Privacy Policy

Preamble

With the following privacy policy, we inform you about the types of your personal data (hereinafter referred to as “data”) that we process, the purposes for which they are processed, and the scope of such processing. This privacy policy applies to all processing of personal data carried out by us – both in the context of providing our services and, in particular, on our website LuxVitalent as well as within external online presences (e.g. social media profiles) (collectively referred to as “online offering”).

The terms used are gender-neutral.

Status: February 9, 2026

Overview of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Use of Cookies
• Contact and Inquiry Management
• Web Analytics, Monitoring and Optimization
• Online Marketing
• Plug-ins and Embedded Functions and Content
• Comments (WordPress)

Controller

projx GmbH
Josef-Felder-Straße 53, D-81241 Munich, Germany
Phone: +49 (0) 89 232 412 16
Email: info [@] projx.de
Managing Directors: Ivan Zagorchev, Peter Petridis
Register Court: Munich Local Court | HRB 207001

Legal notice of LuxVitalent: https://luxvitalent.de/impressum/

Overview of Processing Activities

Types of Data Processed

• Inventory data
• Contact data
• Content data
• Usage data
• Meta, communication and procedural data

Categories of Data Subjects

• Communication partners
• Users

Purposes of Processing

• Communication
• Reach measurement
• Tracking
• Audience building
• Organizational and administrative procedures
• Feedback
• Marketing
• Profiles with user-related information
• Provision of our online offering and user-friendliness

Applicable Legal Bases

Relevant legal bases under the GDPR:

• Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

National Data Protection Regulations

In addition to the data protection regulations of the GDPR, national data protection regulations apply (e.g. in Germany the BDSG). If you are located in Switzerland, we process your data in accordance with the Swiss FADP. For reasons of comprehensibility, terminology of the GDPR is predominantly used in this notice.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability protection and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data protection risks.

IP Address Truncation (IP Masking): If IP addresses are processed and full storage of the IP address is not required, the IP address is shortened to prevent or significantly hinder identification.

Transfer of Personal Data

In the course of our processing activities, data may be transferred to or disclosed to other entities, companies or service providers (e.g. IT service providers, hosting providers, providers of integrated content). In such cases, we comply with legal requirements and conclude – where necessary – data processing agreements or other appropriate arrangements.

International Data Transfers

If we transfer data to third countries (outside the EU/EEA) or if this occurs in the context of using third-party services, this is always done in compliance with legal requirements, in particular based on adequacy decisions (e.g. Data Privacy Framework, where applicable) and/or standard contractual clauses as well as, if required, consent or legally required transfers.

General Information on Data Storage and Deletion

We delete personal data in accordance with statutory provisions as soon as the underlying consent is withdrawn or no further legal basis for processing exists. Exceptions apply if legal obligations or special interests require longer retention (e.g. commercial or tax retention periods or legal enforcement).

Examples of Retention Periods (Germany)

• 10 years – e.g. books, annual financial statements, organizational documents (§ 147 AO, § 257 HGB)
• 8 years – accounting records (e.g. invoices) (§ 147 AO, § 257 HGB)
• 6 years – other business documents (§ 147 AO, § 257 HGB)
• 3 years – regular limitation period (§§ 195, 199 BGB)

Rights of Data Subjects (GDPR)

• Right to object (Art. 21 GDPR), in particular against direct marketing
• Right to withdraw consent
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR) and restriction (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to lodge a complaint with a supervisory authority

Use of Cookies

The term “cookies” refers to functions that store and read information on users’ devices. Cookies may be used for functionality, security, convenience, analytics and marketing purposes. We use cookies in accordance with legal requirements and, where necessary, obtain prior consent.

To manage the cookies and similar technologies used and the related consents, we use the consent tool Real Cookie Banner. Details: https://devowl.io/de/rcb/datenverarbeitung/

Information on storage duration: Session cookies are deleted at the latest when the browser is closed. Persistent cookies remain stored and may be stored for up to two years, unless otherwise specified.

Contact and Inquiry Management

When contacting us (e.g. by post, contact form, email, phone or via social media), we process the information provided by the inquiring persons insofar as this is necessary to respond to the contact requests and any requested measures.

Legal bases: Art. 6 para. 1 lit. b GDPR (contract/pre-contract), Art. 6 para. 1 lit. f GDPR (legitimate interests).

Web Analytics, Monitoring and Optimization

Web analytics is used to evaluate visitor flows and to optimize our online offering. Pseudonymous profiles may be created and cookies may be used. IP addresses are shortened where possible (IP masking).

Google Analytics

If you have given your consent, we use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze the use of our online offering. Pseudonymous usage profiles may be created and cookies may be used.

Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy
Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de
Further information: https://business.safety.google/adsservices/

Online Marketing

We may process personal data for online marketing purposes (e.g. reach measurement, tracking, audience building, performance measurement), provided that you have given consent. As a rule, pseudonymous data is processed. Plain data is generally not stored.

Opt-out overviews: https://www.youronlinechoices.eu, https://www.aboutads.info/choices, https://optout.aboutads.info

Plug-ins and Embedded Functions and Content

We integrate functional and content elements obtained from the servers of their respective providers (“third-party providers”) (e.g. graphics, videos, libraries). The IP address is processed, as delivery to the browser would otherwise not be possible. Third-party providers may also use pixel tags/cookies for statistical or marketing purposes.

Integration of Third-Party Software, Scripts or Frameworks

We may retrieve software (e.g. functional libraries) from servers of other providers in order to improve presentation and user-friendliness. The respective provider may process the IP address for delivery and security/optimization purposes. Legal basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR).

Google Fonts

• Provision on own server: Google Fonts are hosted locally; no data is transferred to Google.
• Retrieval from Google server: When retrieved, the IP address may be transferred to Google. Further information: https://developers.google.com/fonts/faq/privacy?hl=de

Comments (WordPress)

If comments are possible on the website, we process the information you provide (e.g. name, email, comment text) as well as technical data (e.g. IP address) for displaying the comments and preventing misuse.

Gravatar

If avatars are loaded via Gravatar, a hash of your email address may be transmitted to the Gravatar service to check whether a profile picture is stored there.

Data Protection Contact

Please direct inquiries regarding data protection rights to: info [@] projx.de or by post to the address stated above.