Privacy Policy (Datenschutzerklärung)
#

Last updated: 2026-02-26

1. Introduction
#

This privacy policy informs you about which personal data we collect, how we process it, and what rights data subjects have.

Responsible for this website, the online shop, and data processing is: XenoElectronics

Website (EN/DE): https://xenoelectronics.com
Shop: https://shop.xenoelectronics.com

2. Controller (Verantwortlicher)
#

XenoElectronics Owner: Andreas Janshen Beim Jagdhaus 9 29556 Suderburg Germany E-Mail: info@xenoelectronics.com

3. Which Data is Processed
#

3.1 Through your entries and communication
#

We process data that you actively transmit to us:

Contact details: Name, email address, telephone number, postal address.
Content data: Texts of your inquiries (email, contact form, support tickets).

*Communication via messenger (WhatsApp Business & Telegram): * Contacting us via messenger services is a voluntary service offering. If you contact us via this channel, you consent to data processing in accordance with Art. 6 (1) (a) GDPR. We process your phone number, your username, and the content of your messages.

WhatsApp Business: We use WhatsApp Business (Meta Platforms Ireland Ltd.). We have configured WhatsApp so that there is no automatic synchronization of our address book. Nevertheless, for technical reasons, Meta processes metadata (e.g., communication time, IP address) and may transfer it to the US (secured by the EU-US Data Privacy Framework).
Telegram: We use Telegram (Telegram FZ-LLC) for direct communication and broadcast channels.

Important note: Please never send us highly sensitive data (such as unencrypted passwords, server keys, or personal client/patient data) via messenger. Please use only our PGP-encrypted email or our ticket system for this purpose.

Digital customer onboarding: We use a self-hosted, encrypted online form (operated on our own servers in Germany) to securely and efficiently collect master data and technical information for new orders. We process the data entered there exclusively for the purpose of preparing and fulfilling the contract (Art. 6 (1) (b) GDPR).

3.2 For Orders & Shipping (Online Shop)
#

If you order hardware, software, or services from us, we additionally process:

Delivery address: For processing the shipment.
Payment data: Bank details or transaction data for invoice processing (via Stripe).

3.3 Automatically Collected Data (Website Operation)
#

When visiting our website, technically necessary data is processed:

IP address (anonymized, unless needed to defend against attacks)
Browser type and operating system
Pages visited, date, and time
Referrer data
Server log files (e.g., for security analysis)

This data is technically required to ensure the secure operation of the website and to detect attacks or malfunctions (Legitimate Interest).

3.4 Within the Scope of IT Monitoring, Hosting & Support
#

Depending on the commissioned scope of services (managed hosting, monitoring, maintenance), we process the following on behalf of the client:

System status & log data: IP addresses, hostnames, error logs, update status, hardware identifiers (MAC addresses).
Remote access data: Connection logs during remote maintenance.
Network data: VPN connection data (overlay network).
Hosting content: Data that you store on cloud or web hosting systems managed by us.

Important Clarification: There is no content analysis of user data (e.g., e-mails, database contents) unless expressly commissioned for troubleshooting. Remote accesses occur exclusively with active consent or contractual agreement.

3.5 Social media presence, Fediverse & community platforms
#

We maintain online presences on various social networks and platforms (including Discord, LinkedIn, Reddit, Patreon, Bluesky, Mastodon, X/Twitter, Twitch, YouTube, and GitHub) to communicate with customers, prospects, and the tech community.

When you interact with our profiles or servers (e.g., on Discord), the terms of service and privacy policies of the respective platform operators primarily apply. We only process your data (e.g., usernames, messages) on these platforms if you contact us. For the privacy-friendly management of our own posts, we sometimes use the open-source tool “Postiz” (self-hosted on our own servers in Germany).

4. Purpose & Legal Basis of Processing
#

We process your data on the following legal bases (Art. 6 GDPR):

Fulfillment of Contract (Art. 6(1)(b) GDPR): Processing of support requests, shop orders, and hosting services.
Legitimate Interest (Art. 6(1)(f) GDPR): Security and stability of IT systems, protection against cyber attacks.
Consent (Art. 6(1)(a) GDPR): Contact via messenger services.
Legal Obligation (Art. 6(1)(c) GDPR): Retention of invoices for tax authorities.

5. Recipients of Data & Technical Infrastructure
#

We place the highest value on data sovereignty. Your data is primarily processed on systems that we control ourselves (“Self-Hosted”).

5.1 Core Infrastructure & Servers (Germany)
#

We operate our main infrastructure at Hetzner Online GmbH (Germany).

Purpose: Provision of virtual private servers (VPS). Here we operate our websites, the online shop, and our internal management systems for remote maintenance and secure networking. Full administrative control lies exclusively with us.

5.2 Secure Networking
#

For secure connections, we use an encrypted peer-to-peer network. Connections are end-to-end encrypted (E2EE). We use a self-hosted management instance in Germany. No connection data flows to foreign cloud operators.

5.3 Other Specialized Service Providers
#

Cloudflare, Inc. (USA) – Provision of DNS infrastructure (Domain Name System).
Amazon Web Services (AWS) (Luxembourg/USA) – Exclusively for transactional e-mail delivery.
Netlify, Inc. & GitHub, Inc. (USA) – Web hosting and source code version control.

5.4 AI services & work aids (e.g., code analysis)
#

We use AI-supported assistance systems (e.g., Google Gemini from Google Ireland Ltd.) for efficient troubleshooting, log file analysis, and code structure optimization.

We adhere to a strict principle of data minimization: only technical questions, anonymized log extracts, or code snippets are processed. At no time do we feed sensitive personal data of our customers (such as emails, database contents, customer names, or IP addresses) into public AI models. The legal basis for this is our legitimate interest in providing efficient and secure services (Art. 6 (1) (f) GDPR).

5.5 Web Analysis (Self-Hosted & Privacy-Friendly)
#

Plausible Analytics (Self-Hosted): We use the open-source software “Plausible Analytics” for statistical analysis of our website traffic. We host this software ourselves on our own servers in Germany (Hetzner). No cookies are set, no personal data is stored (IP addresses are immediately anonymized), and no data is transferred to external analysis services. Processing is based on our legitimate interest in the statistical evaluation of user behavior for the purpose of optimizing our offering (Art. 6 (1) (f) GDPR).

5.6 Communication & E-Mail
#

Proton AG (Switzerland) – Highly secure, encrypted e-mail traffic.
Video Conferencing & Online Meetings (Jitsi Meet) We use the open-source software “Jitsi Meet” for online meetings and remote maintenance calls. To ensure maximum data security, we operate this software entirely ourselves on our own servers in Germany (Hetzner). No audio, video, or connection data is transmitted to external third-party providers (as is the case with Zoom or Microsoft Teams, for example).

6. Data Processing in the Online Shop
#

We run our webshop on our own infrastructure (“Self-Hosted” via Docker at Hetzner) to protect your data as best as possible.

6.1 Shopping Cart & Order Processing
#

To allow you to order products, we process master data, e-mail addresses, and payment data. We only set technically necessary session cookies to save the contents of your shopping cart.

6.2 Payment Processing (Stripe)
#

We process payments via the service provider Stripe Payments Europe, Ltd. (Ireland).

Sensitive payment data is entered directly via an encrypted Stripe interface. We do not store complete credit card data ourselves.
Stripe may transfer data to the US for processing (secured by Standard Contractual Clauses and the Data Privacy Framework).

6.3 Shipping Providers
#

To deliver your goods, we pass your delivery address to the commissioned logistics partner. If you have expressly consented, we will also forward your e-mail address for tracking purposes.

7. Data Transfer to Third Countries
#

Generally, we process data within the EU/EEA. If services are used that transfer data to third countries (e.g., AWS, Cloudflare, GitHub, Stripe), this is done on the basis of the EU-US Data Privacy Framework (DPF) or on the basis of EU Standard Contractual Clauses (SCC).

8. Storage Duration
#

We delete personal data as soon as the purpose of storage no longer applies:

Invoice documents: 10 years (statutory retention period).
Commercial letters/E-mails: 6 years.
Server logs (Website): up to 30 days.
Cookies: According to technical duration (only session cookies in the shop).

In the event of payment default, we reserve the right to store data until the claim is fully settled (“Kill-Switch” / blocking, but no immediate data deletion for evidence purposes).

9. Rights of Data Subjects
#

You have the right at any time to access, rectification, erasure, restriction of processing, data portability, and withdrawal of granted consents. In addition, you have the right to object to the processing as well as the right to lodge a complaint with the competent data protection supervisory authority (The State Commissioner for Data Protection of Lower Saxony / Landesbeauftragte für den Datenschutz Niedersachsen).

10. Data Security
#

We use current security standards (TLS encryption, firewalls, two-factor authentication, overlay networks) to protect your data from unauthorized access.

11. Changes to this Privacy Policy
#

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements.

12. Contact
#

E-Mail: info@xenoelectronics.com

Legal Notice / Impressum Terms & Conditions (AGB) Service & Support

Disclaimer regarding the English translation: This English translation of our Terms and Conditions / Privacy Policy / Service Agreements is provided solely for your convenience and informational purposes. In the event of any discrepancies, conflicts, or contradictions between this translated version and the original German document, the original German version shall be exclusively legally binding and shall prevail in all cases.

Privacy Policy (Datenschutzerklärung)#

1. Introduction#

2. Controller (Verantwortlicher)#

3. Which Data is Processed#

3.1 Through your entries and communication#

3.2 For Orders & Shipping (Online Shop)#

3.3 Automatically Collected Data (Website Operation)#

3.4 Within the Scope of IT Monitoring, Hosting & Support#

3.5 Social media presence, Fediverse & community platforms#

4. Purpose & Legal Basis of Processing#

5. Recipients of Data & Technical Infrastructure#

5.1 Core Infrastructure & Servers (Germany)#

5.2 Secure Networking#

5.3 Other Specialized Service Providers#

5.4 AI services & work aids (e.g., code analysis)#

5.5 Web Analysis (Self-Hosted & Privacy-Friendly)#

5.6 Communication & E-Mail#

6. Data Processing in the Online Shop#

6.1 Shopping Cart & Order Processing#

6.2 Payment Processing (Stripe)#

6.3 Shipping Providers#

7. Data Transfer to Third Countries#

8. Storage Duration#

9. Rights of Data Subjects#

10. Data Security#

11. Changes to this Privacy Policy#

12. Contact#