Privacy Policy

Data Protection Statement

Protecting your data is our concern

We are pleased that you are interested in our company, our products, and our services. It is important to us that you feel secure when visiting our website and when it comes to the protection of your personal data. Compliance with the provisions of the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is a matter of course for us and as such we take this matter very seriously.

We want you to know when we collect data about you, which data we collect, and how we use it. We have put in place technical and organizational measures to ensure that the regulations regarding data protection are fulfilled by us, as well as by any external service providers commissioned by us.

Personal data

Personal data is information about your identity, including your name, address, telephone number, and e-mail address. This information is always processed in accordance with the requirements of the General Data Protection Regulation and with other regulations under data protection law applicable to our company.

In principle, there is no requirement for you to disclose your personal data when using our website. However, there are some cases where we need to process your personal data to enable us to provide you with the services you require.

The same applies, for example, if we need to send you information material or goods you have ordered or if we need to answer your specific questions. Where this is necessary, we advise you accordingly.

If there is no legal basis for processing this personal data, we request your consent to do so.

Furthermore, we only store and process data that you have provided to us voluntarily and, where applicable, data that we collect automatically when you visit our website (e.g., your IP address and the name of the pages accessed, the browser you used and your operating system, the date and time of access, search engines used, and names of downloaded files).

If you use our services, we will only usually collect the data that we require to provide you with those services. If we ask you for other data, this information is optional. Personal data is only processed to provide the services requested and to protect our own legitimate interests.

Name and address of the body responsible for processing

Within the context of the General Data Protection Regulation, other data protection legislation applicable in EU Member States, and other data protection provisions, the responsible body is:

Xpand2 GmbH

Ganghoferstra├če 51, 8042 Graz




Intended use of personal data

We use the personal data provided by you to answer your questions, process your orders, or to provide you with access to certain information or services. When it comes to maintaining customer relationships, it may also be necessary for us, or a service provider commissioned by us, to use these personal data to provide you with information about product offers or to conduct online surveys to better satisfy our customers' questions and requirements.

Naturally, we respect your wish not to provide us with your personal data in matters that are not related to supporting our customer relationship (particularly for direct marketing or market research purposes). We shall not sell or otherwise distribute your personal data to third parties.

Specific use

We shall only collect, process, and use the personal data you provide us with for the purposes communicated to you. We shall not forward your personal data to third parties without your express consent to do so.

The collection of personal data and their transmission to state institutions or authorities entitled to receive such information shall only take place to the extent required by law and/or if we are obliged to do so as a result of a court ruling. Our employees and those of service providers commissioned by us are obliged to comply with a duty of confidentiality to us and to abide by the provisions of the General Data Protection Regulation.

Data that are automatically captured when visiting our websites

When using our websites, the following data are stored for organizational and technical reasons: The name of the pages accessed by you, the browser you used and your operating system, the date and time of access, search engines used, names of downloaded files, and your IP address.

The information captured is required in order to provide you with valid content on our website. Furthermore, these technical data are analyzed anonymously and purely for statistical purposes, to continuously optimize our website and to enable us to enhance the design of our website, and to provide the necessary information to the law enforcement authorities for criminal prosecution in the event of a cyber attack. These data are stored separately from other personal information on secure systems. Individual people are not identified.

Contact opportunities via the website

Due to statutory obligations, our website contains information to enable you to make electronic contact with us quickly and communicate with us directly. This information includes an e-mail address and, where necessary, a contact form.

If you contact us via e-mail or a contact form, the personal data you provide us with are stored automatically. These data, that you have voluntarily communicated to us, are used for the purpose of dealing with your request or making any relevant contact. No data will be forwarded to third parties.

Deletion and blocking of personal data

We only process the personal data of the individuals concerned for as long as it is necessary to achieve the underlying purpose or for as long as was intended by statutory obligations governing our organization. In accordance with the legal regulations, personal data will be deleted if they are no longer required or upon expiry of the legally prescribed term, unless we are bound by law to retain these data. In these cases, data are blocked.

Rights of people concerned

a. Right of access

You may, at any time, have free-of-charge access to and copies of personal data processed and stored by us.

This right of access includes information about the purpose of processing, categories of personal data processed, recipients or categories of recipients to whom personal data have been or are to be disclosed, the intended period for which personal data will be stored (as far as this is possible), or where this is not possible, the criteria for defining this period, the existence of the right to amendment or deletion of personal data relating to you or to restriction of processing by others or an objection to this processing, the existence of a right of appeal to a regulatory authority and, if the data were not collected from you, all available information regarding the origin of the data and the existence of any automated decision-making, including profiling, in accordance with Article 22, Para. 1 and 4 and - at least in these cases - compelling information regarding the logic involved and the intended effects of such processing.

You also have the right to request information regarding whether your personal data have been communicated to a third country or an international organization and what appropriate safeguards exist regarding this communication.

b. Right of rectification

You also have the right to request immediate rectification of any incorrect personal data concerning you. Furthermore, you have the right to request completion of any incomplete personal data, having regard to the purpose of processing.

c. Right of deletion

You also have the right to request the immediate deletion of data concerning you, stored by us, in the event of one of the following conditions existing: The personal data have been collected for purposes or processed in some other way for which they are no longer required; you revoke your consent, on which processing relies, in accordance with Article 6, Para. 1 a GDPR or Article 9, Para. 2 GDPR, and there are no other legal grounds for processing; you file an objection against processing in accordance with Article 21, Para. 1 GDPR and there are no overriding legitimate reasons for processing, or you file an objection against processing in accordance with Article 21, Para. 2 GDPR; the personal data have been processed unlawfully; deletion of the personal data is required to satisfy a legal obligation in accordance with European Union law or the right of Member States, to which we are subject; the personal data were collected with respect to services offered by the information society in accordance with Article 8, Para. 1.

If we have made personal data public and we are obliged to delete these in accordance with Article 17, Para. 1 GDPR, we shall take the appropriate measures to inform other responsible parties who process the disclosed personal data that you have requested the deletion of all links to these personal data, as well as any copies or replications.

d. Right of processing restriction

You have the right to request that the processing of your personal data be restricted in the event of one of the following conditions existing: The accuracy of personal data is contested by you and indeed for a period that enables us to check the accuracy of the personal data; processing is unlawful and you refuse the deletion of personal data, instead requesting that use of these personal data be restricted; we no longer require personal data for the purpose of processing, however you require them for assertion, exercise, or defense of legal claims, or you have filed an objection against processing in accordance with Article 21, Para. 1, as long as it remains to be determined whether the legitimate reasons put forward by our company prevail over yours.

e. Right of data portability

You may, at any time, request that any data concerning you, that you have provided to us, be published in a common and machine-readable format. Furthermore, you have the right to communicate these data to another responsible person without any obstruction by us, if processing is based on consent in accordance with Article 6, Para. 1 a GDPR or Article 9, Para. 2 a GDPR or on a contract in accordance with Article 6, Para. 1 b and processing is completed by means of an automatic procedure, if processing is not required for administering a task assigned to us, which is completed in the public interest or in exercising official authority.

You may also request that we send personal data stored by us on your instruction to another responsible party, as long as this is technically feasible and that, in so doing, it does not compromise the rights or liberties of other persons.

f. Right of appeal

You have the right, for reasons arising from your particular situation, to file an objection to the processing of personal data relating to you, where processing is in accordance with Article 6, Para. 1 e or f GDPR. This also applies to any profiling based on these provisions.

In the event of an objection, we shall cease to process any personal data, unless we can prove legitimate grounds for processing that predominates over your interests, rights, and liberties, or where processing supports the enforcement, exercise, or defense of legal claims.

If we process your personal data to engage in direct advertising, you have the right to file an objection at any time to the processing of personal data relating to you for the purposes of this type of publicity; this also applies to profiling, insofar as it is associated with this type of direct publicity. If you object to our processing your personal data for the purposes of direct advertising, we shall cease to process your personal data for these purposes.

You have the right, for reasons arising from your specific situation, to file an objection against your personal data being processed for the purposes of research, or historical research or statistics, in accordance with Article 89, Para. 1 GDPR, unless such processing is necessary to fulfill a purpose that is in the public interest.

In connection with the use of the information society's services and notwithstanding the Regulation (EC) No. 2002/58, you are free to exercise your right of objection by means of an automatic procedure, in which technical specifications are used.

g. Right of revocation

You may, at any time, withdraw any consent granted for the processing of your personal data in future.

h. Right of confirmation

You have the right to request confirmation regarding whether personal data relating to you are processed.

To exercise any of the aforementioned rights, please contact or contact any of our other employees.

Automated decision-making

As a responsible organization, we do not engage in automated decision-making or profiling.

Retention period

Personal data are deleted after expiry of the statutory retention period, as long as they are no longer required for the purposes of contract fulfillment or initiation.

Legal grounds for processing

If you have given your consent for your personal data to be processed for a specific purpose, processing is completed on the basis of Article 6, Para. 1 a GDPR. If such processing is necessary to fulfill or initiate a contract with you, processing is based on Article 6, Para. 1 b GDPR. In some cases, e.g. for the fulfillment of tax obligations, we may be subject to a legal obligation to process personal data. The legal grounds in such cases are stated in Article 6, Para. 1 c GDPR. In rare cases, data may also be processed to protect the vital interests of you or another individual. In this exceptional case, processing is based on Article 6. Para. 1 d GDPR. Finally, processing may also be based on Article 6, Para. 1 f GDPR. This is the case if processing is for the purpose of safeguarding a legitimate interest for our company or a third party, as long as these interests are not outweighed by your interests, civil rights, and fundamental freedoms. Such a legitimate interest may be assumed if you are a customer of ours. If the processing of personal data is based on Article 6, Para. 1 f GDPR, our legitimate interest is the execution of our daily business.

Provision of personal data

To some extent, the provision of personal data is stipulated by law or by contract. For this reason, you may need to provide us with personal data for subsequent processing in order for us to conclude a contract with you, for example. An example is when concluding a contract, you are obliged to provide personal data. Non-provision of these data would mean that it would not be possible to conclude the contract.

Before providing us with your personal data, you may consult our Data Protection Officer. They will explain whether the provision of personal data in your particular case is stipulated by law or by contract and what the consequences would be if these data were not provided.


As an organization responsible for processing personal data, we have taken technical and organizational security measures to protect your personal data from loss, deletion, manipulation, and unauthorized access. All our employees and all persons involved in data processing are obliged to comply with the General Data Protection Regulation and other laws relating to data protection and to treat all personal data as confidential.

Where personal data are collected and processed, information is encrypted before being transmitted to avoid any misuse of data by third parties. Our security measures are continuously reviewed in line with technological developments. Nevertheless, the security of Internet-based data transmission is essentially vulnerable, such that absolute protection cannot be guaranteed.

Amendment of our data protection provisions

We reserve the right to amend our security and data protection measures, where this is necessary on account of technical developments. In these cases, we shall also amend our data protection information accordingly. Therefore, please refer to the current version of our data protection statement.


If you use external links made available on any of our websites, this data protection statement does not extend to these links. In providing any links, we ensure that, at the time of creating the link, there was no apparent breach of applicable law on the linked website. However, we have no influence on other service providers' compliance with data privacy and security regulations.

Therefore, please refer to the other service providers' websites and their own data protection statements.


If you visit one of our websites, we may store information on your computer in the form of a cookie. Cookies are small text files sent by a web server to your browser and stored on your computer's hard drive.

Other than storing your Internet protocol (IP) address, cookies do not store any other form of a user's personal data. This information is used to automatically recognize you when you visit our website again and to facilitate your website navigation. For example, cookies enable us to modify a website in line with your interests or to save your password, so that you do not have to enter it every time you visit the website.

Naturally, you can also view our websites without cookies. If you do not want us to be able to recognize your computer, you can decline the storage of cookies on your hard drive by selecting the "Do not accept cookies" option in your browser settings. You can also delete cookies already on your computer via your browser. To find out how to do this, please refer to your browser provider's support information. If you do not accept any cookies, this may result in limiting some of our service functionality.

Children and adolescents (minors)

Persons under the age of 18 should not communicate any personal data to us without the agreement of a parent or guardian. We do not request any personal data from children and adolescents, nor do we collect such data or forward these to third parties.

Google Analytics

This website uses Google Analytics; a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", or text files, which are stored on your computer and which enable us to analyze your website usage.

The information about your use of this website generated by the cookie is usually transmitted to a Google server in the USA, where it is stored. In the event of IP anonymization being activated on this website, your IP address will nevertheless be abbreviated within member states of the European Union, or in other states that are party to the agreement throughout the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA, where it is abbreviated. IP anonymization is active on this website. Google uses this information on behalf of the operator of this website to analyze your website usage, compile reports on website activity and provide the website operator with further information relating to website usage and Internet usage of associated services.

The IP address transmitted by your browser as part of Google Analytics is not conflated with any other data at Google. You may prevent cookies from being stored by applying the relevant setting in your browser software. However, we would advise you that, in so doing, you may not be able to make full use of all the functions of this website. You may also prevent Google from capturing and processing the data generated by the cookie referring to your website usage (including your IP address). To do this, click on the following link to download and install the browser plug-in: