Privacy & Cookie Statement

PART 1 – INTRODUCTION

Thank you for your interest in our company. The protection of your data is important to us, so we have made it our mission to safeguard and protect your data and your rights in relation to data. 

Personal data such as names, addresses, email addresses and telephone numbers are always processed in accordance with the General Data Protection Regulation, as well as with the country-specific data protection regulations relevant to us. This Privacy Policy contains information about the type of data that we collect, the extent to which we collect data and its purpose, and also about the rights that you have, provided that personal data has been collected or processed.

Throughout the Privacy Policy, we use various legal and technical terms. An explanation for these can be found in the section entitled “Definitions”.

As the persons responsible for data processing, we have taken various different technical and organizational measures to ensure the personal data that we process is protected as completely as possible. Internet-based data transfer can however create security gaps, which means that absolute protection cannot be guaranteed. For this reason, you also have the option to communicate personal data to us through alternative methods, i.e. by telephone.

This Privacy Policy applies to personal data of our customers and suppliers, as well as of the visitors to our website.

The company which is responsible for data processing (“XARA” or “we”) in accordance with the relevant Data Protection Laws (including the General Data Protection Regulation (Regulation (EU) 2016/679)) (“GDPR”) is:

Xara GmbH

Quedlinburgerstr. 1

10589 Berlin

GERMANY

Email: [email protected]

Important: Please note that this Privacy Policy may change from time to time. Please use this page to keep yourself up-to-date, as any possible future amendments will be made here.

If you do not agree with a certain aspect of our Privacy Policy, you are entitled to certain legal rights, where applicable. These are described in the respective section below.

PART 2 –  SUMMARY: OUR PRIVACY POLICY AT A GLANCE

  1. What personal data do we collect?

User data:

If you are a customer of XARA, i.e. a user of our software or services, we must collect and use certain personal data for the purposes described below, for example (1) name, email address and postal address, (2) support history from tickets or chat, (3) product or service usage data.

A detailed description of which personal data we collect in this way can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

Supplier data:

We require certain information from our suppliers and providers in order to ensure that operations run smoothly. This includes taking contact details for the responsible person in your company in order to communicate with them. We also require further information such as your bank details, so that we can pay you for the services that you have provided (subject to contractual agreement).

A detailed description of the personal data that we collect about you can be found in the section entitled “Our Privacy Policy in detail”.

Visitors to the website:

We collect a limited amount of data from visitors to the website. This is to facilitate navigation on our websites and to better manage the services that we offer to you. The data we collect in this way comprises information about how you use our website and how often you access it.

Further information about the data that we collect about you when you visit our website can be found in the section entitled “Use of Cookies” and  “Part 3: Our Privacy Policy in detail”.

  1. From whom is personal data collected?

User data:

We generally only collect your personal data directly from you.

Supplier data:

We only collect your personal data directly from you in the course of working together with you.

Visitors to the website:

When you visit the website, we automatically collect data using cookies in accordance with the cookie settings in your browser. We also collect data from you when you contact us via the websites, for example when you enter information into a contact form or use the chat function. Generally, we may collect certain data automatically as soon as you access our website or read or click on an email from us. More information about cookies and the choices that you can make relating to these can be found in the corresponding section in this Privacy Policy.

  1. Why we collect personal data and what we use it for

User data:

We collect and use information about our customers (i.e. users) primarily to make sure that the contractual agreement between you and XARA is properly implemented in order to ensure a smooth business relationship, and

in order to provide the right services to you, e.g.: (1) to deliver goods or services that you have purchased or registered for (2) to distribute updates and patches for your software and services, (3) to ensure that your software license is properly managed and to prevent product piracy or abuse of the service TOS, (4) to provide support, (5) to aid product development as well as (4) to provide you with information about Xara updates, features and offers which could be of interest to you.

More information about how we use your personal data can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

Supplier data:

We use your personal data primarily for two reasons: The first is to make sure that the contractual agreement between you and XARA is properly implemented in order to ensure a smooth business relationship. The second is to ensure compliance with legal regulations.

More information about how we use your personal data can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

Visitors to the website:

We use your data to primarily facilitate navigation on our website and analytics, as well as to ensure that any advertising displayed is relevant to you

More information about cookies, such as how we use them and which options are available to you can be found in in the section entitled “Cookies” and “Part 3: Our Privacy Policy in detail”.

  1. Disclosure of personal data

User data

We transmit your personal data for the following reasons: (1) to payment service providers in our online store (2) to companies that dispatch emails for us and/or (3) or to companies that provide us with support services.

An overview of the possible categories of recipient to whom your personal data can be disclosed can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

Supplier data

Unless you have specified otherwise, we can disclose your information to any of our group companies as well as associated third parties, e.g. service providers and organizations which we use and provide services for.

An overview of the categories of recipient to whom your personal data can be given can be disclosed in the section entitled “Part 3: Our Privacy Policy in detail”.

Visitors to the website

Unless you specify otherwise, we can give your information to web analytics service providers, affiliate networks, marketing automation platforms and social media services, in order to ensure that you only receive appropriately targeted advertisements.

In general, we reserve the right to also transmit your data to other countries outside the EU or EEA. In this case, we will however ensure a minimum level of data protection corresponding to the GDPR level of protection, through the appropriate arrangements.

  1. Duration for which we store personal data

The criteria for the duration of storage for personal data is the respective legal retention period, after which the data will be deleted. In addition to this, we save the respective data only provided that they are still necessary for the fulfillment of a contract.

More information about our basic procedures relating to storage of personal data can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

  1. Rights of the person affected – which rights do you have in relation to your personal data stored by us?

Even if we already hold your personal data, you are entitled to various rights with regard to this information. If you would like to talk to us regarding this, please do not hesitate to contact us. We will make every effort to take care of your query as soon as possible and every case will be treated in accordance with applicable legal regulations. Please note that we may record our communication in order to better solve the issues raised by you.

Insofar as we save your personal data, certain legal rights apply (the “rights of the person affected”), which we will outline here. More information about individual rights can be found in the section entitled “Part 3: Our Privacy Policy in detail”.

  • Right to access information

At any time, you have the right to request us to confirm which information we have saved about you, and to request that this information be changed, updated, or deleted. We can then comply with your request. We also have the following options:

o     We may ask you to confirm your identity, or request further information, and

o     provided that this is permitted by law, we can decline your request. In this case, we will explain the reasons for doing so.

  • Right to objection:

If we use your data because we believe this is in our legitimate interests and you do not agree, you have the right to object. We will respond to your request within 30 days. In certain cases, we are entitled to extend this period.  We will usually only disagree in very narrowly defined circumstances.

  • Right to revoke consent:

If we have obtained your consent to process your personal data for specific activities (for example, in order to send you advertisements), you can revoke this consent at any time.

  • Right to correction

You have the right to request that the personal data concerning you be immediately corrected or amended.

  • Right to deletion

In certain situations (for example, if we have unlawfully processed your data) you have the right to request us to delete your personal data. We will reply to your request within 30 days (in certain cases, we may however have the right to extend this period) and we will only disagree in very specific, narrowly defined circumstances – for example, if the data is absolutely necessary in order to continue to provide our services to you or to ensure the protection of our intellectual property. If we agree to your request, we will delete your data, but we will generally assume that you wish your name to be included in the list of persons that do not want to be contacted. In this way, we minimize the chance that you will be contacted in the future should your data be collected separately under other circumstances. If you do not wish this, please let us know.

  • Right to restrict processing

Instead of requesting deletion, you can also request from us that the processing of your data be restricted or blocked. We will also reply to this request within 30 days, except if we still need the data, for example in order to continue to provide our services to you or to ensure the protection of our intellectual property.

  • Right to data portability

Should you wish, you have the right to transfer your data from us to another person responsible. We will support you by transferring your data directly for you or by providing you with a copy in a standard machine-readable format.

  • Rights relating to automated decisions (profiling)

Under certain circumstances, you have the right not to be subject to a decision that has been based exclusively on automated processing and that will have legal effect against you. However, under certain circumstances we may have a legitimate interest in such automated decision-making.

  • Right of appeal to a regulatory body

You also have the right to lodge a complaint with a local regulatory body. Details about this can be found in the section entitled “Our Privacy Policy in detail”.

  1. Use of cookies

Our websites/web services use “cookies”. Cookies are small text files that are saved on the hard drive of your PC (client) for a defined period.

Most cookies we use are deleted at the end of the browsing session (known as session cookies).

Other cookies stay on your computer and allow us to recognize your computer on your next visit (permanent or persistent cookies).

Cookies usually contain a “cookie ID”. This is a pseudonymized date in the form of a unique cookie identification. It consists of a series of characters that can be used to associate websites and the servers with a specific Internet browser (client) in which the cookie is saved.

Cookies are generally distinguished into first and third party cookies. First party cookies will only be assigned by the website that you are currently on (for example, the website under the domain XARA.com).

XARA uses first party cookies for essential website functions, like for storing website settings, restoring sessions and for securing your session data. However, most areas of our website essentially work without the use of cookies.

Within this process, access only occurs in impersonalized form and exclusively when you visit our website. Other websites cannot access this information.

Third party cookies are set by a third party provider that has been authorized by XARA, i.e. not by the actual website that you are currently viewing.

By using cookies, we can adjust our offers to best meet customer preferences and can make browsing our site as convenient as possible for you (advertising, conversion tracking and personalization).

In addition, we use third party providers in order to collect online statistics (analytics) as a basis for measuring the success of our advertising offers and subsequently improving them. Even when cookies from third party providers are used, data is only accessed in an anonymized form.

An overview of third parties on our websites can be found in the section entitled “Our Privacy Policy in detail”.

All essential services from our website/web services essentially work without the use of third party cookies.

You may prevent the installation of cookies anytime by selecting the option “Do not accept cookies” in your browser. In addition, you can at any time delete cookies via your Internet browser or another software program. This can be done with any standard Internet browser.

 

PART 3: OUR PRIVACY POLICY IN DETAIL

 A. Detailed information about the processing of user and supplier data

  1. What personal data do we collect?

 User data:

We collect some data about our customers and users that we require to implement contracts and for license management. We therefore require your email address in order to create a user account, which is required to deliver our service. If you are using the Share Editing feature of our Xara Cloud service, we require the email addresses of the people you wish to share editing of your document with, for as long as the document is shared with them. We may also require further information from you (e.g. name, postal address, country of residence), for instance for signing up for emails or subscribing to services. We may also collect product or service ownership and usage data from you in order to provide support and updates, and aid in the development of a reliable and stable product( for instance via support tickets or chat, surveys, crash logs and online service usage logging). You may also provide us with further data – this is optional. The specific data collected depends on the form or input mask used, or as requested by our support staff over the phone.

If for any reason we require additional personal data from you, we will let you know.

Website Data:

We analyze the use of our websites with Google Analytics. Here, specific computer data (including your computer’s hardware key, processor name etc.) is used to create a pseudonymized profile, which collects usage data in order to improve our products. We also collect information about the use of our website and Xara Cloud service using Segment. 

More information about this can be found in the section entitled “Detailed information on the use of our websites”.

Supplier data:

We only collect data about suppliers insofar as this is necessary, in order to maintain a streamlined business relationship. We collect data about our contact person in your organization, and some names, telephone numbers and email addresses. We also collect bank data for the purpose of making payments to you. We can also collect additional information that someone from your organization has shared with us. In certain circumstances, e.g. if you have been in contact with our financial department or billing department, our telephone calls with you may be recorded, regardless of local regulations and requirements.

  1. From whom is personal data collected?

We generally only collect your personal data directly from you.   If you use the Share Editing feature of our Xara Cloud service then we will collect the email address of the people you wish to share editing of your document with.  

  1. Why we collect personal data and what we use it for

 User data:

In general, we use data on our users and customers in the following ways:

a) Advertising measures

We may send you information at regular intervals that we believe to be of interest to you, and also inform you of certain discounts and special offers to which you are entitled as a result of your business relationship with us.

We require your consent for some aspects of these activities that are not covered by our legitimate interests (in particular for data collection using cookies and direct marketing to you through our digital channels). According to the circumstance, we will ask for your explicit consent via “opt-in” or silent consent via “soft opt-in”(see below).

Consent via “soft opt-in” is a specific form of consent that applies if you have had business dealings with us before (e.g. you have ordered a product from us or registered a domain with us) and we may advertise other products or services within this context. For consent via “soft opt-in”, we will consider your consent as provided, as long as you do not withdraw it.

You can revoke your consent at any time. More information about this can be found in the section that describes our Privacy Policy in detail.

Our advertising as a whole is based on entities that we consider to be especially helpful to our customers and users. However, we are aware that we do not always do things the right way for everybody. We may use your data to display you advertisements and other XARA content on other websites, e.g. Facebook. If you do not wish your data to be used in this way, please change the cookie settings in your browser, as described above. Even if you deactivate advertisement cookies, it’s possible that you may continue to receive XARA advertisements. If this happens, it is because the advertisement is targeted towards an anonymous target group and not towards you specifically.

b) Functionality of our products and services and security of our intellectual property rights

We are dependent on protecting our intellectual property rights, not least for the purposes of being able to offer you our products and services at their usual standard of quality and at attractive prices. In order to guarantee effective protection of our intellectual property and enable you, depending on the product, to use our software or service on one of more computers, each installation of our software or service is linked to your user account, where certain data must be obligatorily saved (minimum email address). It is only in this way that we can provide you with access to and updates for your software or service. To guarantee smooth operability of our products or service, you are therefore required to provide us with the above mentioned data.

If you use the Share Editing feature of our Xara Cloud service then we will collect the email address of the people you wish to share your document with. This is essential to provide the feature, the shared email addresses will not be used for any other purpose.

c) Accounting

Besides, we use your information for accounting purposes in connection with your license agreement, this is necessary to enable us to bill you for our services and create proper legal accounting records.

d) Support and product development

We may also use the data we collect in order to provide our support services with the information they require in order to give proper support (for example ownership and usage information, support history) and our developers the information required to further enhance and develop our products (for example information provided by surveys, crash dumps and usage logs of online services).

e) Assertion, exercise or defense of legal rights

In unusual cases, we may also use your personal data in order to assert, exercise or defend legal rights.

We may use your personal data for these purposes if it corresponds with our legitimate interests. More information about what this means can be found in the section entitled “Our Privacy Policy in detail”.

Supplier data:

We will only use your information in order to conduct our business relationship with you in an optimal manner. To this end, we save your data in our database so that we can contact you in accordance with our agreement and can use your services. In unusual cases, we will use this data for the assertion, exercise or defence of legal rights. 

  1. Disclosure of personal data

We may share your personal data with the following categories of people in a variety of ways and for a variety of purposes, as appropriate and in accordance with local laws and regulations:

  • All group companies, and MAGIX Software GmbH of 1, 10589 Berlin, GERMANY
  • Tax authorities, audit authorities or other authorities, if we in good faith believe that we are required by law or other regulation to disclose such information (for example, because of a request from a tax authority or in connection with an anticipated legal dispute)
  • External service providers that provide services in our name (including external email providers, auditors and accountants, technical support, e-commerce providers)
  • Providers of external IT services and storage providers, if a corresponding arrangement (or similar assurance) exists
  • Marketing technology platforms and suppliers

You can find further information on some of these third parties under „B: Detailed information about the use of our website“ below.

If in future we merge with or are acquired by another company (or should meaningful discussion about such a possibility take place), we may disclose your personal data to the (future) new company owners.

In general, we reserve the right to also transmit your data to other countries outside of the EU or EEA. In this case, we will however ensure a minimum level of data protection corresponding to the GDPR level of protection, through the appropriate arrangements.

  1. Duration for which we store personal data

 We process and save personal data solely for the duration necessary for achieving the purpose for which the data was stored, or as stipulated in laws and requirements set by the European directive and regulation provider or another legislator to which we are subject.

If the storage purpose ceases to apply or if a storage period prescribed by European directive and regulation provider or another competent legislator expires, the personal data will be deleted routinely and in accordance with the statutory provisions.

  1. How we protect your personal data

We will adopt all reasonable and appropriate measures to protect the personal data we have stored from misuse, loss or unauthorized access. To this end, we have taken a range of technical and organizational measures. This includes measures to deal with any suspected breaches of data.

If you believe that your personal data has been misused or has been lost or has been accessed without authority, please inform us immediately. Our contact details can be found in Part 1 of this Privacy Policy.

B: Detailed information about the use of our website

As mentioned above, we collect a limited amount of data from visitors to our websites in order to facilitate navigation of our websites and to better manage the services that we offer to you. You can use our websites without having to provide any personal data. In certain cases (e.g. Store orders, product activation etc.), processing of personal data may be required.

  1. General data and information collection

Our websites collect a variety of general data and information each time one of their pages is loaded. This general data and information is saved to our server log files. Data that may be collected includes (1) browser types used and their versions, (2) operating system used, (3) the website from which an accessing system reaches our websites (what is known as a “referrer”), (4) subpages on our websites that are accessed by an accessing system, (5) date and time of visit to websites, (6) an Internet Protocol Address (IP address) and (7) any other similar data and information, that could serve as hazard prevention in the event of an attack on our IT systems.

No conclusions are drawn about the person concerned during the use of this general data and information. This information is required in order to (1) correctly transmit the content of our website, (2) optimize content of and advertising for our website, (3) guarantee the permanent functional operability of our information technology systems and technology for our website, and (4) in the event of a cyber attack,provide law enforcers with necessary information for prosecution. This anonymously collected data and information is therefore evaluated by us statistically and also with the aim of increasing data protection and data security in our company ultimately to ensure an optimum level of protection for the personal data processed by us.

  1. Registration on our website

You can register your personal data on several of our websites, for instance by setting up a user account, downloading a trial or signing up to a newsletter.The specific personal data you submit to XARA is dependent on the type of input mask used for registration. The personal data submitted by the person concerned will be collected and stored for the sole purpose of internal use and purposes by XARA. We may arrange for disclosure to one or more contract processors, who also use the personal data exclusively for an internal use that is attributable to us.

When registering on a XARA website, the IP address provided by your Internet service provider (ISP), date and time of registration will also be stored. This data is stored against the background that the misuse of our services can only be prevented in this manner and that this data may enable committed criminal offences to be investigated. In this respect, the storage of this data is necessary for XARA security reasons. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution.

Registration by voluntarily submitting data also enables us to offer you content or services that may only be offered to registered users due to the nature of the offer. Registered users are free to modify personal data submitted during registration or have them deleted in entirety from our database.

Upon request, we will provide you at any time with information about which personal data we have stored about you. We will also correct or delete personal data upon your request or notification, as long as this does not conflict with any legal storage obligations.

Our Xara Cloud service offers sign-up and sign-in with Google / Dropbox or Microsoft credentials and the ability to store and retrieve data in Google Drive / Dropbox or Microsoft OneDrive via OAuth.

  • How we use Google / Dropbox or Microsoft Data for Xara Cloud integrations:

Data is used as required to allow customers to access our service and store and retrieve documents in their Google Drive / Dropbox or OneDrive while using our service. If Google, Dropbox or Microsoft credentials are used for sign-up then the email address can subsequently be used to sign-in to our service and will be used as the primary contact for the Xara Cloud account holder. The user’s `accessToken` is used every time that a customer stores or retrieves data on their cloud drive from within our service.

  • How we store Google / Dropbox or Microsoft Data:

We store account data (Account Name, Email address, Country where provided) in a secure (not externally available) database system. Access to the database is restricted to the database / server management team within Xara. The data itself is stored within a secure data center (Amazon Web Services).

No Google, Dropbox or Microsoft passwords are stored within any Xara Cloud systems.

  • How we share Google / Dropbox or Microsoft Data:

If Google/ Dropbox or Microsoft credentials are used for sign-up then the email address is the primary contact for the Xara Cloud and may be shared with external service providers to deliver emails relating to the our service.

  1. Subscription to our newsletters

Users have the option of subscribing to our newsletters via our websites. The specific personal data you submit to us when signing up to the newsletter is dependent on the type of input mask used.

You can only receive our newsletter if you (1) have a valid email address and (2) have registered for newsletter distribution.

When registering for the newsletter, the date and time of registration will also be stored.

Personal data stored within the scope of registration for newsletters will only be used for the distribution of our newsletter. This data will be transmitted to Selligent GmbH, Atelierstr. 12, 81671 Munich,] and/or Intercom R & D, 18-21 St. Stephen’s Green, Dublin 2, Ireland to whom our newsletter distribution is contracted. No data is disclosed to any third parties not specifically mentioned in this privacy policy. You can cancel the use of your email address for advertising purposes at any time by clicking “Unsubscribe” at the bottom of the newsletter. You can at any time revoke the consent you have granted for storing personal data in order to receive our newsletter.

  1. Newsletter tracking

The XARA GmbH newsletters contain what are known as tracking pixels. A tracking pixel is a miniature graphic embedded in emails in HTML format for the purposes of recording and analyzing log files. This enables us to conduct a statistic evaluation of the success or failure of our online marketing campaigns. On the basis of the technology used, we can recognize whether and when an email was opened by you and whether you clicked on the links within the email.

Data collected in this manner is stored and evaluated on our account by Selligent GmbH, Atelierstr. 12, 81671 Munich, and/or Intercom R & D, 18-21 St. Stephen’s Green, Dublin 2, Ireland in order to optimize newsletter distribution and modify the content of future newsletters further so that they match the interests of the person receiving the newsletter. Your data will not be disclosed to any third parties not specifically mentioned in this privacy policy. You can revoke your declaration of consent for this, which you have granted separately, in this regard at any time.

  1. Contact options via the websites

Our websites contain legally required information, which enables us to be contacted rapidly in a direct manner, for instance by email. If you contact us by email or via a contact form, the personal data submitted by you will be stored automatically. We store this voluntarily submitted personal data for purposes of handling or to communicate with you; we will not pass it on to third parties.

  1. Service related emails

The Xara Cloud website and service include some account related options such as password reminder requests, some of which are operated on our behalf by Mailgun Technologies Inc, 535 Mission Str, 14th Floor, San Francisco, CA94105.

  1. Use and application of third party tools and services on our websites

We have integrated various third-party components on our websites, primarily for the purpose of optimizing your surfing experience and analyze user behavior on our websites. The following provides you with more information about this:

a) Google

We use various services provided by Google, Inc. on our websites. The operator for the services of Google Remarketing is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The following services are integrated into our websites:

  • Google Analytics

XARA has integrated Google Analytics components into its websites.

The operator for Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google complies with the data protection provisions of the “Privacy Shield” agreement and is registered with the U.S. Department of Commerce’s “Privacy Shield” program. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Google Analytics is a web analytics service. Web analytics is the collection, organization and analysis of data on the behavior of visitors to websites. A web analytics service collects, among other things, data on which websites a person concerned came to a website from (“referrer” URLs), which subpages of the websites were accessed or how often and for how long a website was viewed. These web analysis metrics are mainly used as a data basis for optimizing the functions and contents of a website.

Google Analytics sets a cookie on the computer of the person concerned. The definition of cookies has been provided above. Using cookies enables Google to analyze the use of our websites. Each time a user visits one of the pages of the websites that are operated by XARA and upon which Google Analytics components are embedded, the Internet browser on the computer of the person concerned is automatically prompted by the Google Analytics components to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address of the person concerned, which enables Google to trace the origin of the visitors and their behavior on the site, among other things. 

Cookies are used to store personal information, such as access time, the location from which access came and the frequency of visits to our websites by the person concerned. For every visit to our websites, this personal data, including the IP address of the Internet connection used by the person concerned, will be transferred to Google in the United States of America. This personal data will be stored by Google in the United States of America. Google may disclose the personal data collected through this technical process to third parties. 

You can prevent the setting of cookies by our websites, as described above, at any time via the settings for your Internet browser and thus permanently object to the setting of cookies. This Internet browser setting will also prevent Google from setting a cookie on the computer of the person concerned. In addition, cookies that have already been set by Google Analytics can be deleted via your Internet browser or another software program.

Furthermore, the person concerned has the option to object to and prevent the recording of data on the use of these websites by Google Analytics and the processing of this data by Google. To do so, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on communicates to Google Analytics via JavaScript that data and information regarding visitors to websites may not be transferred to Google Analytics. The installation of the browser add-on will be considered as an objection by Google. If the information technology system of the person concerned is at a later point in time deleted, formatted or reinstalled, the person concerned must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person under their authority, it is possible to reinstall or reactivate the browser add-on.

Further information and the Google Analytics Privacy Policy can be viewed at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/intl/de/analytics/privacyoverview.html.

  • Google Remarketing

Google Remarketing is a feature of Google AdWords that allows us to display advertisements to Internet users who have previously spent time on our websites. In this way we can create user-related advertising and display advertisements relevant to you, for instance through the Google advertising network.

Google Remarketing uses cookies. This enables Google to recognize a visitor to our websites if they subsequently access websites that are also members of the Google advertising network. Upon each visit to a website where Google Remarketing has been integrated, Google automatically identifies the Internet browser of the person concerned. As part of this technical process, Google obtains knowledge of personal data, such as the IP address or surfing behavior of the user, which Google uses to display relevant advertising or advertising of interest to the user, among other things.

Cookies are used to store personal data, for instance data on the websites you visit. For every visit to our websites, therefore, personal data including the IP address of the Internet connection you use will be transferred to Google in the United States of America. This personal data will be stored by Google in the United States of America. Google may disclose the personal data collected through this technical process to third parties.

You can prevent the setting of cookies by our websites, as described above, at any time via the settings for your Internet browser and thus permanently object to the setting of cookies. This Internet browser setting will also prevent Google from setting a cookie on the computer of the person concerned. In addition, cookies that have already been set by Google Analytics can be deleted via your Internet browser or another software program.

You can also choose not to receive interest-based advertising from Google. To do this you need to go to www.google.de/settings/ads on each of the Internet browsers you use and modify the settings there.

Further information and the Google Privacy Policy can be viewed at https://www.google.de/intl/de/policies/privacy/.

  • Google AdWords

Google AdWords is an Internet advertising service that permits advertisers to place ads in Google search engine results and in the Google advertising network. Google AdWords enables advertisers to set predefined keywords: an advertisement will be displayed in Google search results only if the user’s search engine results are relevant to the keywords. Within the Google advertising network, advertisements are distributed to thematically relevant websites by means of an automatic algorithm and predefined keywords.

Google AdWords are used for the advertisement of our websites through the placement of interest-based advertisements on websites of other companies and in the search engines results for search engine Google, as well as the placement of third party advertisements on our website.

Should a person arrive at our website via a Google advertisement, Google will set a “conversion cookie” on the computer of the person concerned. The definition of cookies has been provided above. A conversion cookie loses its validity after a limited period of time and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain subpages, such as the shopping basket of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a person who has placed an ad on our website has generated revenue, that is, whether they have completed or canceled a purchase of goods.

The data and information obtained through the use of conversion cookies are used by Google to create statistics about visits to our website. These visitor statistics are in turn used by us to determine the total number of users who arrived at our website via AdWords advertisements, as well as the success rate of the corresponding AdWord advertisement, and to optimize our AdWords advertisements in the future. Neither our company nor the other clients of Google AdWords receive information from Google which could identify the person concerned.

By means of conversion cookies, personal data is saved, for example the websites that have been visited by the person concerned. For every visit to our websites, therefore, personal data including the IP address of the Internet connection of the person concerned, will be transmitted to Google in the United States of America. This personal data will be stored by Google in the United States of America. Google may disclose the personal data collected through this technical process to third parties.

You can prevent the setting of cookies by our websites, as described above, at any time via the settings for your Internet browser and thus permanently object to the setting of cookies. This Internet browser setting will also prevent Google from setting a conversion cookie on the computer of the person concerned. In addition, cookies that have already been set by Google AdWords can be deleted via your Internet browser or another software program.

In addition, the person concerned can choose not to receive interest-based advertising from Google. To do this you need to go to www.google.de/settings/ads on each of the Internet browsers you use and modify the settings there.

Further information and the Google Privacy Policy can be viewed at https://www.google.de/intl/de/policies/privacy/.

b) Bing Ads

 XARA has integrated Bing Ads into this website. Bing Ads is an Internet advertising service that allows advertisers to place ads both in Bing’s search engine results and in the Bing advertising network. Bing Ads allows an advertiser to specify certain keywords in advance, which are used to display an ad in Bing’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Bing advertising network, the ads are distributed to topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The operating company for Bing Ads’ services is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

The purpose of Bing Ads is to promote our website by displaying interest-relative advertising on Bing.com (and websites operated by Bing such as MSN.com, Bing.de and Bing.co.uk), AOL and Yahoo.com (including websites operated by Yahoo). The search network also includes third-party websites operated by Microsoft and Yahoo consortium search partners.

If you access our website via such an advertisement, a cookie is placed on your computer. A conversion cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain subpages, such as the shopping basket of an online shop system, have been accessed on our website. The conversion cookie enables both Microsoft and us to track whether a person affected who came to our website via a Bing-Ads advertisement generated revenue, i.e., whether they completed or cancelled a purchase of goods.

A Bing UET tag is integrated into our website. This is a code used in connection with the cookie to store personal information, such as the web pages visited by the person concerned. Personal data, including the IP address of the Internet connection used by the person concerned, is therefore transferred to Microsoft in Australia, Austria, Brazil, Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Malaysia, the Netherlands, Singapore, the United Kingdom and the United States of America each time he or she visits our website. This personal data is stored by Microsoft in Australia, Austria, Brazil, Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Malaysia, the Netherlands, Singapore, the United Kingdom, and the United States of America.

In addition, Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, enabling you to display personalized advertising on or in Microsoft webpages and apps.

You can disable this behavior at https://account.microsoft.com/privacy/ad-settings/ (Opt Out).

The person concerned can prevent the saving of cookies through our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. This Internet browser setting will also prevent Microsoft from setting a Bing Ads cookie on the information technology system of the person concerned. In addition, a cookie already stored by Bing Ads can be deleted at any time via the Internet browser or other software programs.

Furthermore, the person concerned has the possibility to withdraw from interest-related advertising by Bing Ads. To do this, the person concerned must select the link https://account.microsoft.com/privacy/ad-settings/ from each of the Internet browsers they use and select the desired settings there.

For more information on Bing Ads’ analytics services, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). For more information about Microsoft and Bing’s privacy policy, please see the Microsoft Privacy Policy (https://privacy.microsoft.com/de-de/privacystatement).

c) LinkedIn

LinkedIn is a social network for building and maintaining professional business contacts and offers tailored search functions and tools as part of its talent, marketing and sales offering. Users create a career profile that can be viewed privately and publicly according to their own wishes and settings (see Profile settings for data protection and opt out).

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

As part of its service offering, LinkedIn collects public information (such as career-related news and achievements) and other content that may include information about the specific LinkedIn user (such as mentions in articles, posts, comments). You can choose to opt-out of this. As a targeted social media network with millions of global users, LinkedIn is also a B2B advertising medium for companies through which different ad formats can be targeted to different users. LinkedIn does not share personal data with third parties for their direct marketing purposes without the user’s consent; see profile settings for advertisements and opt-out and opt-out for surveys and services)

LinkedIn stores cookies and similar technologies (e.g. web beacons, pixels, ad tags, device identifiers) to recognize the user and his or her platform both off- and on the platform. Users can restrict this tracking within the display preferences under the “Guest Controls“.

XARA operates its own LinkedIn profile to advertise career opportunities on the one hand, and to advertise specific XARA products on the other. Every XARA post on the company profile shows how many users have carried out a specific action organically or through paid advertising. XARA also sponsors content via LinkedIn in the form of sponsored posts, text ads, and videos. In addition to the organic reach of the followers, these advertisements are aimed at specific target groups. Target groups can be created based on various targeting options, e.g. by location, professional title, skills, and interests. LinkedIn uses the user’s own profile information and targets the individual user approvals that the user has configured in his profile. XARA receives information on the effectiveness of advertisements by tracking user behavior via cookies and similar technologies. Depending on the advertising campaign, the LinkedIn Insight Tag and specific LinkedIn scripts installed on the XARA homepage measure whether a specific product has been added to the shopping cart or purchased. If preferred, the user can limit this in the LinkedIn display settings.

 d) YouTube

We use YouTube to embed videos on our websites.

YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The videos are embedded in the extended data protection mode. Like most websites, however, YouTube also uses cookies to collect information about the visitors to its website. YouTube uses them, among other things, to collect video statistics, to prevent fraud, and to improve user-friendliness. This also leads to a connection with the Google DoubleClick network. Starting the video could trigger further data processing. We have no influence on this.

For more information about privacy at YouTube, please see their privacy policy at: http://www.youtube.com/t/privacy_at_youtube

e) Intercom

We use Intercom (operated by Intercom R&D Unlimited Company, 18-21 St. Stephen’s Green, Dublin 2, Ireland) for Xara Cloud messaging services and support, including emails, chat and in-service messages, and for analytics on usage of Xara Cloud.

Data processed by Intercom may include personal information such as names, email addresses and IP addresses of customers, potential customers and other users of and visitors to our websites or cloud service, which information may be input into Intercom by Xara (for example data collected when a customer registers for Xara Cloud) or collected using Segment tags, scripts and other code implemented on our website or cloud service pages, or information contained in communications between Xara and customers using the messaging / chat features of Intercom. Furthermore Intercom may add publicly available information such as social media profiles.

For more information about privacy at Intercom see: https://www.intercom.com/terms-and-policies#privacy

f) Segment

We use Segment (Segment.io, Inc of 101 15th St, San Francisco, CA 94103, USA) to collect information about the use of our cloud service and website using tags, scripts and other code implemented on our website or cloud service pages, and to route that data to other services, such as Google Analytics or Intercom. 

For more information about privacy at Segment see: https://segment.com/docs/legal/privacy/

  1. Privacy policy for the payment methods offered

 Payment options

During payment, you will be forwarded to the payment page of our e-commerce provider. If you subscribe from within our service, while already logged in, we will forward your email address, and your name and postal address if you have given us that information at registration, to our payment provider Chargebee Inc. of 340 S Lemon Avenue, Suite 1537, Walnut, California 91789.

Any financial data requested for completing the payment will be directly requested through the provider by the payment gateway Stripe Payments Europe Ltd of Ireland, and we cannot view or access this information.

C. Your rights regarding the processing of personal data in detail

Insofar as we store your personal data or process this in additional ways, special legal rights apply (the “rights of the person affected”), which we will briefly outline here.

  1. Right to access information

You have the right to demand a confirmation of which personal data about your person has been stored, at any time and for free. In addition you have the right to receive a copy of this information. The right to access information additionally covers:

  • the purpose for which the data is processed;
  • the categories of personal data that are processed;
  • the recipient or categories of recipients to whom the personal data has been or will be made available, in particular recipients in third countries or international organizations;
  • where possible, the planned duration for which the personal data will be saved or, where this is not possible to establish, the criteria for determining this duration;
  • the existence of a right to rectification or deletion of the personal data or to limit processing of this data by the party responsible or right to object to the processing of same;
  • the existence of a right to appeal through a supervisory authority;
  • the existence of an automated decision including profiling in accordance with Article 22 Para. 1 and 4 of the Data Protection Regulation and, at least in these cases, the existence of meaningful information regarding the logic involved, as well as the scope and the desired effects of such processing on you.

You also have a right of access to information on whether personal data has been transferred to a non-EU country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transmission.

  1. Right to correction

You have the right to request that incorrect personal data concerning you be promptly corrected. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, also by means of a supplementary declaration.

  1. Right to deletion (Right to be forgotten)

You have the right to request us to promptly delete the personal data concerning you, providing that one of the following reasons applies and as long as the processing is not necessary:

  • The personal data has been collected or processed for reasons that are no longer necessary.
  • You revoke your consent on which the processing was based pursuant to Art. 6 Para. 1 Letter a of the GDPR and there is no other legal basis for processing.
  • You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate and justified reasons for the processing on our part, or you object to the processing pursuant to Art. 21 Para. 2 of the GDPR in the case of data processing for advertising purposes.
  • The personal data has been unlawfully processed by us.
  • Deletion of personal data is necessary for complying with a legal obligation under Union law or the law of the Member States to which we are subject.
  • The personal data was collected in relation to information society services pursuant to Art. 8 Para. 1 of the GDPR.

Provided that one of the aforementioned reasons applies and you wish to have the personal data stored by us deleted, you can contact us with your request at any time. They will then ensure that the request for the deletion is promptly complied with.

In principle, we do not release any personal data publicly. However, should we release personal data publicly and as the responsible party be obliged to delete personal data pursuant to Art. 17 Para. 1 GDPR, we will take appropriate measures (also of a technical nature), under consideration of the technology available and the cost of implementation, in order to inform other persons responsible for data processing and who process the published personal data that you have requested that these other persons responsible for data processing delete all links to this personal data as well as its copies and replications, insofar the processing is not necessary.

  1. Right to restrict processing

You have the right to request a restriction on the data processing if one of the following conditions is met:

  • You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of this data.
  • The processing is unlawful, you reject the deletion of personal data and instead request a restriction of the use of the personal data.
  • We no longer need the personal data for processing reasons, however, you yourself require the data in order to assert, exercise or defend legal claims.
  • You object to the processing pursuant to Art. 21 Para. 1 of the GDPR at it is not yet clear whether the legitimate reasons on our part outweigh your legitimate interests.

Provided that one of the aforementioned conditions is met and you wish to restrict the personal data stored by us, you can contact us at any time. They will then ensure that the data processing is restricted.

  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided us with in a structured, standard machine-readable format. You also have the right to request us to transmit this information to another person responsible, provided that the processing is based on consent pursuant to Art. 6 Para. 1 Letter a of the GDPR or a contract pursuant to Art. 6 Para. 1 Letter b of the GDPR and providing that the processing is carried out using automated methods.

When exercising your right to data portability pursuant to Art. 20 Para. 1 of the GDPR, you also have the right to have us transfer the personal data directly to another person responsible, as long as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

  1. Right to objection

At any time, for reasons specific to you, you have the right to object to the processing of personal data concerning yourself that has been carried out on the basis of Art. 6 Para. 1 Letter f of the GDPR in order to protect our legitimate interests. This also applies to profiling based on this regulation.

In the case of of an objection, we will no longer process the personal data, unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms as the person concerned or unless the processing is intended to assert, exercise or defend legal claims.

Should we process personal data for direct marketing purposes, you have the right to object at any time to the personal data being processed for this purpose. This also applies to profiling, should this be directly related to this direct marketing. If you object to data processing for direct advertising purposes, we will no longer process your personal data for this reason.

  1. Right to revoke data protection consent

You have the right to revoke your consent to the processing of personal data at any time.

  1. Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal effect against you or significantly affects you in a similar way, unless (1) the decision is necessary for the conclusion or fulfillment of a contract between you and us, or (2) is permissible due to Union or Member State law to which we are subject and this law contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or (3) occurs with your express consent.

If the decision (1) is necessary for the conclusion or fulfillment of a contract with you or (2) is made with your express consent, we will take reasonable measures to protect your rights, freedoms and legitimate interests, including at least the right for a person on our side to intervene in the decision making, for you to state your position and for you to challenge this decision.

  1. Right of appeal to a regulatory body

 You have the right to lodge a complaint with a local regulatory body.

Contact information for the responsible a local regulatory body:

Berlin Officer for Data Protection and Freedom of Information

Friedrichstrasse 219

10969 Berlin

Telephone: +49 (0)30 13889-0

Fax: +49 (0)30 2155050

Email: [email protected]

D. Our legal basis for the processing of your data

  1. Legitimate interest

According to Article 6 (1) f) of the GDPR, we are permitted to process your data even without express consent, provided that if this is necessary to safeguard our legitimate interests or those of a third party, as long as your interests or your fundamental rights and freedoms requiring the protection of personal data, do not outweigh this.

We do not believe that the following activities adversely affect persons in any way. On the contrary, they help us provide more tailored and efficient services to you and are therefore beneficial to all parties. However, you still have the right to object to our processing of your personal data on this basis, as mentioned above.

User data:

We must ensure that our business activities run smoothly, so that we can continue to provide you with our products and services of the usual quality and at a reasonable price. For this reason, we require your data in order to fulfill our contracts with you, to bill you for our services and supply you with our products, to answer your support queries and so that we can provide you with updates and patches for your software. Lastly, we also require your data in order to protect our intellectual property in the form of our software and content from misuse and piracy by using the data stored in your user account. It is therefore in our legitimate interests to use your data.

We have our own legal obligations and it is in our legitimate interest to insist on their fulfillment. If we believe in good faith that this is necessary, we may therefore disclose your information for the purposes of law enforcement or tax collection or actual or threatened disputes.

Supplier data:

We use and save personal data from persons within your organization to use your services as one of our suppliers or service providers. We also save your financial data so that we can pay you for the services that you have provided. We assume that all the activities in this area to be in our legitimate interest as recipients of your services.

  1. Agreement

Under certain circumstances, we may need your consent to process your personal data in connection with certain activities. Depending on what exactly your data is needed for, we will either ask for your explicit consent via “opt-in” or silent consent via “soft opt-in”.

According to Article 4(11) of the GDPR, consent (via opt-in) is classed as “any voluntary declaration of intent, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act, with which the person concerned indicates their consent to the processing of personal data concerning themselves”. Put simply, this means that:

  • you must voluntarily give us your consent without us putting any kind of pressure on you;
  • you must know what you are granting consent for – we will therefore ensure that we have provided you with sufficient information; and
  • you must give us your consent in the form of a positive, affirmative act. In most cases, we will provide you with a field that you must mark so that this requirement is clearly and unambiguously fulfilled.

We keep a record of the consent that you have given in this way.

As previously mentioned, in some cases consent by soft opt-in is sufficient. We may advertise products and services that are related to the products we offer (especially our software and the content we offer) and services (for example in the hosting area), provided that you have not actively unsubscribed from these communications.

As previously mentioned, you have the right to revoke your consent to these activities by contacting our data security officer 

  1. Establishment, exercise or defence of legal rights

Sometimes it may be necessary for us to process personal data in connection to the pursuit or defence of legal claims. This may occur, for example, if we require legal advice in relation to legal proceedings or are legally obliged to retain or disclose certain information in the course of legal proceedings.

PART 4 – DEFINITIONS

The XARA GmbH Privacy Policy is based on terms used by the European directive and regulation provider at the point when the General Data Protection Regulation (GDPR) was issued. Our Privacy Policy is intended to be easy to read and understandable for the public as well as for our customers and business partners. Therefore, we would like to explain in advance the terms used.

In this Privacy Policy, among others, we use the following terms:

  • “personal data”: Personal data is all the information which refers to an identified or identifiable natural person. A natural person is identifiable when they can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  • “person concerned”: A person concerned is any identified or identifiable natural person whose personal data is processed by us.
  • “processing”: Processing is any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data. These include, but are not limited to, the collection, arrangement, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, comparison or linking, restriction, deletion or destruction of personal data.
  • “profiling”: Profiling is any kind of automatic processing of personal data that involves using this personal data to assess certain personal aspects that refer to a natural person, especially in order to analyze or predict aspects related to work performance, economic condition, health, personal tastes, interests, reliability, behavior, place of residence or relocation of this natural person. As a responsible company, we refrain from using any sort of profiling.
  • “Pseudonymization”: Pseudonymization refers to the processing of personal data in a way in which it can no longer be assigned to the specific person concerned without the use of additional information.
  • “responsible party”: The responsible party is a natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of personal data processing.
  • “contract processor”: A contract processor is a natural or legal person, authority, institution or other body that processes the personal data on behalf of the responsible party.
  • “receiver”: A receiver is a natural or legal person, authority, institution or other body that discloses personal data, regardless of whether this is relating to a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate are not considered as recipients.
  • “third party”: A third party is a a natural or legal person, authority, institution or other body other than the person concerned, the responsible party, the data processor and persons authorized to process the personal data under the direct responsibility of the person responsible or the data processor.