Privacy Policy (printable version)

General information

How is your personal data processed?

What rights can you exercise?

Terms used in our Privacy Policy

General information

  • Last updated: 5 February 2021
  • Here we inform you about data processing in connection with the entire service XING and its applications (kununu etc.).
  • New Work SE is the body responsible for the processing of personal data.
  • Our Data Protection Officer is Felix Lasse.

XING is a comprehensive service with various applications

XING is a service intended through a variety of different applications to improve and simplify users' professional lives. The combination of these applications gives users the best possible user experience and the widest range of functionality. With the boundaries between our professional and private lives becoming ever more intertwined, and correlations occurring between the two, XING is focused not only on a professional context but also includes applications in a private context. XING is particularly interested in opening up new capabilities for users (primarily in a professional context, but also in their private lives), making it easier for them to form horizontal networks, democratising information, fostering the exchange of information, and supporting lifelong learning. In order to fulfil these aims, XING makes offers, recommendations and services available to its users, often on the basis of data it has collected, and encourages interaction – both within and beyond a user’s network. The applications that make up the service XING include, in particular, the social network where users can acquire a membership, an events platform, an employer rating platform and a platform to foster employee engagement. Some of the XING applications may appear online under another brand name or in the form of other XING Websites (e.g. kununu, HalloFreelancer).

We provide this Privacy Policy to inform you about data processing in connection with the entire service XING (including all applications). We also provide additional information about data processing for the following applications, which you can access on the respective websites of the applications:

Responsible body

We, New Work SE, assume the role of controller as per the EU General Data Protection Regulation (GDPR). In other words, we are the legal entity that shall determine the purposes and means of the processing of personal data . Our contact details are as follows: Dammtorstrasse 30, 20354 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-mail: info@xing.com.

Data Protection Officer

Our Data Protection Officer is Felix Lasse, Dammtorstrasse 30, 20354 Hamburg, Germany, e-mail: Datenschutzbeauftragter@xing.com.

Processing for another purpose

The purposes for which we process your personal data are outlined in the section 1. General statement about the purposes of data processing. We will inform you once again should we process your personal data for any other purpose, i.e. for a purpose other than the one the personal data was originally saved for.

Duty to provide and necessity of personal data for contract closure

You are not legally required to make your personal data available. Nevertheless, in order to close a user contract you must provide information such as your name and e-mail address. Without this information we are not able to enter into such a contract with you. Within the scope of the user contract, we are contractually obliged to keep the data provided in its precise and complete form for all applications used by you and for the entire duration of the contractual term. During the initial process of data entry we inform you if the provision of personal data is necessary for a particular feature or application ("mandatory field"). Where data is required, any failure to provide this information will result in the respective feature or application not being accessible to you the user. In the case of optional data, not making this information available may mean that our services cannot be provided in the same form or scope.

How is your personal data processed?

1. General statement about the purposes of data processing

The main reason we process personal data is to fulfil our contractual obligations towards our users. The processing of data is required, for example, for us to be able to suggest suitable contacts, services and information to you.

Operating a service like XING is subject to dynamic change by its very nature. It is not therefore possible to share every single detail about our data processing with you, but we do intend to inform you of all the key information. We process data first and foremost in order to fulfill our contractual obligations towards our users. In addition to this, we process your data to preserve our justifiable interests while taking your interests into account (e.g. when we send you promotional newsletters). And, of course, in some cases we are legally obliged to process data (e.g. to pass the data on to any investigative authorities). In all other cases we will ask for your separate consent to process your data (e.g. when using tracking technologies for the measurement and optimisation of advertising or when you enter a prize draw). When it comes to fulfilling our contractual obligations towards our users, we try to tailor our products and services to the needs of users at all times. Personalisation is important here. Interest and usage profiles are created. In order to be able to show you recommendations, e.g. for jobs, events, groups or contacts, and to suggest you as a valuable business contact or potential employee, we must have an idea of what your interests might be. In order to ascertain these interests we use information that you provide to us, in addition to implicit feedback, i.e. information that we automatically obtain through your usage of our service (by means of so-called "tracking"), as well as information that we may possibly receive indirectly (e.g. through a user's address book or upload). In order to meet our contractual obligations, we also serve you third-party advertising tailored to your needs and interests wherever possible. To this end, we provide advertisers with certain targeting criteria. Advertisers can state, for example, that they would like to target "directors" at companies with "1,000-5,000 employees".

2. Information you provide to us

This refers to data we obtain from you directly and information you publish and send on XING Websites such as:

  • Login details (e.g. username and password)
  • Profile information (e.g. job title, company name, industry, educational background, contact options, photo)
  • Messages, group posts, event participation, billing details

This includes data that we have obtained from you directly and information that you publish or send on XING Websites. There are both mandatory entry fields (which as marked as such) and optional information you can provide.

Login details

When you register to be able to use XING applications we have to record and process certain personal data as your login data.

Category

e.g.

  • Username
  • E-mail address to log in
  • Mobile number to log in
  • Password

Visibility

Your login data is not visible to third parties. We will not ever pass this information on to third parties under any circumstances.

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Mandatory information in the social network

You are required to complete certain mandatory fields. This information is essential for a functioning professional network.

Category

e.g.

  • title, first name and last name
  • Job title and company name
  • Industry
  • Place: City and country

Visibility

The following mandatory information is always visible without limitation to other users in the social network:

  • First name, last name
  • Job title and company name
  • Industry
  • Place: City and country

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Optional information in the social network

As well as the mandatory information we require, you can also enter additional information to make it easier for users to get to know you better and, for example, identify and select you as a suitable business contact.

Category

e.g.

  • Business e-mail address and phone number
  • Private interests
  • Private contact
  • Educational background
  • Photo
  • Portfolio

Visibility

Your optional information is visible to all users in the social network after you enter it. In some cases, you can choose whether optional information should only be visible to certain users in the social network.

If you activate the "around you" feature with Bluetooth also activated, other XING users with this feature activated will be sought within a radius of 10 to 20 metres (depending on your device). This feature can act as a substitute for exchanging conventional business cards. To provide this feature, your profile details, including your name, company name, your job title and your photo are displayed to other users. We do not use Bluetooth permanently in the background and do not track your location.

Privacy

You can retract most optional information at any time for the future by deleting the respective data in your profile.
With your contact details and date of birth, you can decide on a case-by-case basis whether and to what extent this information should be visible for a particular user in the social network.

Period saved for

If you delete the data, it will be removed from the social network. We will erase the data in full when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Mandatory information in other applications

In order to provide our services we require certain information from you. On our employer review platform we only need your e-mail address. On our events platform more detailed information is required in order to process and bill your participation in events.

Category

e.g.

  • First name, last name
  • E-mail address
  • Company name

Visibility

Whether and to what extent your mandatory information is visible to other users depends on whether and to what extent the respective application is geared towards anonymity. Please refer to the respective application for more information.

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Optional information in other applications

As well as the mandatory information we require, you can also enter additional information to make as effective use as possible of the respective application.

Category

e.g.

  • Employer reviews
  • Photo

Visibility

Whether and to what extent your mandatory information is visible to other users depends on whether and to what extent the respective application is geared towards anonymity. Please refer to the respective application for more information.

Period saved for

If you delete the data, it will be removed from the respective application. We will erase the data in full when you delete your user account. We may also save certain information (e.g. employer reviews) in an anonymous form beyond this point.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

E-mail address(es)

We use the electronic mail address(es) that you have provided to us to send you regular newsletters and/or status e-mails electronically, in addition to advertising for our own related products and services, or surveys for the purpose of our own market research, unless you have objected to this form of usage. The newsletters are a simple and effective way of finding out about new features on XING, for example, having interesting contacts suggested to you, or receiving certain personal statistics. We also use the e-mail addresses you provided us with (with the exception of the login e-mail address) to ensure that your profile can be found by other users of the social network and to be able to display your profile to these users.

Privacy

You can unsubscribe to newsletters at any time, either in your notification settings in the social network or by clicking on the link provided at the end of e-mail newsletters. It’s possible to unsubscribe to newsletters and notifications in individual applications too, although there are different ways of going about this.

Period saved for

If you delete the e-mail address(es), it/they will be removed from the respective application. We will erase the e-mail address(es) in full when you delete your user account.

Legal basis

The legal basis for this processing of personal data are Article 6 (1) f) (newsletters) and Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Your contacts in the social network

Those users in the social network who you ask to join your personal network will be saved on your profile in a list of contacts. If a user in the social network confirms your contact request, they become a so-called "confirmed contact" for you. Another way of connecting with users is the more non-committal "Follow" option. The user in the social network who you want to follow does not have to confirm your request.

Visibility

Other users in the social network can only ever see your confirmed contacts and people you're following.

Privacy

Your default privacy settings mean that the list of your confirmed contacts is visible to all users in the social network. You can alter this setting at any time so that your list of confirmed contacts is hidden from everyone or is only visible to certain groups of users, e.g. only to contacts of your confirmed contacts (second degree contacts).

Period saved for

We delete this data when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Private messages on the social network

You can exchange private messages with other users in the social network. As well as text, content you can send to other users includes images and your exact location. You will also receive e-mail notifications about new messages via the e-mail address your provided.

Visibility

Private messages can never be accessed by anyone other than those individuals who send or receive them.

Privacy

The default settings for messages is that all other users in the social network may send you messages. You can adjust these settings at any time so that either nobody can send you private messages or only users up to a certain degree of separation to you, e.g. only contacts of your confirmed contacts (second degree contacts).

Period saved for

We save this data until your user account is deleted. The recipients of your messages will not however have these conversations erased when you delete your user account. This data is only deleted in full once it has been deleted by both the sender and recipients.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Your shared content and reactions on the social network

In the social network there are various ways of sharing content with others and reacting to content.

Category

e.g.

  • Shared posts and links to the start page
  • Posts in groups
  • Recommendations
  • Comments
  • Likes
  • Consents

Visibility

Generally speaking, the content and reactions you share in the social network are visible to all users in the social network.
Any comments you make in XING Klartext articles and any content you post in groups marked as "public" are subject to a greater degree of visibility. This information can also be accessed outside of the social network for non-users and can be found in online search engines.
For individual features the level of visibility may be more restricted (e.g. only visible to contacts). In such cases you will be informed about visibility when using the respective feature. Please be aware that even if you restrict visibility, the content and reactions that you share may become visible beyond your own network if your contacts choose to share this information with other users.

Privacy

You can deactivate the traceability of your posts in groups marked as "public" by Internet search engines or by so-called RSS readers in your privacy settings under "Privacy".

Period saved for

If you delete the content you shared and the reactions, they will be removed from the social network. We will erase them in full or make them anonymous when you delete your user account.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Billing details

If you use XING applications that you pay for, we will collect and use your billing details to process payments and invoices in accordance with the method of payment you choose. Your billing details are saved for payment and invoice processing when your user term is automatically renewed.

Category

e.g.

  • Bank details

Visibility

Billing details cannot be seen by other users under any circumstances.

Period saved for

We save this data until your user account is deleted or beyond this point, until a time when the data is no longer subject to any tax-related, commercial or other statutory storage obligations.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Events data

As a user it is possible to create events and other similar services on XING Websites. You can invite other users and/or third parties to certain events.

Visibility

The event host can determine whether or not, or which data about an event is visible for users and/or third parties. This might include information detailing whether the event is open to users only or the general public and therefore third parties, whether the number of participants is limited, and whether the guest list is publicly accessible or restricted.

Period saved for

We save this data until the event has been deleted.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Data when providing user feedback

If you provide us with feedback of your own volition or when taking part in one of our surveys, we will process your data in order to conduct the survey, or to evaluate and, where applicable, implement your feedback.
In some cases we may ask for separate consent from you to process your data provided as part of a survey.

Period saved for

We save this data until your user account is deleted, unless you have provided consent to it being processed beyond this point.

Legal basis

The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) and Article 6 (1) b) of the EU General Data Protection Regulation (GDPR).

Data when taking part in prize draws

If you choose to enter a prize draw we offer, we will process your data insofar as it is required for the purposes of this draw.
In some cases we may ask for separate consent from you to process your data provided as part of the prize draw in other ways.

Period saved for

The data collected as a result of your entering the prize draw will be deleted once the draw has closed, unless you have provided consent to your data being processed beyond this point.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) a) (separate consent) and b) of the EU General Data Protection Regulation (GDPR).

Data provided when contacting our customer service team

If you contact our customer service team, we process the data you provide so as to be able to handle your query. We may request separate consent to process your data, and only process your data for other purposes in compliance with statutory requirements pursuant to Article 6 (4) of the EU GDPR

Period saved for

We only save copies of identification documents you provide us with for verification purposes to the extent required to perform said verification, with copies generally deleted after 30 days at the latest. Data we receive from you when contacting our customer service team is deleted in full 7 years following completion of the respective customer request at the latest.

Legal basis

The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) of the EU General Data Protection Regulation (GDPR), Article 6 (1) b) (processing necessary for the performance of a contract) of the EU General Data Protection Regulation (GDPR), Article 6 (1) f) (processing based on the weighing of interests) of the EU General Data Protection Regulation (GDPR), and Article 6 (1) c) (processing necessary for compliance with a legal obligation) of the EU General Data Protection Regulation (GDPR).

3. Information automatically collected through your use of XING

Data about you is automatically collated by means of tracking while you visit or make use of the XING service. Here you can find out:

  • How tracking works
  • Why tracking is used (ensuring security, provision of our service, measurement and optimisation of advertising, and determination of statistics).

Data about you is automatically collated by means of tracking whenever you visit or make use of the XING service. This takes place with the help of various tracking technologies.

How does tracking work?

In the so-called "back end", at our web server level, we collect the data of logged-in users and other visitors, which we use first and foremost for the provision and preservation of the security of the service XING. In the "front end", on your end device, we, or third parties we use, use cookies, pixels, local storage and similar tracking technologies to collect data about logged-in users and other visitors to enable the provision of our service and the analysis of user behaviour, and for the measurement and optimisation of advertising. In addition, we record your usage behaviour in connection with e-mails we send you, e.g. whether and when you have opened an e-mail, and which links you clicked on. Tracking involves the processing of login data (e.g. date and time of the visit, referrer, IP address, cookie ID, location data, product and version information about the browser or app used, device ID or data) and interaction data (e.g. pages viewed or searches carried out). In order to be able to identify you as a user during your visit to XING, we use so-called session cookies. These session cookies are automatically deleted at the end of a session. These cookies are required to be able to use XING. When you register you can choose to remain logged in. If you do, a cookie is then saved in the browser of your end device that means that you don’t need to log in again for as long as the cookie remains saved. We also conduct a very approximate geo-localisation that informs us of the towns/cities you have been to. In order to do this we use your shorted and anonymised IP address, and your geo-coordinates if you have agreed to this on your mobile end device. We do not save your precise location. We only store information about which cities you are in on a regular basis. Specific addresses or geo-coordinates are not saved.

The purposes of tracking and your opt-out options

Ensuring security

One reason for tracking is to ensure and preserve the legitimate interest of the protection of users, the security of user data, XING Websites, and the XING service. To this end, we save the data we record for up to 90 days in its full form. Only a limited number of our employees with the respective authorisation rights have access to this data. The legal basis for this processing of personal data are Article 6 (1) f) and Article 32 of the EU General Data Protection Regulation (GDPR).

Provision of our service

We mainly use tracking and the associated user behaviour analysis to meet our contractual obligations and to perform pre-contractual measures. The legal basis for this processing of personal data is Article 6 (1) b) of the EU General Data Protection Regulation (GDPR). If tracking is not used to meet our contractual obligations or to perform pre-contractual measures, but to provide the service you visit or use, the legal basis for this processing is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR). To this end, we pursue the legitimate interest of providing you with a smooth and user-friendly service.

Tracking and analysing user behaviour helps us to review and optimise the effectiveness of our service, and to identify and correct any errors and faults. To this end, we also use several services from third-party providers, such as Google. If we use third-party providers, data may be processed outside of the EU in so-called third countries where the level of data protection applied may not match EU standards. This means there is a risk that authorities in third countries may be able to access third-party provider data, possibly without any means of redress, for monitoring or surveillance purposes. We endeavour at all times to adapt our products and services to the needs of our users. Personalisation is an important aspect here. Analysing data obtained from tracking is necessary to make personalised services available to you in accordance with the contractual purpose of XING and to ensure that you gain the great possible benefit from XING The implicit feedback that you provide to us through our tracking of your usage of XING forms an important part of understanding what content you are more or less interested in, and being able to suggest you to other users as a valuable business contact or potential employee. This implicit feedback is enormously important as the information you provide to us is reflective of the past and the present for the most part, and says little about what interests you have with regard to the future. Interest profiles produced, for example, with the help of click data or searches you have conducted often form a better basis for estimating whether you, for example, are interested in finding a new job and what type of job openings you might be particularly interested in. When you delete your user account we delete or anonymise the personal data we have obtained through tracking in order to provide our service.

Examples

Clickpath

One important feature to result from our analyses is, for example, the provision of the "Clickpath". This is an essential part of contact management and as such an essential feature of XING. Clickpath is a function of the service XING which registers access to users’ profiles by other users, as well as to event pages, Business Pages, Employer Branding Profiles, job ads, or access to specific information contained therein. The information registered by Clickpath is only available to Premium members, users who post job ads, operators of Business Pages and Employer Branding Profiles, and organisers who have booked the Event Plus option for their events. By using Clickpath you can see, as a Premium member, e.g. which other users have visited your profile. By the same token, all other Premium members can do the same, i.e. they may see whether you have visited their profile, event page, Business Page, Employer Branding Profile or job ad. You are not able to deactivate this feature in your privacy settings. If you do not agree that other users may see that you have visited their profile, Business Page, etc., you should refrain from using the service XING.

Recommendations

Another important feature resulting from our analyses are recommendations that we tailor to you personally on the basis of your user data. We can, for example, recommend job offers, relevant news, events or interesting contacts to you.

Personal statistics

In order to be able to identify you as a valuable business contact or potential employee, we may show other users information about your personal XING usage. This might include your level of user activity, the number of things you have in common with a respective profile visitor, events you have attended, the number times you have visited a user’s profile, how long you have been a member and what kind of membership you have.

You can opt out of tracking by the following third-party providers:

Adobe Digital Analytics

We use the tracking tool Adobe Digital Analytics. Whenever you are logged in as a user on XING your data is matched with your user ID during the tracking process. If you are not logged in as a user, tracking is pseudonymous, i.e. we are not able to directly deduce information regarding your identity from information we obtain from tracking. The cookies used for the web analysis contain an ID which allows us to identify your end device’s browser. We have closed a data processing agreement with the provider and your IP addresses are anonymised immediately after collection and personal data is processed within the European Union.

You can opt out of tracking by Adobe Digital Analytics at any time, simply by clicking on the following link and opting to exclude yourself from visitor session aggregation and analysis: https://nats.xing.com/optout.html?popup=1

Please note that this opt-out option installs a cookie on the end device you’re using when you click on the link. You therefore might not be excluded from tracking if you then delete the cookie in question. When using mobile apps, you need to opt out in the respective app settings.

Google Analytics

We use the web analysis tool Google Analytics, developed by Google Inc. ("Google"). Google Analytics uses so-called "cookies": text files that are saved on your computer and enable the analysis of your usage of a website. The information generated by the cookie about your use of this website (including your IP address) is transferred to a server of Google in the USA and saved there. We use the so-called "_anonymizeIp()" script here, which ensures that your IP address (after identifying the geolocation) is immediately anonymised by Google. We have also closed a data processing agreement with Google. Google will use this information to evaluate your use of the website, to compile reports about website activity for website operators, and to provide other services relating to website and online usage. Google may also pass this information on to third parties if this is required by law or if these third parties process the data on behalf of Google. Google will not link your IP address to any other data about you it has stored.

You can prevent the installation of cookies by adjusting the settings in your browser software accordingly; please note though that you may not be able to use all the features of the XING Websites in full as a result. Google also offers so-called deactivation tools for some web browsers, where you can opt out of your user behaviour being recorded and analysed. You will find more information and download options for these tools here: http://tools.google.com/dlpage/gaoptout?hl=en-GB

Braze

We use the 'Braze' service to collect your usage of some parts of the platform to be able to serve you personal tips and information.

You can enable or deactivate this data collection. We recommend you enable it so we can provide you with useful tips and information (e.g. about updates to the features you use, or current billing information).

  • Opt in to data collection with Braze
    Please note that opting out of cookies is device-specific. This means that if you delete your cookie or use a different computer or web browser, you will need to opt out again. When using mobile apps, you can opt out in the app settings.

IBM Watson Campaign Automation

We would like to show you content that is tailored to your interests. We show this content on our websites or in e-mails. To do that, we use the 'IBM Watson Automation' service to collect your usage data.

You can enable or deactivate this data collection by IBM Watson Automation. We recommend you enable it so we can keep providing you with relevant content and with useful tips and information about XING solutions.

  • Opt in to data collection with IBM Watson Campaign Automation
    Please note that by opting out of data collection, a cookie will be set which saves this setting. If you delete this cookie or use a different device or web browser, you will need to opt out again.

Wingify/VWO

We use a tool called VWO to run A/B tests. You can opt out of this kind of web analysis here

Measurement and optimisation of advertising

Tracking helps us to obtain metrics for the success of advertising campaigns and to optimise the way that online ads are displayed. Your user ID is not sent to third-party providers. The cookies have a lifespan of up to 2 years.
In this context, the servers of third-party providers (e.g. marketers) might be accessed directly when using XING. Here, the respective third-party provider may record the fact that you visited our website(s). In addition, such site visits may lead to information being sent to some of these third-party providers with the aim of optimising and measuring the performance of our advertising. This includes, for example, information about the kind of pages you visited, or you belonging to a certain target audience we have defined. Calling third-party provider servers directly allows third-party providers to use cookies and advertising IDs for retargeting purposes. Retargeting technologies enables third-party providers to show you personalised advertising based on your previous browsing behaviour on partner websites. Third-party providers are, to some extent, able to link your various technical IDs and thus show you personalised advertising across multiple devices. Third-party providers such as Xandr enable us to offer advertising campaigns outside of XING so that advertisers can also promote their products and services on and outside of XING based on targeting criteria we supply to advertisers. To this end, advertisers do not receive any of your personal data. To measure and evaluate an advertising campaign's performance, we may send the third-party provider randomly generated click IDs which enable us to assign user conversions to a certain campaign.
Third-party providers are solely responsible for operating their IT systems in line with applicable data-protection practices and law. Third-party providers are responsible for deciding how long data is stored for. If we use third-party providers, data may be processed outside of the EU in so-called third countries where the level of data protection applied may not match EU standards. This means there is a risk that authorities in third countries may be able to access third-party provider data, possibly without any means of redress, for monitoring or surveillance purposes.

Tracking for the measurement and optimisation of advertising is based on your consent, see Article 6 (1) a) of the EU General Data Protection Regulation (GDPR). You can withdraw your consent at any time.

Third-party providers we use

In the following you will find further information about the tracking technologies used and information from providers about data processing.

Google

More information is available here

Bing

More information is available here

Criteo

More information is available here

LinkedIn

More information is available here

Facebook Pixel

We use the so-called "Facebook Pixel" developed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA to create "custom audiences". This serves the purpose of optimising our advertising in the social network Facebook, of placing only relevant advertising there, and measuring the success of our Facebook advertising campaigns. The Facebook Pixel makes it possible for Facebook to identify visitors to the XING Websites as a target group for the display of ads in the social network Facebook.

A direct link to the Facebook servers is established via the Facebook Pixel implemented on the XING Websites when a user visits the XING Websites. The Facebook server is informed here that you have visited the XING Websites, and information is also transferred about which specific pages you viewed. In addition, individual information and parameters are transferred that are required for the optimisation of our ads, to increase relevance and measure success. This relates in particular to information about so-called "conversion events" on XING (e.g. whether a registration or a purchase was completed).

Further information about the collection and usage of data by Facebook and about your corresponding right and options for protecting your privacy can be found in the Facebook Data Policy at https://www.facebook.com/about/privacy/.

Twitter

We use Twitter, a service provided by Twitter Inc., to track conversion and to post target-group-based online advertisements. To do so, we implemented a Twitter tag on our website. When you visit our websites, this tag creates a direct link to the Twitter servers so that Twitter knows you visited our websites and whether you performed any requests or similar. Twitter assigns this information to your personal Twitter user account. We are then able to serve (remarketing) advertisements based on your previous page views and activity. The data Twitter processes in this regard does not allow us to identify you. These pseudonyms are also not linked to any of your other personal data. To learn about your rights and privacy options, and for more information about how Twitter collects and uses data, visit the Twitter Privacy Policy: https://twitter.com/privacy?lang=de

Ad-defend

More information is available here

Performance Media

More information is available here

Adform

More information in German is available here

Adjust

More information is available here

ADITION

More information is available here

Outbrain

More information is available here

Pinterest

More information is available here

AppNexus

More information is available here

Snap Pixel

We use the so-called "Snap Pixel" developed by Snap Inc., 2772 Donald Douglas Loop North, Santa Monica, CA 90405, USA to create "custom audiences". This serves the purpose of optimising our advertising in the social network Snap, of placing only relevant advertising there, and measuring the success of our Snap advertising campaigns. The Snap Pixel makes it possible for Snap to identify visitors to the XING Websites as a target group for the display of ads in the social network Snap.

A direct link to the Snap servers is established via the Snap Pixel implemented on the XING Websites when a user visits the XING Websites. The Snap server is informed here that you have visited the XING Websites, and information is also transferred about which specific pages you viewed. In addition, individual information and parameters are transferred that are required for the optimisation of our ads, to increase relevance and measure success. This relates in particular to information about so-called "conversion events" on XING (e.g. whether a registration or a purchase was completed).

Further information about the collection and usage of data by Snap and about your corresponding right and options for protecting your privacy can be found in the Snap Privacy Center at https://www.snap.com/en-US/privacy/privacy-center/.

Xandr

More information

OptinMonster

More information

Opting out of tracking for the measurement and optimisation of advertising in our applications

Tracking settings for individual XING applications

The links below allow you to select your tracking settings for individual applications.
Please note that tracking opt-outs are handled by way of a cookie set on your end device. Should you delete this cookie or use a different end device or browser, you'll need to opt out of tracking again.
When using mobile apps, you need to opt out in the respective app settings.

Opt-In Tracking Settings

Erasure of previously saved cookies

We do not erase cookies saved on your end device if you withdraw your consent. By withdrawing your consent in the tracking settings for individual XING applications, you only opt out of tracking for the measurement and optimisation of advertising in the respective applications.

If you visit third-party sites that are not covered by these tracking settings, those third parties will still be able to access cookies saved in your end device. If you'd like to prevent this, please erase the third-party provider cookies from your end device. But please don't delete the "userConsent" cookies we set as otherwise we won't be able to determine whether you opted in or out of tracking for the measurement and optimisation of advertising in the respective XING applications. If you delete this cookie, you'll then be prompted to opt in or out of tracking for the measurement and optimisation of advertising when you next visit our application.

The process required to delete cookies and set what information your browser saves depends on the browser you use. Please refer to the help section of your browser for further details.

Advertising ID settings for iOS and Android:

ID settings (e.g. ad ID) for a certain iOS or Android device are provided in your iOS or Android settings.

Tracking of content and your opt-out options

Tracking in embedded third-party content

You will also find content produced by external providers on XING applications. This content is integrated into the XING environment you’re familiar with from external websites. When it comes to this external content we have no control over the type of tracking used.

Opting out of tracking within the XING environment

If you’d like to prevent tracking by external providers within the XING environment, you can deactivate the integration. As soon as you begin using any of the external content you will leave the XING environment and be automatically forwarded directly to the page of the provider. Please note: This doesn’t necessarily result in less tracking – it is only means that the tracking does not take place on XING.

  • Opt in to tracking on XING
    As a non-member these changes only apply in the browser you're currently using.

4. Information we obtain about you from other sources

Some information about you that we process does not come directly from you. This might be the case, for example, if a user shares this information with us or we obtain it from other sources.

We also process data that we haven’t obtained directly from you. This occurs whenever a user provides us with information or we collect information from other sources. In such cases we process the respective data within the scope of fulfilment of our contractual obligations towards the respective user and/or to safeguard our legitimate interests, while giving due consideration to your interests.

Data from address book or list uploads

This includes data which can be extracted from an address book or list (e.g. smartphone address book, e-mail address book or CSV file), e.g.:

  • First and last name
  • E-mail addresses
  • Phone numbers
  • Job title and company name
  • Place: City and country
  • Twitter and Facebook handles
Intended purpose

We provide users with various address book and list upload features to enable them to expand their network on XING or to invite non-users. If we permanently save the data uploaded by way of an aforementioned feature, we make appropriate functions available to users to manage the data and, in particular, to delete this data. Users have the right and the option to cease the processing of personal data at any time.

Source of the data

Users who already have access to your data can upload this information to XING.

Visibility

No third parties have access to the uploaded data.

Period saved for and objection

If the respective upload feature is only used for a single user search, categorisation or grouping, the data uploaded will be deleted immediately afterwards. If the respective upload feature requires permanent storage of the uploaded data, we save this data until the respective user either deletes this data themselves or their user account is deleted.
The invited non-users can select an opt-out link in the invitation e-mail to object to the sending of further invitations or invitation reminders to their respective e-mail address.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR) .

Events data

This includes the following data, which users provide us with to register attendees for an event at the organiser's request:

  • Salutation, title, first name and last name
  • E-mail address
  • Company name
Intended purpose

Users who purchase tickets via the events platform can also register other persons as event attendees. If a ticket buyer uses this feature, personal data is processed on the ticket buyer's behalf and responsibility. XING provides ticket buyers with suitable features to manage data processed on their behalf, in particular data deletion options.

Source of the data

Users who have data for other persons can register them as event attendees by entering said data on XING.

Visibility

The organiser can access the attendee's registration details.

Period saved for and objection

We save this data until the respective user either deletes this data themselves or their user account is deleted. You have the right to file an objection at any time to the processing of your personal data pursuant to Article 6 (1) f) of the EU General Data Protection Regulation (GDPR). Please use our contact form to file your objection.

Legal basis

The legal basis for this processing of personal data is Article 6 (1) f) of the EU General Data Protection Regulation (GDPR).

5. Who may receive information about you?

You can find out here who we disclose data to, what purpose this serves, and how you can customise your privacy settings on XING. By the way, we only ever pass your personal data on to third parties when:

  • This is required for us to fulfil our business purposes, e.g. when we make your profile accessible to another user
  • You have granted your consent (e.g. for use of an external application)
  • We are obliged to do so on legal grounds, by court order, or at the request of another official authority.

We only pass your personal data on to third parties when this is required to fulfil our business purposes (i.e. in particular to perform the services we are obliged to provide you with, e.g. making your profile available to another user), when you have given your consent to this (e.g. when using an external application), or when we are obliged to on legal grounds, by court order, or at the request of another official authority.
In cases where we work together with external service providers for our data processing (e.g. in software development), this is usually carried out on an order processing basis, whereby we remain responsible for data processing. We review each of these service providers beforehand with regard to the measures they have undertaken to ensure data protection and data security, thereby safeguarding the contractual provisions as stipulated by law for the protection of the personal data.

Other users

You can learn more about how visible you are to other users under “Information you provide to us” and by way of the examples of how we use your usage data to meet our contractual obligations and to render the service you use.

Non-users of the social network

You can determine whether you want non-users of the social network to be able to find and access the information in your profile, e.g. via search engines. Separate privacy settings are available to you here. If you opt not to restrict these settings, the information in your profile will be visible and accessible to non-users of the social network, although this does not include any personal contact details such as e-mail addresses and phone numbers.
The standard external accessibility of profile information forms a central element of XING as a way of fostering networking between users, as many business contacts are made in the first instance when other users (or third parties) find the name of a user when conducting research in search engines.
With some features on XING (e.g. with posts in groups on guest lists) another user determines whether and to what extent the data used or shared for a particular function is visible or accessible to other users and non-users, and who is authorised to read this content and add to this content. If you aren’t able to change these settings through your own privacy settings we will inform you about the respective use of your data in the respective feature.

People you want to invite to the social network or other XING application

As a user, you can invite other people to join and use XING. We process the data recorded here solely for this purpose.
After a certain period we send out a reminder e-mail ("automatic reminder") on your behalf to the person you invited. You can prevent this automatic reminder from being sent by deleting the invitation in your settings. You also have the option of sending your own reminder e-mails manually. We save the e-mail addresses that invitations are sent to in encrypted form. This encryption is temporarily suspended to display the e-mail addresses in your account. You can delete this data in your account at any time.
Every person you invite has the option to object to invitations being sent to their e-mail address from that point onwards.
Please note that, depending on the invitation feature used, recipients may be shown the following information in the invitation you send:

  • Your name
  • Your company
  • Your position
  • Your e-mail address
  • Your photo
  • Your user status

Selected developers and companies ("API Partners")

We provide the XING API to selected developers and companies ("API Partners") so that they can develop and manage applications that grant users of API Partner applications access to data and content beyond XING while also allowing said users to integrate external content on XING. The aim of integrating external applications is to make XING more appealing and useful to users. API stands for Application Programming Interface, meaning that the XING API is an interface provided by us that allows API partners to integrate one or more applications on XING provided they adhere to our contractual terms.
Users wishing to use an API Partner application must grant the application access to data; an API application of an API Partner can therefore only ever access data with the express allowance of the user. Depending on the application in question, a separate declaration of consent for data processing may be required. When API Partners process XING user data, this is performed on behalf of the user that activated the application.
Every API Partner application that accesses the data and content of users requires our prior consent. XING has therefore compiled a list of criteria in order to ensure that the data of users is safe and secure.
If an application involves personal data being processed in countries outside of the European Union, we will stipulate the legal privacy provisions required in order to ensure that API Partners maintain an appropriate level of protection for personal data.

Payment service providers, receivables management providers, debt collection providers

If you use features on XING that you pay for, we process your payment details such as credit card and bank details for the purpose of payment processing and invoicing in accordance with the method of payment you choose. Your payment details will be transferred, to the extent needed, along with other required data for processing the transaction, including invoicing and debt collection where applicable, to providers such as credit card institutes, payment providers and debt collection providers, and processed there, or the data will be collected directly by these providers.
Your payment details are saved to enable payment processing and invoicing for the automatic extension of your user term.

Third countries

Data may be transferred to third countries. This however shall always take place in compliance with the admissibility requirements as regulated by law.
In particular, we make certain data available to other users or third parties worldwide to fulfill our contractual obligations. This does not require either an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR.
In cases where the transfer of data to a third country does not serve the fulfilment of our contractual obligations, we have not received consent from you, the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies, we shall only transfer your data to a third country when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
In general, we provide for appropriate safeguards by closing standard data protection clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
You can obtain copies of the EU standard data protection clauses on the Website of the European Commission.

Other categories of recipients

Public authorities and courts

Technical service providers

Hosting providers

Ad server providers

E-mail sending providers

E-mail marketing providers

Marketing automation software providers

CRM providers

Software developers

Agencies

e.g. to carry out prize draws

Postal providers (letter shops)

Market research and survey tool providers

Remarketing/Retargeting providers

Sales service providers and call centres

Service providers for advertising campaigns and the display of ads

Providers of tools for website use analysis

Cooperation partners

ClimatePartner

If the "CO2 compensation" option is selected with the purchase of a ticket, the attendee will receive a certificate from ClimatePartner with the attendee’s name and the name of the event. The attendee’s name and the event’s title will be sent in this case only to ClimatePartner. If this option is not selected, no user data will be sent to ClimatePartner.

Event partners

The ticker buyer and attendee data gathered for an event (e.g. during a ticket purchase or event registration) will be accessible to the respective event organiser. This is necessary for the performance of a contract (e.g. for managing the entry at an event).
The event host can determine whether certain participant data are displayed on a publicly accessible attendee list. As an attendee, you are able to remove your details from the attendee list or to contact the event organiser and XING Events with regard to this matter.

What rights can you exercise?

You can find detailed information here about your various rights:

  • Your right to object
  • Your right of access
  • Your right to erasure
  • Other rights

You have legal rights available to you with regard to data access, rectification, erasure, restriction of processing and objection to processing, as well as the right to data portability, amongst others. In addition, you can withdraw any consent you may have given to data processing at any time, and have the right to lodge a complaint with a supervisory authority.

Right to object

General

You have the right to object at any time to the processing of personal data concerning you, pursuant to Article 6 (1) f) of the EU GDPR. This shall also apply to any profiling carried out on the basis of these provisions. Please use our contact form to submit any objection.

Direct marketing / newsletters

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This includes profiling to the extent that it is related to such direct marketing. You can unsubscribe to our newsletters at any time in your notifications settings on XING, or in your e-mails by clicking on the link provided at the end of the respective newsletter, without incurring any costs other than the transmission costs in accordance with the basic tariffs. In some applications there are different ways of unsubscribing to a newsletter or notifications. In the XING ReferralManager you can deactivate the option to receive the newsletter by going to your profile settings in the XING ReferralManager.

Right of access

You have the right to demand confirmation as to whether we process your personal data. If this is the case you are entitled to receive information about this personal data.

As a user of the social network you can request this information at https://www.xing.com/settings/privacy/data/disclosure.

As a kununu, kununu engage, XING EventManager, HalloFreelancer, XING TalentService or XING Exchange user you can also easily access the data we have saved about you there. Simply send an e-mail request:

kununu

Use the following link to request the data we saved about you in this application: kununu data disclosure report

kununu engage

Use the following link to request the data we saved about you in this application: kununu enagage data disclosure report

XING EventManager

Use the following e-mail address to request the data we saved about you in this application: XING EventManager data disclosure report

HalloFreelancer

Use the following e-mail address to request the data we saved about you in this application: HalloFreelancer data disclosure report

XING TalentService

Use the following e-mail address to request the data we saved about you in XING TalentService: gdpr_xts@xing.com

XING Exchange

Use the following e-mail address to request the data we saved about you in this application: xing-exchange@xing.com

You also have a right to access the following information:

  • The reasons for the data processing
  • The categories of personal data that are processed
  • If possible the planned period of time that the personal data will be saved for, or if this isn't possible then the criteria used to determination this time period
  • The existence of a right to rectification or erasure of your personal data and/or the right to restriction of processing by the controller, or a right to object to this processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • All available information about the origin of the personal data if the data was not obtained from the person in question
  • The existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) of the EU GDPR and – at least in some cases – insightful information about the logic involved plus the scope and aims of the repercussions of this kind of processing for the person affected

If personal data is passed on to a third country or an international organisation, you have the right as the person affected to be informed about the respective guarantees (pursuant to Article 46 of the EU GDPR) regarding this sharing of data.

Right to rectification

You have the right to demand that we correct any incorrect personal data concerning you with immediate effect. Taking the purposes of processing into account, you have the right to demand the completion of any incomplete personal data – including by means of a supplementary explanation.

Right to erasure

You are entitled to demand that we delete your personal data without delay if one of the following applies: The personal data is no longer required for the purposes for which it was collected or processed in some other way. You withdraw your consent that the processing was based on pursuant to Article 6 (1) a) or Article 9 (2) a) of the EU GDPR , and there are now no valid legal grounds for processing. You submit an objection to the processing of your data pursuant to Article 21 (1) of the EU GDPR and there are no overriding justifiable grounds for the processing, or you submit an objection to the processing of your data pursuant to Article 21 (2) of the EU GDPR . The personal data was processed unlawfully. The deletion of the personal data is required to fulfil a legal obligation in accordance with EU law or the law of individual member states. The personal data was recorded in relation to the offer of information society services directly to a child, pursuant to Article 8 (1) of the EU GDPR. Once you have made your request we are obliged to delete the data with immediate effect. The lawfulness of the data processing for the period between the consent and the withdrawal of this consent shall remain unaffected.

Right to restriction of processing

You are entitled to demand a restriction to the processing of your personal data in cases where you dispute the correctness of the personal data, for a period of time that allows the controller to review the correctness of that personal data. If the processing is unlawful and you reject the erasure of the personal data in favour of demanding a restriction to the use of the personal data we will fulfil this request. Processing will also be restricted if we no longer require your personal data for the purposes of processing but do require it for the establishment, exercise or defence of legal claims. Or if you have objected to processing pursuant to Article 21 (1) of the EU GDPR, for as long as is not yet ascertained whether the justifiable grounds of the controller outweigh your grounds. We will inform you in advance should the restriction be revoked.

Right to data portability

You have the right to receive personal data concerning you that you have made available to us in a structured, conventional and machine-readable format, and you also have the right to transfer this data to another controller without being impeded by us to whom the personal data has been made available. The condition is that a) processing is based on consent pursuant to Article 6 (1) a) of the EU GDPR or Article 9 (2) a) of the EU GDPR or on a contract pursuant to Article 6 (1) b) of the EU GDPR, and b) the processing is conducted with the help of automated processes. When exercising your right to data portability you have the right to demand that the personal data is transferred directly from us to another controlling body, provided this is technically viable.

Right to withdraw consent

If processing is subject to your consent you have the right to withdraw this consent at any time. This shall not affect the lawfulness of any processing that took place with your consent up until its withdrawal.

Right to lodge a complaint

The supervisory authority responsible for our company is: Freie und Hansestadt Hamburg The Hamburg Commissioner for Data Protection and Freedom of Information, Prof. Dr. Johannes Caspar, 7th floor, Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany Tel.: +49 40 / 428 54 – 4040, Fax: +49 40 / 428 54 – 4000, further details are available by visiting https://datenschutz-hamburg.de (in German)

If you feel that the processing of your personal data infringes upon the EU GDPR, you have the right to lodge a complaint with the supervisory authority in your regular place of residence, your place of work, or alleged place of infringement. Further information about the complaints procedure is available in Article 77 of the EU GDPR.

Terms used in our Privacy Policy

XING: The service XING and the applications belonging to the service XING.

XING Websites: All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.

EU GDPR: The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.

Personal data: Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Social network: The contact and communication forums belonging to the applications of the service XING.

Profile: The page on the XING websites where the personal data made available by the user is displayed in the social network.

Cookies: Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.

Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone, etc.). Pixels are usually used in conjunction with cookies.

Profiling: Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Newsletter: Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.

Third country: A country outside of the European Union.

Back to top
Cookies:

Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.

Third country:

A country outside of the European Union.

EU GDPR:

The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.

Newsletter:

Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.

Personal data:

Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel:

Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone). Pixels are usually used in conjunction with cookies.

Profile:

The page on the XING Websites where the personal data made available by the user is displayed in the social network.

Profiling:

Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or move-ments.

Social network:

The contact and communication forums belonging to the applications of the service XING.

XING:

The service XING and the applications belonging to the service XING.

XING Websites:

All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.