Facebook Linkedin Instagram
Facebook Linkedin Instagram

Privacy Policy

This Privacy Policy applies to the use of the website www.efrexx.com (hereinafter “Website”) operated by efrexx GmbH, Asternweg 6, 40880 Ratingen, Germany (hereinafter “we”).

We are committed to protecting your personal data. The processing of your data is carried out in accordance with:

  • the EU General Data Protection Regulation (GDPR),

  • the UK GDPR,

  • the Swiss Federal Data Protection Act (revDSG),

  • and, where applicable, the California Consumer Privacy Act (CCPA/CPRA).

1. Controller

efrexx GmbH
Asternweg 6
40880 Ratingen, Germany
Email: datenschutz@efrexx.com

2. Purposes of Processing

We process personal data to operate our website, provide our eTendering platforms, and fulfill contractual and legal obligations.

3. Data Processing in Detail

3.1 Hosting

Our website is hosted on servers located within the European Union. In the course of hosting, meta and communication data, log files, and content data are processed.
Legal basis: Art. 6 (1) lit. f GDPR / UK GDPR; Art. 28 GDPR (data processing agreement).

3.2 Server Log Files

When you access our website, technical information (e.g. IP address, browser type, operating system, referrer URL, date/time) is stored.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interests in system security).

3.3 Cookies & Consent Management

We use cookies and similar technologies:

  • Essential cookies (required for website operation): Art. 6 (1) lit. f GDPR, § 25 (2) TTDSG.

  • Analytics & marketing cookies: only with your consent, Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG, and (where applicable) CCPA/CPRA consent rights.

Your consent is managed via a Consent Management Platform (CMP) and can be revoked at any time.

3.4 Contract Fulfillment

We process customer data (name, address, email, billing and payment data) to provide contractual services.
Legal basis: Art. 6 (1) lit. b GDPR.

3.5 User Accounts

When registering for a customer account, we store the data you provide. You may request deletion at any time.
Legal basis: Art. 6 (1) lit. a GDPR.

3.6 Contact

If you contact us via email or form, we process your information to respond.
Legal basis: Art. 6 (1) lit. b GDPR or Art. 6 (1) lit. f GDPR.

4. Analytics & Marketing Tools

Google Analytics

Provider: Google Ireland Ltd. (Ireland).

  • Legal basis: consent (Art. 6 (1) lit. a GDPR, § 25 TTDSG)

  • IP anonymization active

  • Data retention: 14 months

  • Data transfers to the US based on the EU-U.S. Data Privacy Framework (DPF).
    Opt-out: Google Opt-out Add-on.

Google Tag Manager

Used for managing tracking tags. Processes no personal data itself.

Hotjar

Provider: Hotjar Ltd., Malta.
Tracks pseudonymized user interactions (clicks, scrolls, behavior).
Legal basis: consent (Art. 6 (1) lit. a GDPR).

HubSpot

Provider: HubSpot Inc., USA.
Used for CRM and marketing automation.

  • Legal basis: consent (Art. 6 (1) lit. a GDPR).

  • Transfers to US based on EU-U.S. DPF.

Leadinfo

Provider: Leadinfo B.V., Rotterdam (Netherlands).
Identifies B2B website visitors by IP.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in B2B marketing).
Opt-out: https://www.leadinfo.com/en/opt-out

Google Ads (Conversion Tracking)

Cookies for measuring conversions.
Legal basis: consent (Art. 6 (1) lit. a GDPR).

LinkedIn Insight Tag

Provider: LinkedIn Ireland Unlimited Company.
Processes pseudonymized data (IP, device info).
Legal basis: consent (Art. 6 (1) lit. a GDPR).
More info: LinkedIn Privacy Policy.

5. Data Retention

We store personal data only as long as necessary for the intended purpose or as required by statutory retention periods.

6. Data Subject Rights

Under GDPR / UK GDPR / revDSG / CCPA, you have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (“Right to be forgotten”, Art. 17 GDPR)

  • Right to restriction (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent (Art. 7 (3) GDPR)

  • California residents: Right to opt-out of sale/sharing of data, Right to know, Right to deletion (per CCPA/CPRA).

7. Data Security

We implement technical and organizational measures (Art. 32 GDPR) to protect your data (SSL encryption, access controls, backups).

8. Data Transfers

Transfers to third parties occur only when necessary for contract fulfillment (Art. 6 (1) lit. b GDPR) or based on legal obligations.
Transfers to third countries (e.g. USA) are based on adequacy decisions (e.g. EU-U.S. Data Privacy Framework) or standard contractual clauses.

9. Data Protection Officer

Achim Quaken
Email: a.quaken@efrexx.com

10. Changes to this Privacy Policy

We may update this Privacy Policy to reflect legal changes or adjustments to our services.