Xenox-ITSmart Protection Smart Choice

Privacy Policy

This policy explains how Xenox IT Sicherheitstechnik GmbH ("Xenox", "we", "us") processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UAE Personal Data Protection Law (PDPL). It applies to our websites, customer portals and managed services.

Controller

Xenox IT Sicherheitstechnik GmbH, Cremon 11, 20547 Hamburg, Germany.

Contact: privacy@xenoxit.com

For UAE processing activities Xenox IT Sicherheitstechnik Systems LLC, One Central, Dubai World Trade Centre, Dubai, United Arab Emirates is the joint controller.

Categories of data

  • Contact data (name, email, phone, company, role).
  • Usage data (log files, telemetry, device identifiers) for managed services.
  • Support information (tickets, change requests, incident records).
  • Marketing preferences and newsletter subscriptions.

Purposes and legal bases

We process data for the following purposes:

  • Contract fulfilment and pre-contractual communication (Art. 6(1)(b) GDPR / PDPL Art.4(1)(b)).
  • Security monitoring, incident response and compliance reporting (Art. 6(1)(f) GDPR legitimate interest; PDPL Art.4(1)(c)).
  • Marketing communication based on consent (Art. 6(1)(a) GDPR / PDPL Art.4(1)(a)).
  • Legal obligations such as tax, accounting or regulatory requirements (Art. 6(1)(c) GDPR).

Data transfers & storage

Data is processed within the European Union or the United Arab Emirates based on contractual agreement. Cross-border transfers use EU Standard Contractual Clauses or PDPL-compliant safeguards. Customers may choose dedicated hosting regions (e.g., Frankfurt, Amsterdam, Dubai). Access is logged and encrypted using customer-managed keys.

Retention

We retain data only as long as necessary for the respective purpose or statutory requirement. Operational telemetry is typically retained for 180 days unless otherwise agreed. Contracts and invoices are stored for up to 10 years according to German commercial law.

Rights of data subjects

You have the right to access, rectification, erasure, restriction, data portability and objection under GDPR. Under PDPL you have the right to access, correction, deletion, restriction and withdrawal of consent. Requests can be addressed to privacy@xenoxit.com. We will respond within one month (GDPR) or thirty days (PDPL).

Cookies & tracking

We use essential cookies to operate the website and optional analytics cookies (Matomo) based on consent. Detailed information is available in our cookie policy. Consent can be withdrawn at any time via the cookie banner.

Supervisory authority

GDPR: Landesbeauftragte für Datenschutz und Informationsfreiheit NRW, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.

PDPL: UAE Data Office, Abu Dhabi.

Changes to this policy

We review this policy regularly and update it where necessary. The latest revision date is 10 March 2025.

Message us on WhatsApp