Berlin +49 30 120 856 32 mail@dlx-media.com
Contact
Privacy

Privacy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites and within external online presences.

The terms used are not gender-specific.

Last updated: 26.05.2026

Table of Contents

Controller

Simon Pokorny
c/o DLx-Media.com
Badstraße 49
13357 Berlin
Germany

Email address: ds@dlx-media.com
Phone: +49-30-120-856-32
Legal notice: https://dlx-media.com/en/imprint

Data Protection Officer

Katarzyna Marek – km@dlx-media.com

Overview of Processing

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

  • Master data (e.g. names, addresses)
  • Contact data (e.g. email, telephone numbers)
  • Content data (e.g. entries in online forms)
  • Contract data (e.g. subject matter of contract, duration, customer category)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Categories of Data Subjects

  • Customers
  • Prospective customers
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing

  • Provision of contractual services and customer service
  • Contact requests and communication
  • Security measures
  • Reach measurement
  • Office and organisational procedures
  • Managing and responding to requests
  • Provision of our online offer and user-friendliness
  • Information technology infrastructure

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.

  • Consent (Art. 6 para. 1 s. 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 s. 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Security Measures

We implement appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, assurance of availability of and segregation of data.

IP address shortening: Where IP addresses are processed and a full IP address is not required, the IP address is shortened (IP masking). The last two digits or the last part of the IP address after a dot are removed or replaced by placeholders.

TLS encryption (https): To protect data transmitted via our online offer, we use TLS encryption. You can recognise encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

In the course of processing personal data, it may happen that data is transferred to or disclosed to other entities, companies, legally independent organisational units or persons. Recipients of such data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and in particular conclude corresponding data processing agreements with the recipients of your data.

Data Processing in Third Countries

Where we process data in a third country (i.e. outside the European Union or the European Economic Area) or this takes place in the context of using third-party services, this is done only in accordance with the legal requirements. Subject to explicit consent or contractually or legally required transfer, we process data in third countries only where an adequate level of data protection is recognised, on the basis of contractual obligations through standard contractual clauses of the EU Commission, or where certifications exist (Art. 44 to 49 GDPR).

Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitting their processing are revoked or other permissions cease to apply. Where data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes.

The statutory retention period is ten years for tax-relevant documents, commercial books and accounting records, and six years for received and sent commercial and business letters.

Use of Cookies

Cookies are small text files or other storage records that store information on end devices and read information from those end devices. We use cookies in accordance with the statutory provisions. Where legally required, we obtain prior consent from users.

Storage Duration

  • Temporary cookies (session cookies): Deleted at the latest after a user has left the online offer and closed their end device.
  • Permanent cookies: Remain stored after the end device is closed. The storage duration can be up to two years unless otherwise specified.

Revocation and objection (opt-out): Users may revoke consents they have given at any time and object to processing in accordance with the statutory requirements under Art. 21 GDPR. Users may also declare their objection via their browser settings. An objection to the use of cookies for online marketing purposes can be declared via https://optout.aboutads.info and https://www.youronlinechoices.com/.

Business Services

We process data of our contractual and business partners, e.g. customers and prospective customers, in the context of contractual and comparable legal relationships and related measures, as well as in the context of communication with contractual partners, e.g. to respond to enquiries.

  • Types of data processed: Master data; contact data; contract data.
  • Data subjects: Prospective customers; business and contractual partners; customers.
  • Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organisational procedures; managing and responding to requests.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 s. 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Agency services: We process our clients' data in the context of our contractual services, which may include conceptual and strategic consulting, campaign planning, implementation of campaigns and processes, data analysis and training services; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR).

Consulting: We process the data of our clients and other principals or contractual partners in order to provide them with our consulting services. Where required for the performance of our contract, legally required, or where consent has been given, we transfer data to third parties or contractors such as authorities, subcontractors or IT service providers; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR).

Provision of the Online Offer and Web Hosting

We process users' data in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Types of data processed: Usage data; meta/communication data; content data.
  • Data subjects: Users; business and contractual partners.
  • Purposes of processing: Provision of our online offer and user-friendliness; information technology infrastructure; security measures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Collection of access data and log files: Access to our online offer is logged in the form of server log files. Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, browser type and version, operating system, referrer URL and IP addresses. Log file information is stored for a maximum of 30 days and then deleted or anonymised; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Hetzner: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/legal/privacy-policy; Data processing agreement: https://docs.hetzner.com/general/general-terms-and-conditions/data-privacy-faq/.

Contact and Inquiry Management

When contacting us (e.g. via contact form, email or telephone) and in the context of existing user and business relationships, the information provided by the enquiring persons is processed insofar as this is necessary to respond to the contact enquiries and any requested measures.

  • Types of data processed: Contact data; content data; usage data; meta/communication data.
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication; managing and responding to requests.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Contact form: When users contact us via our contact form, email or other communication channels, we process the data provided to us in this context in order to handle the matter communicated; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Video Conferences, Online Meetings and Screen Sharing

We use platforms and applications of other providers (hereinafter "conference platforms") for the purpose of conducting video and audio conferences and other types of video and audio meetings. In selecting conference platforms and their services, we comply with the legal requirements.

Data processed includes personal data (first and last name), contact information (email address, telephone number), access data, the IP address of the internet connection, information about participants' end devices, and audio and video data.

  • Types of data processed: Master data; contact data; content data; usage data; meta/communication data.
  • Data subjects: Communication partners; users.
  • Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organisational procedures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Google Meet: Messenger and conference software; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://meet.google.com/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://cloud.google.com/terms/data-processing-addendum.

Cloud Services

We use software services accessible via the internet (cloud services) for the storage and management of content. Personal data may be processed and stored on the providers' servers insofar as such data forms part of communication processes with us or is otherwise processed by us as set out in this privacy policy.

  • Types of data processed: Master data; contact data; content data; usage data; meta/communication data.
  • Data subjects: Customers; prospective customers; communication partners; users.
  • Purposes of processing: Office and organisational procedures; information technology infrastructure; provision of contractual services and customer service.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Google Workspace: Cloud-based application software (e.g. word processing, spreadsheets, calendar and contact management), cloud storage and cloud infrastructure services; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://workspace.google.com/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://cloud.google.com/terms/data-processing-addendum.

Web Analytics and Monitoring

Web analytics is used to evaluate visitor traffic to our online offer. We use Matomo, a self-hosted open-source solution for this purpose. The data collected is processed exclusively by us and is not shared with third parties.

  • Types of data processed: Usage data; meta/communication data.
  • Data subjects: Users.
  • Purposes of processing: Reach measurement; provision of our online offer and user-friendliness.
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).

Matomo: Matomo is software used for web analytics and reach measurement. When Matomo is used, cookies are generated and stored on the end device of the user. Data collected via Matomo is processed exclusively by us and is not shared with third parties. Cookies are stored for a maximum period of 13 months. All servers are located exclusively in Germany; Legal bases: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR); Further information: https://matomo.org/privacy/.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will notify you as soon as the changes require an action on your part (e.g. consent) or any other individual notification.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR:

  • Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. f) GDPR.
  • Right to withdraw consent (Art. 7 para. 3 GDPR): You have the right to withdraw consent given at any time with effect for the future.
  • Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether relevant data is being processed and to receive information about this data as well as a copy of the data.
  • Right to rectification (Art. 16 GDPR): You have the right to request the completion or correction of inaccurate data concerning you.
  • Right to erasure (Art. 17 GDPR): You have the right to request the deletion of data concerning you, provided the legal requirements are met.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request that the processing of data concerning you be restricted.
  • Right to data portability (Art. 20 GDPR): You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for Berlin is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragter für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin, www.datenschutz-berlin.de.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Controller: The natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means.
  • Processor: A natural or legal person who processes personal data on behalf of the controller.
  • Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

Last updated: 26.05.2026 | Author: Simon Pokorny