Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: February 24, 2026

Controller

Markus Müller
61118 Bad Vilbel

Email address: info@pixel-industry.de

Imprint: www.pixel-industry.de/imprint.html

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

Master data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication and procedural data
Log data

Categories of Data Subjects

Service recipients and clients
Prospective customers
Users
Business and contractual partners

Purposes of Processing

Provision of contractual services and fulfilment of contractual obligations
Communication
Security measures
Reach measurement
Office and organisational procedures
Organisational and administrative procedures
Feedback
Profiles with user-related information
Provision of our online offering and user experience
Information technology infrastructure
Public relations
Business processes and operational procedures

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of personal data relating to them for one or more specific purposes.
Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the data protection provisions of the GDPR, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission and automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual German federal states may apply.

Note on the applicability of the GDPR and Swiss DSG: These privacy notices serve to provide information both under the Swiss Data Protection Act (DSG) and under the General Data Protection Regulation (GDPR). For this reason, please note that the terms of the GDPR are used due to their broader geographical scope and comprehensibility.

Security Measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as the access to, input of, disclosure of, assurance of availability of, and segregation of data.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this is done in accordance with the legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission on 10 July 2023. In addition, we have concluded standard contractual clauses with the respective providers.

Further information on the DPF is available at: https://www.dataprivacyframework.gov/

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is withdrawn or no further legal basis for processing exists.

Retention and deletion of data: The following general retention and archiving periods apply under German law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets (§ 147(1)(1) in conjunction with (3) AO, § 14b(1) UStG, § 257(1)(1) in conjunction with (4) HGB).
8 years – Accounting vouchers, such as invoices and expense receipts (§ 147(1)(4) and (4a) in conjunction with § 147(3)(1) AO and § 257(1)(4) in conjunction with (4) HGB).
6 years – Other business documents (§ 147(1)(2), (3), (5) in conjunction with (3) AO, § 257(1)(2) and (3) in conjunction with (4) HGB).
3 years – Data relevant to potential warranty and damages claims (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, arising in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of legitimate interests.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed and to access that data.
Right to rectification: You have the right to request that incomplete or inaccurate data concerning you be completed or corrected.
Right to erasure and restriction of processing: You have the right to request that personal data concerning you be erased without undue delay.
Right to data portability: You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority.

Business Services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships as well as related measures.

Types of data processed: Master data, payment data, contact data, contract data.
Data subjects: Service recipients and clients; prospective customers; business and contractual partners.
Purposes of processing: Provision of contractual services; communication; office and organisational procedures.
Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Provision of the Online Offering and Web Hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data; meta, communication and procedural data; log data; content data.
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offering and user experience; information technology infrastructure; security measures.
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Log file information is stored for a maximum period of 30 days and then deleted or anonymised.

Use of Cookies

The term "cookies" refers to functions that store and retrieve information on users' devices. We use cookies in accordance with the applicable legal provisions.

Storage duration:

Temporary cookies (session cookies): Deleted when the browser is closed.
Permanent cookies: Remain stored; storage duration of up to two years.

Types of data processed: Meta, communication and procedural data.
Data subjects: Users.
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Web Analytics, Monitoring and Optimisation

Web analytics is used to evaluate visitor traffic to our online offering and may include behaviour, interests or demographic information about visitors as pseudonymous values.

We use an IP masking procedure (pseudonymisation through truncation of the IP address) to protect users.

Types of data processed: Usage data; meta, communication and procedural data.
Data subjects: Users.
Purposes of processing: Reach measurement; profiles with user-related information; provision of our online offering.
Security measures: IP masking (pseudonymisation of the IP address).
Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Privacy policy: https://policies.google.com/privacy
Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Contentsquare: We use Contentsquare, a web analytics service provided by Contentsquare SAS, 7 Rue de Madrid, 75008 Paris, France, to analyse user interactions on our website in order to improve user experience and optimise our online offering.

Contentsquare collects the following data in pseudonymised form using cookies:

Interaction data (e.g. clicks, scroll movements, mouse movements, hover behaviour, time spent on pages)
Device information (e.g. operating system, browser type, screen size)
Pseudonymised IP address
Referrer URL (the page visited immediately before)
Geographic location (country from which the website is accessed)

The IP address transmitted by your browser is not merged with other data held by Contentsquare. Data collected by Contentsquare is stored for a maximum of 13 months and then deleted.

The use of Contentsquare is based on your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time.

Opt-out: To be excluded from data collection by Contentsquare on this website, click here. This will set an opt-out cookie and remove all existing Contentsquare cookies on this domain. You may also withdraw your consent at any time via our cookie settings.

Service provider: Contentsquare SAS, 7 Rue de Madrid, 75008 Paris, France
Website: https://contentsquare.com
Privacy policy: https://contentsquare.com/privacy-center/privacy-policy/

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

Types of data processed: Contact data; content data; usage data.
Data subjects: Users.
Purposes of processing: Communication; feedback; public relations.
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection of visitor data used to create "Page Insights" for our LinkedIn profiles.

Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.linkedin.com
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers").

Types of data processed: Usage data; meta, communication and procedural data.
Data subjects: Users.
Purposes of processing: Provision of our online offering and user experience.
Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Google Fonts (retrieved from Google servers): Fonts are retrieved for the purpose of technically secure, maintenance-free and efficient use of typefaces.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://fonts.google.com/
Privacy policy: https://policies.google.com/privacy
Further information: https://developers.google.com/fonts/faq/privacy?hl=de

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We update the privacy policy as soon as changes to the data processing activities we carry out make this necessary.

Definitions

This section provides an overview of the terms used in this privacy policy.

Master data: Essential information for the identification and management of contractual partners, user accounts, profiles and similar assignments.
Content data: Information generated in the course of creating, editing and publishing content of all kinds.
Contact data: Essential information that enables communication with persons or organisations.
Meta, communication and procedural data: Information about how data is processed, transmitted and managed.
Usage data: Information that records how users interact with digital products, services or platforms.
Personal data: Any information relating to an identified or identifiable natural person.
Profiles with user-related information: Automated processing of personal data to analyse certain personal aspects.
Log data: Information about events or activities that have been logged in a system or network.
Reach measurement: Evaluation of visitor traffic to an online offering (also referred to as web analytics).
Controller: The natural or legal person who determines the purposes and means of the processing of personal data.
Processing: Any operation performed in connection with personal data, whether collecting, evaluating, storing, transmitting or deleting.
Contract data: Specific information relating to the formalisation of an agreement between two or more parties.
Payment data: All information required to process payment transactions.