This page provides information on data privacy and GDPR related to the integration of excentos Product Guides into websites of a customer of excentos.

Background on legal situation

As a customer of excentos, you can integrate the excentos Product Guides into your websites, applications or further services. This documentation intends to inform you on the legal basis; however it is general information only and no legally binding regulation since you as the provider of your website that integrates excentos Product Guides are responsible to comply with GDPR.

Which data does excentos collect?

In general, the excentos Product Guides do not collect personal data.

However, there are three exceptions:

  • we (respectively our network provider) needs to temporarily store the user's IP address in order to defend against cyber-attacks.
    • according to our network provider, the time frame is a maximum of 4 hours and IP addresses are then permanently deleted
    • according to European Court of Justice, also dynamic IP addresses are interpreted as personal data. This question was previously discussed controversely but then finally decided by the European Court.
    • according to our legal advice and interpretation, the temporary storage of IP addresses is acceptable since it complies with a reasoned balance of interests (goal: detect cyber-attacks such as denial-of-service (DOS) attacks which cannot be done without temporarily storing the IP address; the IP addresses are then permanently deleted).
  • if you are using the optional excentos Lead Generator functionality, the Lead Generator component will (depending on your configuration) ask for personal information such as prename, lastname, email address, phone number etc
    • in case you are using the Lead Generator, we also inform you that you would have to implement the DOI (Double Opt In) process. Reason is that sending product information to your website visitors can be interpreted as sending out marketing material which requires the explicit confirmation of your website visitor to be owner of the email address before receiving the marketing material. You as a website operator are responsible to check, also in accordance with existing CRM systems and existing DOI information, how to implement that process
  • if you implement questions that ask personal information and provide e.g. free text fields where the user might enter his name
    • example in a gift finder: "who do you want to give a present to?" with a free text box where the user enters "Susan" and the result list shows "OK, here are the gift recommendations for Susan"

Where is an exact description of which data excentos collects and what excentos does with the data?

excentos published a decription of the data collected on
The background of that formulation is that excentos integrated Product Guides ourselves into our website (e.g. for lead generation and demo purposes), and excentos thus needs to comply with GDPR just in the same way as our customers need to.

Is there a template for the privacy statement in our website?

Yes, excentos offers a template. Please note - as also mentioned above - that we provide it as a service to you but it is not a legally binding document. Please check yourselves also in accordance with your website, other services you are using and your local legal requirements if this regulation complies with your legal needs.

The template also includes the possibility for your website visitors to deactivate the data collection in excentos Analytics. In case you want to provide your users with this option, please integrate the below-mentioned iframe which will then provide a cookie-functionality to disable tracking to excentos Analytics.

Template for your website's privacy statement (German version)

<h2>Einsatz der Product Guides</h2>

<p>Im Rahmen unserer Website werden Product Guides zur Online-Produktberatung eingesetzt, um Ihnen als Nutzer unserer Websites eine möglichst einfache Produktauswahl zu ermöglichen und verbesserten Kundenservice anzubieten. Anbieter der Product Guides ist excentos Software GmbH, Reiterweg 1, 14469 Potsdam. Die Product Guides erheben die Nutzungsaktivitäten des Nutzers, wie z.B. ausgewählte Antwortoptionen und Navigationstätigkeiten sowie Interaktion mit und etwaige Käufe (sofern eCommerce-Tracking aktiviert ist) der Produktempfehlungen im Product Guide. Diese Nutzungsdaten werden dauerhaft in einem von excentos betriebenen Webanalysesystem gespeichert. In dem Webanalysesystem werden keine IP-Adressen gespeichert, sondern nur anonymisiert abgelegt. Darüber hinaus erheben die notwendigen Infrastrukturdienste (wie Cloudflare) im Rahmen einer begründeten Interessensabwägung die IP-Adresse und Nutzungsaktivitäten des Nutzers, um Cyber-Attacken abzuwehren. Dies ist eine notwendige Vorsichtsmaßnahme, um unsere Dienste anbieten zu können. Diese Daten werden lediglich temporär (bis zu 4 Stunden) vorgehalten, um potentielle Angriffsmuster identifizieren zu können; während dieses Zeitraums ist unter Umständen eine indirekte zeitstempelbasierte Zuordnung zu den Nutzungsaktivitäten möglich. Anschließend werden die IP-Adressen inkl. aller Logdaten vollständig gelöscht.</p>

<p>Mit der Benutzung von Product Guides sowie Beratungs-, Such- und Chatbot-Systemen, die auf dieser Website eingesetzt sind, erklären Sie sich mit diesen Bestimmungen einverstanden.</p>

<h5>Widerspruch gegen Datenerfassung im Webanalysesystem</h5>

<p>Sie können bei Nutzung der in diese Website integrierten Product Guides der Erfassung Ihrer Daten durch das von excentos eingesetzte Webanalysesystem verhindern und den Status einsehen bzw. ändern, indem Sie auf folgende Checkbox klicken. Es wird ein Opt-Out-Cookie gesetzt, der die Erfassung Ihrer Daten bei zukünftigen Besuchen dieser Website verhindert:</p>

<iframe style="border: 0; height: 200px; width: 600px;" src=""></iframe>

Template for your website's privacy statement (English version)

<h2>Usage of Product Guides</h2>

<p>Our website uses Product Guides to advice you during your buying decision process and enable an easy product selection. Provider of the Product Guides is a leading provider of Guided Selling solutions: excentos Software GmbH, Reiterweg 1, 14469 Potsdam, Germany, The Product Guides collect usage data such as the answer options and navigation actions selected by the user as well as interactions with or buying transactions (if eCommerce tracking is enabled) of product recommendations. This data is required to provide the interaction with the Product Guide and to calculate the product recommendations. This data is kept only temporarily in the memory of the web server and not saved permanently on the web server. For purposes of analyzing the Product Guide’s usage data, the usage data is stored permanently in a web analytics system provided by excentos in anonymous form. This data does not contain entire IP addresses, but only anonymous data. Furthermore, the infrastructure providers (like Cloudflare) temporarily tracks the IP address and usage activity of the users to enable the server infrastructure to repel cyber-attacks. This is a required precaution measure in order to be able offering our services. This data is only stored temporarily (up to 4 hours) to be able identifying possible cyber-attacks; during this time frame, the data could potentially be related against the usage data based on time stamps. Afterwards, the IP addresses and the log data will be permanently deleted. </p>

<p>If you use the Product Guides and product advice, search and chatbot systems on our website, you agree to this privacy policy.</p>

<h5>Disagreement against tracking the usage data in a web analytics system</h5>

<p>You can prevent the Product Guides from tracking the usage data in the web analytics system provided by excentos. You can check the status of whether your usage data is tracked or not and prevent the Product Guides from tracking the usage data by clicking on the following checkbox. Activating the checkbox will set an opt-out-cookie that avoids tracking the data in future Product Guide sessions with this web browser:</p>

<iframe style="border: 0; height: 200px; width: 600px;" src=""></iframe>

(info) Please note: Make sure that the URL included in the iframe tag is not changed when copy-pasting it to your website (it obviously occurred with some browsers that "&" characters were replaced by "&amp;".

Who is responsible for data protection? Do we need a data protection agreement (DPA) or Auftragsverarbeitungsvereinbarung (AVV) with excentos?

As a customer of excentos that integrates excentos Product Guides into your website, you are responsible in terms of DSGVO §4 (7) to comply with data protection regulations. You thus need a DPA (in German: AVV) with excentos.

We thus provide standard DPA (in German: AVV) documents:

The DPA (or AVV, respectively) are included as a standard element of our contract and General Terms and Conditions (GTC) or Allgemeine Geschäftsbedingungen (AGB), respectively. See §16 (5) of our GTC or AGB.

  • No labels