02 Privacy Policy

Privacy Policy

This Privacy Policy describes how edeXa handles personal data and how we collect such data in connection with the use of our webpages (websites, B2B portals and services) and the use of our solutions and services
General information concerning data processing

Our processing of personal data of natural persons who use our services is limited to the data necessary to provide our solutions, services, and website.

Our users’ personal data are only processed for the purposes agreed with those users or if there is another legal basis (in the sense of the GDPR). We only collect personal data that are truly required for the performance and management of our tasks and services or that you have voluntarily provided to us.

Wherever we determine the purpose and/or means of processing the personal data in our company, we are the so-called controller within the meaning of the GDPR. This applies, for example, when the customer visits our websites. Wherever personal data are concerned that have been sent to us by our customers because they use our services, we do not decide on the means and purpose of processing, meaning our customers are the controllers and we are merely processors.

This Privacy Policy applies only to the processing of personal data carried out by our company. We are not responsible for the processing of personal data by third parties. Further, we are not responsible for hyperlinks to third-party websites or if cookies are set by third parties.

Your rights (rights of data subjects)

You have the right to request information about your personal data that we process. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, data transmission – provided that no disproportionate effort is involved –, the source of your data if they have not been collected from us, and the existence of automated decision-making including profiling.

You also have the right at any time to withdraw any consent you may have given to the use of your personal data.

If you are of the opinion that the processing of your personal data by us is contrary to the applicable data protection regulations, you have the option to direct a complaint to the data protection office.

Purposes of processing

We process personal data for the following purposes:

  • for the sustaining and further development of our business,
  • for the observance of contracts with our customers, suppliers, and partners,
  • for providing offers of our solutions and services,
  • for the exchange and processing of electronic data between two business partners in accordance with the terms of the contract,
  • for marketing measures (including direct marketing) in connection with our services (including by telephone, post, and email) for the purpose of informing interested parties,
  • for the operation of our HelpDesk and the support of customer inquiries, for the solution of technical problems and the provision of important information to the users of our solutions,
  • for optimizing our services and their use,
  • for research and analysis purposes,
  • as a controlling instrument for monitoring system performance, error handling, IT security, and improvements to IT systems,
  • for market surveys,
  • for preventing misuse and infringement of copyrights.

Partner companies that act as processors for us have been instructed by us about the instructions. If personal data is made available to us by partner companies, we assume that the data subjects have been informed of this Privacy Policy.

Description and scope of data processing

The personal data that we collect from natural persons who use our services is essentially the following data:

  • Name,
  • Address,
  • Occupational title,
  • Sex,
  • Phone number,
  • Email address
  • And other personal data made available to us.

We predominantly collect only data of natural persons in their business environment that reveal no information about them as private persons or private customers. These people work in companies that are predominantly our prospects, customers, suppliers, or partners.

When you access our webpages, we collect technical data from users and/or information regarding the computer system of the accessing computer.

The following data are collected as part of this process:

  • IP address,
  • Browser type and version,
  • Preferred language,
  • Geographical location,
  • Operating system,
  • Computer platform,
  • The complete URL clickstream (including date and time), arising from the use of our B2B portals and services,
  • The services viewed or searched for during use, and our services and parts of our services visited by the user,
  • Webpages from which the user’s system accessed our website.

These data are also classified according to the applicable data protection law and are treated accordingly by us.


We use cookies on our webpages in order to make our website user-friendly. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The cookies remain stored until you delete them. This allows us to recognize your browser the next time you visit.

If you do not want this, you can set your browser to inform you when cookies will be set so that you can allow them on a case-by-case basis. We would like to point out, however, that deactivation will mean that you will not be able to use all the functions of our webpages and services.

The legal basis for the data processed by cookies is Art. 6(1) Point (f) of the GDPR.

Web analytics

“Google Analytics”, a web analysis service provided by Google, is used on our website to evaluate website usage.
Google Analytics uses cookies (see point 5.) that are stored on your computer. The information contained therein about the visitor’s use of the website and Internet can be processed and evaluated by Google.

The data collected by Google may be transmitted by Google to countries outside the EU and the EEA, in particular the USA. However, Google complies with the Privacy Shield Framework.

Further information about your rights can be found at: http://ec.europa.eu/justice/dataprotection/document/citizens-guide_en.pdf.

The legal basis for the use of Google Analytics is Art. 6(1) Point (f) of the GDPR.

Online marketing

We essentially use the following online marketing tools for communication and advertising purposes:

  • Newsletter
  • Contact form
  • Social Media


If you sign up for our newsletter, we will immediately send a message containing a hyperlink to the email address provided. By clicking on this link you confirm your newsletter subscription (double opt-in procedure). If this registration confirmation is not received within 24 hours, we will delete the email address from our temporary list and no registration will take place.

By confirming the newsletter subscription, you give your consent to the storage of your email address including date of registration, IP address, and the list name of the requested newsletter.

We use your name and e-mail address exclusively for the administration and sending of the newsletter you have requested.

Our newsletters do not contain any obvious or hidden counters, third party advertisements, or links to external sites that are not directly related to the content of our newsletter.

Each newsletter contains a notice of how to unsubscribe from the newsletter.

Contact form:

If you fill out a contact form or send us an email or other electronic message, your details will only be stored for the purpose of processing the inquiry and any further related questions, and will only be used within the scope of the inquiry.

The legal basis for processing your inquiry is Art. 6(1) Point (b) of the GDPR.

We will delete your email address after your inquiry has been processed if the process does not result in a business relationship.

Social Media:

All embedded social plugins work via the 2-click procedure; this means that the recording of your surfing behavior by a plugin only starts if you activate the corresponding plugin by clicking on it at all. If you are logged in with your Facebook account at the same time as you visit our website, Facebook registers the page visit after activation of the plugin (first click) and can trace this visit back to your user account.

Data security

For our webpages, we employ the widely used SSL procedure in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the appearance of a key or closed lock symbol in the address bar of your browser.

In addition, we apply further appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are being continuously improved in line with technological developments.

Duration of storage

Personal data will be stored for as long as is necessary for the processing purposes, but no longer than legally permissible. The effective storage period varies according to the type and purpose.

As a rule, we store a user’s personal data only for the duration of the use of our services, unless longer-term storage is necessary for other reasons. In any case, however, we do not store the data for longer than is legally permissible or prescribed.

Personal data will be deleted either at the end of the aforementioned period or at the request of the user concerned.

Legal basis for processing

We process personal data in the legitimate interests of operating, sustaining, and developing our company. Furthermore, it is necessary to process personal data in order to comply with our legal obligations.

For certain services, we require the user’s consent to process personal data for specific purposes; the respective user has the right at any time to revoke this consent.

Recipients of personal data

Within our company, personal data is only passed on if we deem it necessary for the purposes stated in this Privacy Policy. Our employees have committed themselves to the corresponding confidentiality.

Personal data will not be passed on to third parties outside our company unless:

  • the purposes of the processing require it; in this case our services provide for forwarding the data and the users leave the data to us for this purpose.
  • the fulfilment of legal obligations requires it; when there is an obligation to comply with applicable law and/or a court decision to detect, prevent, or remedy fraud, security deficiencies, or technical problems and/or to protect our interests and property or the safety of our users or the public, in accordance with applicable law,
  • the company is restructured; in the context of mergers and the purchase or sale of companies or parts of companies
  • the user consents to the disclosure, with the right at any time to revoke this consent.

Cross-border processing of personal data

We operate in an international environment and accordingly offer our services internationally, due to which it is possible that personal data can also be transferred to or accessed in countries outside the respective user’s country of residence. Accordingly, we take precautions to maintain the necessary and suitable level of protection.

Whenever the processing of personal data is transferred to a state outside the EU and no adequacy decision has been taken by the EU Commission, the necessary level of data protection is maintained, for example, by using standard contractual clauses of the EU Commission.

If any queries arise in this connection, we are available to users at the address stated under “Contact information” below.

Subject to change

We reserve the right to update or adapt this Privacy Policy if necessary. Reasonable efforts will be made to notify about significant changes. The version made available on the website online will always be the currently valid version. If other language versions exist as translations, only the German version is relevant.

Complaints office

If a user is of the opinion that our company’s processing of personal data does not comply with the applicable data protection regulations, he has the right at all times to file a complaint with his competent data protection supervisory authority.

Contact information

If you have any questions or concerns regarding this Privacy Policy or regarding our handling of personal data, you can contact us at the following addresses:

by email:


or by letter:

edeXa AG
Kanalstrasse 32
LI-9490 Vaduz

Tel. 00423 238 10 00