Third countries

Data may be transferred to third countries. This however shall always take place in compliance with the admissibility requirements as regulated by law.
In particular, we make certain data available to other users or third parties worldwide to fulfill our contractual obligations. This does not require either an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR.
In cases where the transfer of data to a third country does not serve the fulfilment of our contractual obligations, we have not received consent from you, the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies, we shall only transfer your data to a third country when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.
One of these adequacy decisions is the so-called "Privacy Shield" for the USA. For transfers to companies certified in accordance with the Privacy Shield, the level of data protection is deemed in principle as adequate, pursuant to Article 45 of the EU GDPR.
Generally speaking we do not rely on the Privacy Shield alone however. Instead we provide for appropriate safeguards by closing standard data protection clauses as decreed by the European Commission with the recipient body pursuant to Article 46 of the EU GDPR, as well as an adequate level of data protection.
You can obtain copies of the EU standard data protection clauses on the Website of the European Commission.

Read about 5. Who may receive information about you?

Small files that enable us to store specific information related to you, the user, on your end device. You can edit the settings of your browser to prevent cookies from being saved.

Third country:

A country outside of the European Union.


The Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and on the repeal of the EU Data Protection Directive 95/46/EC.


Newsletters or status e-mails and advertising for XING’s own similar products and services, or surveys for the purpose of XING’s own market research.

Personal data:

Pursuant to Article 4 (1) of the EU General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Pixel: An image file or link to an image file that is added to the website code but not sent to your end device (e.g. PC, smartphone). Pixels are usually used in conjunction with cookies.


The page on the XING Websites where the personal data made available by the user is displayed in the social network.


Pursuant to Article 4 (4) of the EU General Data Protection Regulation (GDPR), any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or move-ments.

Social network:

The contact and communication forums belonging to the applications of the service XING.


The service XING and the applications belonging to the service XING.

XING Websites:

All websites, subdomains, aliases, mobile applications, background applications, web services and embedding in third-party websites where the service XING is available.