Privacy Policy
#

Date: 02.02.2026

1. Introduction
#

This privacy policy provides information on what personal data we collect, how we process it, and what rights data subjects have.

Responsible for this website and data processing is: Xenoelectronics – Small Business

Website (DE/EN): https://xenoelectronics.com

2. Controller
#

Xenoelectronics – Small Business Owner: Andreas Janshen Beim Jagdhaus 9 29556 Suderburg Germany E-Mail: info@xenoelectronics.com

3. What Data is Processed
#

3.1 Through your Input & Communication
#

We process data that you actively transmit to us:

Contact Data: Name, e-mail address, phone number, postal address.
Content Data: Texts of your inquiries (e-mail, contact form, support tickets).
Communication via Messengers: If you contact us via services such as WhatsApp, Signal, or Telegram, your phone number and message contents will be processed. Please note that when using these services, data is processed on the servers of the respective providers (e.g., Meta Platforms, USA).

3.2 For Hardware Orders & Shipping
#

If you order hardware or physical goods from us, we additionally process:

Delivery Address: For processing shipping.
Payment Data: Bank details or transaction data for invoice processing.

3.3 Automatically Collected Data (Website Operation)
#

When visiting our website, technically necessary data is processed:

IP address (anonymized, unless required to ward off attacks)
Browser type and operating system
Accessed pages, date, and time
Referrer data
Server log files (e.g., for security analysis)

This data is technically required to ensure the secure operation of the website and to detect attacks or malfunctions.

3.4 Within the Scope of IT Monitoring, Hosting & Support
#

Depending on the commissioned scope of services (Managed Hosting, Monitoring, Maintenance), we process on behalf of the customer:

System Status & Log Data: IP addresses, hostnames, error logs, update status, hardware identifiers (MAC addresses).
Remote Access Data: Connection logs during remote maintenance.
Network Data: VPN connection data (Overlay Network).
Hosting Content: Data you store on cloud or web hosting systems managed by us.

Important Clarification:

There is no content analysis of user data (e.g., e-mails, database contents) unless expressly commissioned for troubleshooting.
Remote access takes place exclusively with active consent or contractual agreement.

4. Purpose & Legal Basis of Processing
#

We process your data on the following legal bases (Art. 6 GDPR):

Contract Fulfillment (Art. 6 (1) lit. b GDPR):
- Processing support inquiries.
- Execution of hardware orders and shipping.
- Provision of hosting, monitoring, and cloud services.
Legitimate Interest (Art. 6 (1) lit. f GDPR):
- Security and stability of IT systems (Monitoring).
- Protection against cyber-attacks (Server logs, Firewall).
- Legal prosecution and enforcement of claims (e.g., in case of non-payment).
Consent (Art. 6 (1) lit. a GDPR):
- Contact via messenger services (WhatsApp, etc.).
- Optional cookies or analysis tools.
Legal Obligation (Art. 6 (1) lit. c GDPR):
- Retention of invoices for tax authorities.

5. Recipients of Data & Third Parties
#

We only pass on data if this is necessary for contract fulfillment or if you have consented. We use the following specialized service providers (Sub-Processors):

5.1 Infrastructure, Hosting & Security
#

We use external service providers for hosting, cloud services, and development. Data may be processed on servers of these providers:

Hetzner Online GmbH (Germany) – Servers, Private Cloud & Backups. We also operate our own instances for VPN (NetBird) and remote maintenance (RustDesk) on these systems.
Cloudflare, Inc. (USA) – DNS, Content Delivery Network (CDN), DDoS protection & Web Security.
Amazon Web Services (AWS) (Luxembourg/USA) – E-mail sending (SES) and Object Storage (S3).
Netlify, Inc. (USA) – Hosting of static websites.
GitHub, Inc. (USA) – Code repositories & versioning (CI/CD).

5.2 AI Services & Work Aids
#

To optimize our workflows (e.g., code generation or error analysis), we use AI-supported systems:

Google Ireland Ltd. / Google LLC (Ireland/USA) – AI services (Gemini) and Web Analysis (Google Analytics).

5.3 Web Analysis (Privacy-friendly)
#

Plausible Insights OÜ (Estonia/EU) – We use “Plausible Analytics” for statistical evaluation of website visits. Plausible does not use cookies and does not store personal data.

5.4 Communication & Support
#

Proton AG (Switzerland) – Encrypted e-mail traffic.

5.5 Shipping & Logistics (for Hardware)
#

For the delivery of goods, we pass address data to:

Shipping service providers (e.g., DHL, UPS, Hermes, freight forwarders).

5.6 Financial Accounting
#

Tax advisors and tax authorities (within the scope of legal obligations).
Banks and payment service providers for payment processing.

All processors are contractually obliged (Data Processing Agreement acc. to Art. 28 GDPR) to treat your data confidentially.

6. Data Transfer to Third Countries
#

In principle, we process data within the EU/EEA. If services are used that transfer data to third countries (e.g., USA) (e.g., Google, AWS, Cloudflare, GitHub), this is done on the basis of appropriate guarantees. For US providers, we rely on the EU-US Data Privacy Framework (DPF), provided the suppliers are certified, or alternatively on the EU Standard Contractual Clauses (SCC).

7. Storage Duration
#

We delete personal data as soon as the purpose of storage no longer applies:

Invoice documents: 10 years (statutory retention obligation).
Business letters/E-mails: 6 years (statutory retention obligation).
Server logs (Website): up to 30 days.
Support & Monitoring logs: For the duration of the problem resolution or contract term.
Cookies: According to technical runtime.

In the event of payment default, we reserve the right to store data until the claim is fully settled or legally clarified (“Kill-Switch” / blocking, but no immediate data deletion for evidence preservation).

8. Rights of Data Subjects
#

You have the right at any time to:

Access to your stored data.
Rectification of incorrect data.
Erasure of your data (provided there is no legal retention obligation).
Restriction of processing.
Data portability.
Withdrawal of consent granted for the future.
Objection to processing based on legitimate interest.
Complaint to the competent data protection supervisory authority (Responsible for us: Die Landesbeauftragte für den Datenschutz Niedersachsen).

9. Data Security
#

We use current security standards (TLS encryption, firewalls, two-factor authentication, overlay networks) to protect your data against loss, misuse, or access by unauthorized persons.

10. Changes to this Privacy Policy
#

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services. The currently published version applies.

11. Contact
#

Email: info@xenoelectronics.com

Legal Notice Terms & Conditions Service & Support

Disclaimer:
This English version is provided for convenience only.
In case of any inconsistency, the German version shall prevail.

Privacy Policy#

1. Introduction#

2. Controller#

3. What Data is Processed#

3.1 Through your Input & Communication#

3.2 For Hardware Orders & Shipping#

3.3 Automatically Collected Data (Website Operation)#

3.4 Within the Scope of IT Monitoring, Hosting & Support#

4. Purpose & Legal Basis of Processing#

5. Recipients of Data & Third Parties#

5.1 Infrastructure, Hosting & Security#

5.2 AI Services & Work Aids#

5.3 Web Analysis (Privacy-friendly)#

5.4 Communication & Support#

5.5 Shipping & Logistics (for Hardware)#

5.6 Financial Accounting#

6. Data Transfer to Third Countries#

7. Storage Duration#

8. Rights of Data Subjects#

9. Data Security#

10. Changes to this Privacy Policy#

11. Contact#