Privacy Policy

The controller responsible for data processing on this website is:

This Privacy Policy applies to the public ExportFix website only. It explains how we process personal data when you visit this website, contact us, or request a demo.

This Privacy Policy does not cover the separate ExportFix application or supplier portal. Those services will be subject to separate privacy information once they are launched.

When you visit our website, our hosting and website infrastructure providers may automatically process certain technical data in server log files. This may include:

• your IP address
• date and time of access
• requested page or file
• browser type and browser version
• operating system
• referrer URL
• HTTP status code
• other technical information necessary for the secure delivery of the website

We process this data to ensure the technical operation, stability, and security of the website and to detect and prevent misuse.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is the secure and reliable provision of our website.

If you contact us by email or through a contact or demo-request form, we process the information you provide to us, such as:

• your name
• email address
• company name
• job title, if provided
• message content
• any other information you choose to send us

We process this data to respond to your request, communicate with you, and, where relevant, prepare for a potential business relationship.

Legal basis:

• Article 6(1)(b) GDPR, where the processing is necessary to take steps at your request prior to entering into a contract; or
• Article 6(1)(f) GDPR, where the processing is necessary for our legitimate interest in handling business inquiries and communications.

At launch, this website does not use non-essential cookies or similar technologies for analytics, advertising, tracking, or personalization.

We may use technically necessary cookies or similar technologies only where they are required for the secure operation and delivery of the website or for a function expressly requested by the user.

If we introduce non-essential cookies or similar technologies in the future, we will update this Privacy Policy and, where required, request your consent before using them. Germany's § 25 TDDDG generally requires consent for storing information on, or accessing information from, a user's device unless this is strictly necessary for the requested digital service.

We may share personal data with service providers who support the operation and delivery of this website and our communications, for example:

• hosting and website infrastructure providers
• email providers
• IT service providers, where necessary

These providers process personal data only on our behalf and in accordance with applicable data protection law, unless they act as independent controllers.

In particular, we use:

for website hosting and website infrastructure. Cloudflare Pages is deployed to Cloudflare's global network.

We generally seek to process personal data within the European Union or the European Economic Area.

However, in connection with the use of Cloudflare and potentially other technical service providers, personal data may be transferred to recipients outside the EU/EEA, including the United States. Where this happens, we rely on applicable legal transfer mechanisms under data protection law, such as an adequacy decision or appropriate safeguards, including the European Commission's Standard Contractual Clauses, where required. Cloudflare states that, for its core application layer services, metadata is processed in data centers in the U.S. and Europe.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In particular:

• server log data is generally retained for up to 30 days, unless longer retention is necessary for the investigation of specific security incidents
• contact and demo-request data is retained for as long as necessary to process the request and any related follow-up communication and is generally deleted no later than 12 months after the last relevant contact, unless legal retention obligations apply or longer retention is necessary to establish, exercise, or defend legal claims

Under the GDPR, you have the following rights, subject to the applicable legal requirements:

• the right of access to your personal data
• the right to rectification
• the right to erasure
• the right to restriction of processing
• the right to data portability
• the right to object to processing based on Article 6(1)(f) GDPR
• the right to withdraw consent at any time, where processing is based on consent

To exercise your rights, please contact us using the contact details provided above. The European Commission lists these transparency and rights items as part of GDPR information duties.

You have the right to lodge a complaint with a competent data protection supervisory authority.

If our main establishment is in North Rhine-Westphalia, the competent supervisory authority is generally:

We do not use personal data collected through this website for automated decision-making, including profiling, within the meaning of Article 22 GDPR.

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The current version available on this website applies.

Last updated: March 26, 2026