Privacy Policy

Last updated: January 2, 2025

1. Introduction and General Information

1.1 About Us

We are Arxpoint GmbH. For company details, registration information, and contact data, please refer to our Legal Notice (Impressum).

1.2 Scope

This Privacy Policy explains how we collect, use, process, and protect personal data when you:

• Visit our website arxpoint.com
• Use our services
• Interact with our platform

1.3 Data Controller

The data controller responsible for data processing is Arxpoint GmbH. Contact details can be found in our Legal Notice.

2. Key Principles and Legal Basis

2.1 Data Protection Principles

We process personal data in accordance with:

• EU General Data Protection Regulation (GDPR)
• German Federal Data Protection Act (BDSG)
• Other applicable data protection regulations

2.2 Legal Bases

We process personal data under the following legal bases:

• Consent (Art. 6(1)(a) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

3. Information We Collect and Process

3.1 Automated Collection

When you visit our website, our web server automatically collects:

• IP address (anonymized)
• Browser type and version
• Operating system used
• Date and time of access
• Websites from which you accessed our site (referrer)
• Pages visited on our website
• Amount of data transferred

Legal basis: Art. 6(1)(f) GDPR (legitimate interests) Purpose: Technical necessity, security, and optimization of our website Storage duration: 7 days

3.2 Tag Management System

We use Google Tag Manager (GTM) to manage and deploy tracking scripts. GTM is a technical necessity that:

• Does not collect personal data itself
• Manages the deployment of other services based on consent
• Is essential for proper website functionality and consent management

Legal basis: Art. 6(1)(f) GDPR (legitimate interests) Storage duration: Not applicable (no data storage)

4. Analytics

4.1 Google Analytics 4

We use Google Analytics 4 (“GA4”) provided by Google LLC (“Google”).

Data collected:

• Pages visited and time spent
• User interactions (clicks, scrolls)
• Device and browser information
• Approximate location (country/city level)
• Referral sources
• IP address (anonymized before storage)

For data collected by Google Analytics:

• Access your Google data directly: https://myaccount.google.com/data-and-privacy
• Use Google’s privacy controls: https://myactivity.google.com/
• For deletion requests: https://myaccount.google.com/delete-services-or-account

You do not need to contact us for:

• Accessing your Google Analytics data
• Deleting your Google Analytics data
• Managing your Google privacy settings

Configuration:

• Data is processed on Google servers in the US
• Standard Contractual Clauses are in place
• IP anonymization is active
• Data retention is set to 14 months
• Data sharing with Google is limited
• Advertising features are disabled

Legal basis: Art. 6(1)(a) GDPR (consent)

Opt-out options:

1. Adjust cookie preferences via “Cookie Settings” in website footer
2. Install Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
3. Contact us to revoke consent

5. Cookies and Similar Technologies

5.1 Types of Cookies

We use:

• Essential cookies: For basic website functionality and tag management (GTM)
• Analytics cookies: For website analytics (GA4, consent required)

5.2 Cookie Management

You can manage cookies through:

• Our cookie consent banner
• “Cookie Settings” link in website footer
• Browser settings

5.3 Cookie Details

Essential Cookies:

• Purpose: Website functionality and tag management
• Legal basis: Art. 6(1)(f) GDPR
• Duration: Session

Analytics Cookies (Google Analytics 4):

• Purpose: Website analytics
• Legal basis: Art. 6(1)(a) GDPR (consent required)
• Duration: Up to 14 months

6. International Data Transfers

6.1 Data Processing Locations

Your data may be processed in:

• European Union
• United States

6.2 Transfer Safeguards

We ensure appropriate safeguards through:

• EU Standard Contractual Clauses
• Additional technical and organizational measures

7. Data Security

We implement appropriate technical and organizational measures including:

• SSL/TLS encryption
• Access controls
• Regular security assessments
• Employee training
• Data minimization
• Regular backups

8. Your Rights

8.1 GDPR Rights

You have the right to:

• Access your personal data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Erase your data (‘right to be forgotten’) (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Withdraw consent (Art. 7(3) GDPR)

8.2 Exercising Your Rights

To exercise your rights:

For data we directly control:

• Contact us using the information in our Legal Notice
• Email: privacy@arxpoint.com

For Google Analytics data:

• Access and manage your Google data: https://myaccount.google.com/data-and-privacy
• Use Google’s privacy controls: https://myactivity.google.com/
• For deletion requests: https://myaccount.google.com/delete-services-or-account

We’ll respond to requests about data we directly control within one month.

9. Data Retention

• Server logs: 7 days
• Analytics data: 14 months

10. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16.

11. Changes to This Policy

We may update this policy periodically. Material changes will be notified through our website or email.

12. Supervisory Authority

You have the right to complain to a supervisory authority. The responsible authority for Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Phone: 030 13889-0
Fax: 030 2155050
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

13. Contact Information

For privacy-related inquiries, please use the contact information provided in our Legal Notice.

For direct privacy concerns:
Email: privacy@arxpoint.com