Privacy Statement of LIXX GmbH

LIXX GmbH respects and protects the privacy of its customers and observes all data protection regulations. What does this mean in plain language when it comes to customers’ personal data?

With the following information, the company provides an overview of the processing of customers’ personal data by the company and the rights of customers in accordance with the Federal Data Protection Act and the Basic Data Protection Ordinance. Which data is processed in detail and how it is used depends to a large extent on the services requested or agreed in each case. Customers are requested to also pass on information to current and future authorised representatives and beneficial owners.

1. responsibility for the data processing

Responsible body is:

Bilker Allee 176C
40217 Düsseldorf

Tel.: +49 211 781 75180


2. processing of personal data

The Company processes personal data that it receives from its customers as part of its business relationship. This is the case if the customers contact the company, e.g. as interested parties, applicants or customers and in particular if the customers are interested in the company’s products and complete the contact form, register for online services or contact the company by e-mail, telephone or application and use the products and services within the framework of an active business relationship. In all these cases the company collects, stores, uses, transmits or deletes personal data.

In addition, the company processes – as far as necessary for the provision of the service – personal data which the company itself has collected from other third parties (other service providers of the company) permissibly (e.g. in the context of the execution of events, for the execution of orders, for the fulfilment of contracts or on the basis of consent given by the customers). On the other hand, the company processes personal data that it has obtained and was permitted to process from publicly accessible sources (e.g. commercial and association registers, Federal Gazette, press, media, Internet, land registers).

In certain cases, the company collects personal data from potential customers and prospects.

Where necessary, the Company also collects personal data from individuals who have no direct relationship with the Company and who are, for example, one of the following:

  • Family members
  • Applicant
  • Legal representatives (authorised representatives)
  • beneficiaries of the customer
  • Economically Beneficial Owners of Customers
  • shareholders
  • Representatives of legal entities
  • employees of service providers or trading partners

(1) Personal data may be collected, processed and stored when products/services are concluded and used.

The company processes the following personal data:

  • Identity information: (e.g. first and last name, identity card or passport number, nationality, place and date of birth, gender, photograph, IP address)
  • Contact information: (address, e-mail address and telephone number)
  • tax information: (tax identification number, tax status)
  • data on habits and preferences: (IP addresses, data on the use of the company’s products and services in relation to banking, financial and transaction data, data on the interaction between the customer and the company (visit to the company’s website, personal meetings, telephone calls, chat processes, e-mail traffic, surveys)
  • Customer Contact Information: Further personal data, e.g. information about the contact channel, date, occasion and result, (electronic) copies of correspondence as well as information about participation in direct marketing measures as well as information about the interests and wishes of the customers which they have expressed to the company, are created within the framework of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by the customer or by the company.
  • Records of calls and electronic communication (e.g. e-mails)

Personal data according to § 9 DSGVO concerning racial or ethnic origin, political convictions, religious or ideological beliefs, membership in a trade union, as well as genetic data, biometric data for the unambiguous identification of a natural person, health data or data concerning sexual life or sexual orientation are not processed by the company (if it is not necessary for the payment of church tax or if it is a copy of an identity document which the company requires due to obligations under the money laundering laws). Likewise, the company does not collect data from children.

(2) When visiting the website :


When the company’s website is accessed, the browser used on the customer’s terminal/computer automatically sends information to the company’s website server. This information is temporarily stored in a so-called log file. The following information is captured without the intervention of the customer and stored until automatic deletion:

  • IP address of the requesting computer (or terminal)
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made
  • browser used and, if applicable, the operating system of the computer used (or terminal device) as well as the name of the access provider of the customer

Privacy Policy on the Use and Usage of Google WebFonts

This page uses so-called web fonts for the uniform display of fonts. Provider of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you open the page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support Web Fonts, a default font will be used by your computer.

For more information about Google Web Fonts, visit and see Google’s privacy policy:

(3) Supplier data

The Company collects personal information from its suppliers in the course of working with them to ensure a smooth business relationship. The company records the data of the contact persons within the organization, e.g. name, telephone number and e-mail address. Furthermore, the company records bank data in order to be able to make payments to suppliers.

3. purpose of the processing and legal basis

The company processes the above personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG):

(1) For the fulfilment of contractual Pflichten (Article 6 para. 1 lit. b GDPR):

The processing of personal data takes place for the provision of services within the framework of the execution of the company’s contracts with its customers or for the execution of pre-contractual measures which take place at the customer’s request. The purposes of the data processing depend primarily on the concrete product / service (see point 2). Further details for the purpose of data processing can be found in the respective contract documents and terms and conditions.

The Company processes the personal data of individuals within the organization of its suppliers in order to obtain services from them. It also stores the financial data so that it can pay for the services of its suppliers.

(2) As part of the balancing of interests (Article 6(1)(f) of the DS Block Exemption Regulation):

If necessary, the company processes customer data beyond the actual fulfilment of the contract to safeguard the legitimate interests of the company or third parties. Examples:

  • Application of legal claims and defence in legal disputes
  • Warranty for IT security and IT operations of the company
  • prevention of criminal acts, in particular fraud prevention
  • Video surveillance for the protection of domestic rights, the collection of evidence in the event of robberies and fraud
  • Measures for building and system security (e.g. access controls)
  • Measures to secure the right of domicile
  • Measures for business management and further development of services and products
  • Warranty of a smooth connection establishment of the website
  • Warranty of comfortable use of the company’s website
  • Evaluation of system safety and stability as well as
  • for further administrative purposes

In no case does the company use data to draw conclusions about the person of the respective customer.

(3) Based on the customer’s consent (Article 6 para. 1 lit. a GDPR):

If the customer has given the company permission to process personal data for certain purposes (e.g. passing on data in order to use his data for certain advertising purposes), the lawfulness of this processing is given on the basis of the permission. A consent can be revoked at any time. This also applies to the revocation of declarations of consent given to the company prior to the application of the Basic Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this. If the Company wishes to use the Customer’s personal data for purposes other than those stated above, the Company will inform the Customer accordingly and, if necessary, obtain the Customer’s consent.

(4) Due to legal requirements (Article 6 para. 1 lit. c GDPR) or in the public interest (Article 6 para. 1 e GDPR):

In addition, the company is subject to various legal obligations. This means that legal requirements (e.g. benchmark regulation) have to be fulfilled.

4. recipient of personal data from customers

Within the company, those departments that need the customer’s data in order to fulfil the contractual and legal requirements of Pflichten are given access to it. Service providers and vicarious agents used by the company may also receive data for these purposes if they comply with the written data protection instructions of the company.

With regard to the transfer of data to recipients outside the company, it should first be noted that the company is required to maintain secrecy with regard to all customer-related facts and evaluations verpflichtet of which it becomes aware.

Information about customers may only be passed on by the company if this is required by law, if the customer has consented, if contract processors commissioned by the company guarantee compliance with banking secrecy in the same way as well as the requirements of the Basic Data Protection Regulation/Bundesdatenschutzgesetz (Federal Data Protection Act). Under these conditions, recipients of personal data may be, for example:

  • Public sector bodies (e.g. Federal Financial Supervisory Authority, ESMA, Federal Central Tax Office) where there is a legal or official obligation
  • Other companies, similar institutions and contract processors to whom the company transmits personal data for the purpose of conducting business with customers. These companies are also required by law or contract to treat personal data with the necessary care
  • Service providers who support the company in the following activities: Support/maintenance of EDP/IT applications, Archiving, Document processing, Call center services, Compliance services, Controlling, Data destruction, Purchasing/procurement, Collection, Customer administration, Lettershops, Marketing, Media technology, Research, Risk controlling, Expense accounting, Telephony, Video identification, Website management, Auditing services, Payment transactions

Subjects of certain regulated professions such as lawyers (who provide accompanying services for the company, e.g. compliance), notaries or financial statement preparers

  • Other data recipients may be those entities for which customers have given their consent to data transfer

Note: Under no circumstances will personal data be sold to third parties.

5. as a general rule, no transfer of data to a third country or to an international organisation

A data transfer to countries outside the EU or the EEA (so-called third countries) findet only takes place if this is required by law for the execution of the customer’s orders (e.g. tax law Meldepflichten), the customer has given his consent or in the context of order processing. If service providers are used in a third country, they are required in addition to written instructions by the agreement of the EU standard contractual clauses on compliance with the level of data protection in Europe verpflichtet. If you need a hard copy of these terms or information about their availability, you can contact the company in writing.

6. storage duration of the data

The company processes and stores personal data of customers as long as it is necessary for the fulfillment of contractual and legal Pflichten. It should be noted here that the business relationship is a continuing obligation that is intended to run for several years. If the data are no longer required for the fulfilment of contractual or statutory Pflichten requirements, they will be deleted regularly, unless the – temporary – further processing is required for the following purposes:

  • Fulfilment of commercial and tax retention periods. These include obligations arising from the Commercial Code, the Fiscal Code and the Benchmark Ordinance. The time limits for storage and documentation specified there are up to ten years.
  • preservation of evidence within the scope of the statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

For applicants without a subsequent contract conclusion, a retention period of 6 months applies.

7. personal data protection

The Company will take reasonable and appropriate measures to protect stored and processed information from misuse, loss or unauthorized access. The company has taken a number of technical and organizational measures to achieve this.

If you suspect that your personal information has been misused, lost, or accessed by unauthorized persons, please notify the Company as soon as possible.

8. data protection rights under the Basic Data Protection Regulation

Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right of limitation of processing under Article 18 GDPR, the right of opposition under Article 21 GDPR and the right of data transfer under Article 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to cancellation.

The right of access includes information on processing purposes, the category of personal data, the categories of recipients to whom personal data have been or will be disclosed, the planned duration of storage, the existence of a right of rectification, erasure, limitation of processing, objection or transferability of data, the existence of a right of appeal, the origin of the data if not collected from the company, and the existence of automated decision making including profiling and, if applicable, the existence of a right of access to the data. meaningful information on their details.

The customer can request the immediate correction of incorrect or the completion of the personal data collected by the company at any time.

The customer can request the deletion of his personal data stored by the company, unless the processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. In the absence of any of the aforementioned cases, the company will delete this data. The company will usually include the customer’s name in the list of people who do not wish to be contacted. In this way, the company minimizes the chance that customers will be contacted in the future if their data is collected separately under different circumstances.

In certain circumstances, the customer may request that the company restrict the processing of its personal data. This means that the company will only store customer data in the future and will not be able to perform any further processing activities until: (i) any of the conditions listed below have been removed, (ii) the customer has given his consent or (iii) further processing is necessary in order to assert, exercise or defend legal rights, to protect the rights of other persons or if it is necessary for the legitimate public interest of the EU or a Member State. In the following circumstances, the Customer may request that the Company restrict the processing of the Customer’s personal data:

If the customer disputes the accuracy of the personal data that the company processes about the customer. In this case, the processing of the customer’s personal data will be restricted by the company until the accuracy of the data has been verified.

If the customer objects to the processing of his personal data by the company in the sense of the company’s legitimate interests. In this case, the Customer may request that the data be restricted while the Company verifies its reasons for processing the Customer’s personal data.

If the processing of the customer’s data by the company is unlawful, but the customer prefers to limit the processing by the company instead of having the data deleted.

When there is no longer a need for the company to process the customer’s personal data, but the customer needs the data to assert, exercise or defend legal claims.

The customer may receive the personal data he has provided to the Company in a structured, common and machine-readable format or may request that it be transferred to another responsible party.

If a decision to conclude or fulfil a contract has only been taken in an automatic process (Art. 22 GDPR) and this decision has legal effect on the customer or the customer is similarly significantly impaired, the customer can demand a further manual review from the company after he has presented his point of view to the company and requested the manual review. In the event of such a decision, the Company shall also separately inform the customer of the occasion and the scope and intended effects of such data processing.

There is also a right of appeal (Article 77 GDPR in conjunction with § 19 BDSG). The Customer may refer this matter to the supervisory authority of his usual place of residence or work or the registered office of the Company.

A given consent to the processing of personal data may be revoked by the customer at any time vis-à-vis the company. This also applies to the revocation of declarations of consent given to the company prior to the application of the Basic Data Protection Regulation, i.e. before 25 May 2018. The customer is informed that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this. The separate note at the end of this data protection notice also applies to this.

In response to the customer’s objection, the company must cease the relevant activities. This applies with the exception that the Company can prove that the Company has prior legitimate reasons for processing, which override the Customer’s interests, or that the data is processed to enforce, exercise or defend a legal claim.

9. data provision obligation

Within the framework of the joint business relationship, the customer must provide the personal data that is required for the establishment and performance of a business relationship and the fulfilment of the associated contractual Pflichten or for the collection of which the company is required by law verpflichtet. Without this data, the company will usually have to refuse the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate it. If the customer does not provide the information and documents required by the company, the company may not establish or continue the business relationship requested by the customer.

10. automated Entscheidungsfindung

In principle, the company does not use any fully automated Entscheidungsfindung pursuant to Article 22 GDPR for the establishment and execution of the business relationship. If the company uses these procedures in individual cases, customers will be informed separately if this is required by law.

11. Profiling

The company does not process customer data automatically with the aim of evaluating certain personal aspects (Profiling). A Profiling is not used by the company

12. amendment clause

This Privacy Statement is current and effective as of May 2018. The Company reserves the right to change this Privacy Statement from time to time. Please check regularly and in particular before each use of a service whether an updated version is available. The current data protection declaration can be called up and printed out by customers at any time on the website under . The company will inform customers about fundamental changes on the website and through the usual communication channels.

Information about your right of objection pursuant to Article 21 of the General Data Protection Regulation (GDPR)

(1) Individual right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6 para. 1 lit. e GDPR (data processing in the public interest) and Article 6 para. 1 lit. f GDPR (data processing on the basis of a weighing of interests); this also applies to a Profiling based on this provision within the meaning of Article 4 para. 4 GDPR (however, profiling is currently not carried out by companies). If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

(2) Right of objection against processing of data for advertising purposes

In individual cases we process your personal data in order to conduct direct advertising. You have the right at any time to object to the processing of personal data concerning you for the purpose of such advertising; this also applies to Profiling, insofar as it is connected with such direct advertising (however, profiling is currently not carried out by companies). If you object to the processing for purposes of direct marketing, we will no longer process your personal data for these purposes.

An objection can be made without form and should preferably be made by telephone: +49 211 781 75180 or alternatively with an e-mail to