top of page

Data Protection Information

We are very delighted that you have shown interest in our joint venture. Data protection is of a particularly high priority for the management of us. The use of the Internet pages of us is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be inline with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, we has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

The following information applies to the website We like to provide you with details in connection with the processing of personal data when using our website as well as about your rights in this regard.

1. Definitions

The data protection declaration us is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we wouldlike to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a)    Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


b) Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c)    Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d)    Restriction of processing

Restriction of processing is the marking of stored personal data with the aim oflimiting their processing in the future.

e)    Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

f)     Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g)    Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h)    Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i)      Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive Personal Data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.


j)      Third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.


k)    Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Collection of general data and information

The website collects a series of general data and information with each call-up of the website by a data subject or an automated system. This general data and information are stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. Therefore, we
statistically evaluate this anonymously collected data and information on one hand, and on the other hand, with the aim of  increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

3. Controller and Data Privacy Officer

The controller of personal data processed when using the website at is:
XU Exponential University of Applied Sciences GmbH
August-Bebel-Str. 26-53
14482 Potsdam


4. IP-Addresses and Logfiles


Every time you access our website, we automatically process the following information:
the IP-address of your computer or other device (e.g., tablet-PC or smartphone) and the request(s) of your browser (including dates and times) the amount of data transferred, the browser type and version, the screen resolution and the operating system used. The IP-address and the information on your Internet browser’s enquiry(s) are technically necessary for accessing and using the website; without processing of this data, access to the Internet site cannot take place and Internet sites cannot be displayed. We also use the IP address to identify the rough location of the user visiting our website.

The information on the transferred data volume, the browser type and browser version, the screen resolution and the operating system used are collected and processed in order to optimize the presentation of the contents, determine system utilization and make future adjustments and improvements to the Internet presence, possibly on the
basis of statistical evaluations.
Legal Basis for the processing of the full IP-ad
dress, the information on your Internet browser’s enquiry(s) and the further information mentioned above is Art. 6 (1) s. 1 lit. (f) GDPR. The legitimate interest in the processing of personal data is to technically enable you to access the website, to optimize the representation of the website’s contents and for the future improvement/optimization of the website.

Please note your right to object (see below: „Your Rights“)


5. Cookies

The internet pages use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, the users of this website can provide more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.


First and third party cookies

Our website places cookies for us (first party cookies) and also allow some other parties providing their services to us to place cookies (third party cookies). Our own cookies help us to run our services better and more efficiently and to track user behavior on our website. Third-party cookies are placed on your devices by various tools we are using on our website. Types of cookies
Our website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies

  • Persistent cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. Session cookies are deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the settings of your browser.
Third Party Cookies The following third parties use cookies via our services:

  • Google, Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (see below: “Google Analytics”)

  •, 40 Namal Tel Aviv St., Tel Aviv, Israel (see above: “Hosting”)

We provide you with more detailed information on the cookies placed by these providers in the respective section of this data protection information.

6. Google Analytics

Our website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA “(“Google”). On our behalf, Google collects certain user and usage information in order to evaluate the use of the website (e.g. frequency of page views, entry and exit pages, click paths, time spent on individual pages, etc.). This is done to evaluate the use of the website, to generate reports about the website activities and to provide further internet services which are connected with the use of our website, for market research purposes and for the demand-oriented design of our internet pages.
In this context, Google is creating
pseudonymized user profiles as well as cookies (see above). The information about your website usage generated by the cookie, includes Internet browser type/version used, the operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request, is usually transferred to and stored on a Google server in the USA. However, we implemented the code extension “anonymizeIp” which causes Google to anonymize your IP-address within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP-address be transmitted to a Google server in the USA and shortened there. The IP-address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Google is certified under the E.U.-U.S. Privacy Shield and we concluded a data processing agreement
with Google covering the processing of user data on our behalf. Further information on Google’s terms of use and data protection can be found under the following links:

You can disable the use of cookies generally in the settings of your internet browser; however please note that if you do this, you may not be able to use the full functionality of this website and/or other websites; prevent Google Analytics from processing your personal data by downloading and installing a browser plug-in available under the following link
Opt-out from Google Analytics processing the personal data by clicking on the following link:
(<a href=”javascript:gaOptout()”>Disable Google Analytics</a>). As a result, an opt-out cookie is set which prevents future collection of your data by Google Analytics when you visit our website. Legal Basis for the above processing of data is Art. 6 (1) s. 1 lit. (f) GDPR. The legitimate interest in the processing lies in the analysis of usage data in order to recognize and eliminate errors on the basis of these findings and to optimize the website design.

Please note your right to object (see below: „Your Rights“)


7. Contact Form and Contacting us by Email

Contact possibility via the website
Based on statutory provisions, the website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. No disclosure of this personal data to third parties
will take place.

8. Hosting


The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online
offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing contract).

As a hosting service we use, which places the following cookies:

Cookies by Google.jpg

Please note your right to object (see below: „Your Rights“)


9. Recipients of Personal Data


We have concluded contracts with third-parties that are processing personal data on our behalf as processors according to Art. 28 GDPR, which are recipients of personal data according to Art. 4 No. 8 GDPR):

  • Google, Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (see above: “Google Analytics”)

  •, 40 Namal Tel Aviv St., Tel Aviv, Israel (see above: “Hosting”)

There are no additional recipients of personal data.


10. Your Rights

The GDPR provides you with the following rights:

  • You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 (1) GDPR, unless there are no legal exceptions limiting this right.

  • You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed (Art. 16 GDPR).

  • Where one of the grounds set forth in Art. 17 (1) GDPR applies, you have the right to obtain from us the erasure of personal data concerning you, unless none of the exceptions specified in Art. 17 (3) GDPR applies.

  • In the cases which are set forth in Art. 18 (1) GDPR, you have a right to obtain from us the restriction of processing, and where Art. 20 Abs. 1 GDPR applies, a right to data portability.

  • You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based Art. 6 (1) s. 1 lit (f) or (e) GDPR, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

  • Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes this Regulation

You can exercise your rights by sending an email to:


11. Updating and Changing This Information

This Data Protection Information is currently valid and was published in January 2021. In view of future changes to our website and our services as well as changes of legal or regulatory requirements, it may become necessary to change this information. The respective current Data Protection Information can be accessed, downloaded and printed at any time at:

bottom of page