Privacy policy

1. Name and Contact Details of the Data Controller

LXRY partners GmbH

Französische Straße 12

10117 Berlin

Germany

Email: mail@lxry.partners

Represented by the Managing Directors:

Dr. Hannes Gurzki

Dr. Ulrich Becker

2. Contact Details of the Data Protection Officer

LXRY partners GmbH

Französische Straße 12

10117 Berlin

Germany

Email: mail@lxry.partners

3. Purposes and Legal Basis for Data Processing

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

For the performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR):

Data is processed to provide our services, including customer inquiries and contract execution.

Based on your consent (Article 6(1)(a) GDPR):

If you have given us consent to process your data for specific purposes, the processing is lawful based on your consent. You can withdraw your consent at any time.

For compliance with a legal obligation (Article 6(1)(c) GDPR):

We are subject to various legal obligations, such as tax laws, which may require the processing of personal data.

For the purposes of legitimate interests (Article 6(1)(f) GDPR):

If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests, such as ensuring IT security.

4. Categories of Personal Data

We process the following categories of personal data:

• Contact information (e.g., name, address, email, phone number)

• Contractual data (e.g., services used, contractual details)

• Usage data (e.g., visited websites, interest in content, access times)

• Meta/communication data (e.g., device information, IP addresses)

5. Recipients or Categories of Recipients of Personal Data

Within our company, those entities that require your data to fulfill our contractual and legal obligations receive access to it. Additionally, we may share your data with the following categories of recipients:

• Service providers (e.g., IT services, data hosting)

• Public bodies and institutions (e.g., tax authorities)

• Other external bodies, provided you have given your consent or a legal provision permits or requires the transfer

6. Transfer of Data to Third Countries

A transfer of data to countries outside the European Union (so-called third countries) occurs only if necessary for the execution of your orders, required by law, or you have given us your consent. We will inform you separately about details if legally required.

7. Analytics Tools and Third-Party Tools

We use various analytics and third-party tools to evaluate the use of our website and improve user experience. These tools may collect and process personal data, including IP addresses and usage data. Below is an overview of the tools we use:

Squarespace Analytics:

Squarespace Analytics is a service provided by Squarespace, Inc., which collects data such as page views, visitor sources, and user interactions on our website. The data is used to analyze website performance and user behavior.

Legal basis: Article 6(1)(a) GDPR (consent).

For more information about Squarespace’s privacy practices, visit:

https://www.squarespace.com/privacy

Microsoft Clarity and Other Microsoft Tools:

We use Microsoft Clarity and other Microsoft tools for website analytics. These tools collect data on user interactions (e.g., mouse movements, clicks, and scroll behavior) to optimize user experience. Personal data, including IP addresses, may be transferred to servers in the United States.

Legal basis: Article 6(1)(a) GDPR (consent).

For more details, visit Microsoft’s privacy policy:

https://privacy.microsoft.com/

Google Analytics:

Google Analytics helps us understand user behavior and improve our services. Data such as IP addresses and device information may be transferred to servers in the United States.

Legal basis: Article 6(1)(a) GDPR (consent).

For more details, see Google’s privacy policy:

https://policies.google.com/privacy

We use these tools only after obtaining your explicit consent via a cookie banner or similar mechanism. You can withdraw your consent at any time by changing your cookie settings.

8. Duration of Data Storage

We process and store your personal data as long as necessary to fulfill our contractual and legal obligations. If the data is no longer required for these purposes, it will be deleted regularly, unless its temporary further processing is necessary for the following purposes:

• Compliance with retention periods under commercial and tax law

• Preservation of evidence within the framework of the statutory limitation periods

9. Rights of Data Subjects

You have the right to:

  • Access (Article 15 GDPR): Obtain information about your data processed by us.

  • Rectification (Article 16 GDPR): Request the correction of inaccurate or incomplete data.

  • Erasure (Article 17 GDPR): Request the deletion of your data, provided the processing is not necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

  • Restriction of Processing (Article 18 GDPR): Request the restriction of processing your data.

  • Data Portability (Article 20 GDPR): Receive your data in a structured, commonly used, and machine-readable format or have it transmitted to another controller.

  • Objection (Article 21 GDPR): Object to the processing of your data.

  • Withdrawal of Consent (Article 7(3) GDPR): Withdraw your consent at any time.

  • Lodge a Complaint (Article 77 GDPR): Lodge a complaint with a supervisory authority.

10. Obligation to Provide Data

In the context of our business relationship, you must provide the personal data necessary for the initiation and execution of a business relationship and the fulfillment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order, or we will no longer be able to carry out an existing contract and may have to terminate it.

11. Automated Decision-Making and Profiling

We do not use fully automated decision-making processes, including profiling, as defined in Article 22 GDPR.

12. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

13. Updates to This Privacy Policy

We reserve the right to amend this privacy policy to reflect changes in legal requirements or our services. The current version can be accessed on our website at any time.