

Cookies: Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.

Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone, etc.). Pixels are usually used in conjunction with cookies.

Profiling: Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Newsletter: Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.

Third country: A country outside of the European Union.

Back to top
Cookies:

Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.

Third country:

A country outside of the European Union.

EU GDPR:

The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.

Newsletter:

Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.

Personal data:

Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel:

Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone, etc.). Pixels are usually used in conjunction with cookies.

Profile:

The page on the XING Websites where the personal data made available by the user is displayed in the social network.

Profiling:

Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or move-ments.

Social network:

The contact and communication forums belonging to the applications of the service XING.

XING:

The service XING and the applications belonging to the service XING.

XING Websites:

All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.