Cookie Settings

    We use cookies to improve your experience and optimize our service.

    Essential

    Always active

    These cookies are required for the basic functionality of the website.

    Analytics & Performance

    These cookies help us understand how you use our website to improve it.

    • Google Analytics 4 (visitor statistics)
    • Page views and navigation
    • Interactions and events

    For more information, see our Privacy Policy

    Skip to main content

    Privacy Policy

    Last updated: May 26, 2026

    Introduction

    I take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy. This privacy policy informs you pursuant to Art. 13 and 14 GDPR about the processing of your personal data.

    Data Controller (Art. 4 No. 7 GDPR)

    APRIXITY

    Melvin Voigtlaender

    Lathusenstr. 14a, 30625 Hannover, Germany

    [email protected]

    Data We Collect (Art. 13(1)(d) GDPR)

    • Contact form data: Name, email address, message, timestamp
    • Assessment data: Email, first name, company, responses to 8 questions about operational leverage
    • Analytics data: Page views, clicks, scroll depth, time on page (anonymized)
    • Technical data: IP address (anonymized), browser type, operating system, device information
    • Cookies: Essential (session, deleted after browser close), Analytics (with consent, 14 months retention per Google Analytics standard)

    How We Use Your Data (Art. 13(1)(c) GDPR)

    • Responding to inquiries and communication
    • Calculating and providing personalized assessment results using AI
    • Improving website performance and user experience
    • Analyzing user behavior for service optimization
    • Marketing communication (only with explicit consent)
    • Internal notification about new inquiries for timely processing

    Legal Basis (Art. 6 GDPR)

    • Consent (Art. 6(1)(a)) - for analytics, marketing, AI processing of assessment
    • Contract performance (Art. 6(1)(b)) - for service delivery and assessment execution
    • Legitimate interest (Art. 6(1)(f)) - for website operation, security, and internal notifications

    Third-Party Services and Data Processors

    I use the following services that process personal data on my behalf:

    Google Analytics 4

    Anbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    Zweck: Website analytics and usage statistics

    Daten: Anonymized usage data, page views, events

    Rechtsgrundlage: Consent (Art. 6(1)(a) GDPR)

    Datenübermittlung: USA (EU-US Data Privacy Framework)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.ga4.note

    Opt-Out: Cookie consent banner or browser plugin

    Hotjar

    Anbieter: Hotjar Ltd., Level 2, St Julian's Business Centre, Elia Zammit Street, St Julian's STJ 3155, Malta

    Zweck: User behavior analysis (heatmaps, session recordings)

    Daten: Anonymized interaction data, mouse movements, clicks

    Rechtsgrundlage: Consent (Art. 6(1)(a) GDPR)

    Datenübermittlung: EU (Malta)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.hotjar.note

    Opt-Out: Cookie consent banner

    n8n Workflow Automation

    Anbieter: Self-hosted on own infrastructure (Hetzner Cloud, Germany)

    Zweck: Automated processing of assessment requests, email sending, lead scoring

    Daten: Assessment data (email, name, company, responses)

    Rechtsgrundlage: Contract performance (Art. 6(1)(b) GDPR)

    Datenübermittlung: Germany (EU)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.n8n.note

    Opt-Out: privacy.sections.thirdParty.n8n.optOut

    Neo4j Database

    Anbieter: Self-hosted on own infrastructure (Hetzner Cloud, Germany)

    Zweck: Storage and management of lead data in graph database

    Daten: Contact data, assessment results, interaction history

    Rechtsgrundlage: Contract performance (Art. 6(1)(b) GDPR)

    Datenübermittlung: Germany (EU)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.neo4j.note

    Opt-Out: privacy.sections.thirdParty.neo4j.optOut

    Google Sheets

    Anbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    Zweck: Backup and overview of lead data for internal management to ensure data security and redundancy

    Daten: Email, name, company, assessment segment, timestamp

    Rechtsgrundlage: Legitimate interest (Art. 6(1)(f) GDPR) - interest in data availability, redundancy, and proper documentation

    Datenübermittlung: USA (EU-US Data Privacy Framework per EU Commission adequacy decision of 10.07.2023, additionally secured by Standard Contractual Clauses per Art. 46(2)(c) GDPR)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.googleSheets.note

    Opt-Out: privacy.sections.thirdParty.googleSheets.optOut

    Gmail / Google Workspace

    Anbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    Zweck: Sending assessment results and communication

    Daten: Email address, name, message content

    Rechtsgrundlage: Contract performance (Art. 6(1)(b) GDPR)

    Datenübermittlung: USA (EU-US Data Privacy Framework, Standard Contractual Clauses)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.gmail.note

    Opt-Out: privacy.sections.thirdParty.gmail.optOut

    Anthropic Claude (AI Analysis)

    Anbieter: Anthropic PBC, 548 Market St, San Francisco, CA 94104, USA

    Zweck: AI-powered analysis of assessment responses to determine leverage potential and archetype

    Daten: Assessment responses (Q1-Q8) for analysis. Personal data (name, email) is only processed if strictly necessary for result personalization.

    Rechtsgrundlage: Consent (Art. 6(1)(a) GDPR) - granted by submitting assessment with activated privacy checkbox

    Datenübermittlung: USA (Standard Contractual Clauses per Art. 46(2)(c) GDPR)

    Datenschutz:Link

    Hinweis: AI analysis serves to personalize results. No automated profiling with legal effect occurs. Anthropic does NOT use your assessment data for model training (per Commercial Terms).

    Opt-Out: privacy.sections.thirdParty.anthropic.optOut

    Perplexity AI

    Anbieter: Perplexity AI Inc., San Francisco, CA, USA

    Zweck: AI-powered research to enrich company information (corporate data only) for personalized consulting

    Daten: Publicly available company information based on company name (no personal contact data)

    Rechtsgrundlage: Legitimate interest (Art. 6(1)(f) GDPR) - interest in efficient sales preparation

    Datenübermittlung: USA (Standard Contractual Clauses)

    Datenschutz:Link

    Hinweis: Research is limited to publicly available corporate data (industry, size, location). Personal data of contact persons is not collected.

    Opt-Out: privacy.sections.thirdParty.perplexity.optOut

    Cal.com

    Anbieter: Cal.com Inc., San Francisco, CA, USA

    Zweck: Appointment booking for consultation calls

    Daten: Name, email address, selected appointment, optional notes

    Rechtsgrundlage: Contract performance (Art. 6(1)(b) GDPR)

    Datenübermittlung: USA (Standard Contractual Clauses)

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.calcom.note

    Opt-Out: privacy.sections.thirdParty.calcom.optOut

    Hetzner Cloud (Hosting)

    Anbieter: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

    Zweck: Hosting of website, databases, and automation workflows

    Daten: All data collected on the website is stored on Hetzner servers in Germany

    Rechtsgrundlage: Contract performance (Art. 6(1)(b) GDPR)

    Datenübermittlung: Germany (EU) - no third country transfer

    Datenschutz:Link

    Hinweis: privacy.sections.thirdParty.hetzner.note

    Opt-Out: privacy.sections.thirdParty.hetzner.optOut

    Data Processing Agreements (Art. 28 GDPR)

    For all service providers that process personal data on our behalf, Data Processing Agreements (DPAs) have been concluded that meet the requirements of Art. 28 GDPR.

    • Google Ireland Limited: Standard DPA for Google Workspace, Analytics, and Cloud services
    • Hotjar Ltd.: Standard DPA per GDPR requirements
    • Anthropic PBC: Data Processing Addendum (DPA) as part of Commercial Terms incl. Standard Contractual Clauses
    • Perplexity AI Inc.: Standard DPA with Standard Contractual Clauses for USA transfer
    • Cal.com Inc.: DPA with Standard Contractual Clauses
    • Hetzner Online GmbH: Data Processing Agreement for hosting services (EU)

    Upon request to [email protected], you can view evidence of the existence of these contracts.

    Data Transfer to Third Countries (Art. 44-49 GDPR)

    When using certain services, your data is transferred to countries outside the EU/EEA:

    • USA: Google (Analytics, Gmail, Sheets), Anthropic, Perplexity, Cal.com - Legal basis: EU-US Data Privacy Framework and/or Standard Contractual Clauses (Art. 46(2)(c) GDPR)

    For all third country transfers, I have implemented appropriate safeguards to ensure an adequate level of data protection.

    Automated Decision-Making and Profiling (Art. 22 GDPR)

    When processing your assessment data, I use AI-powered analysis:

    Zweck: The AI analyzes your responses to determine your operational leverage score and business archetype.

    The AI assessment is NOT legally binding. The result is used as guidance for a potential consultation and may influence our recommendations. No automated decisions with legal effect within the meaning of Art. 22(1) GDPR are made.

    Logik: The analysis is based on your responses to: Process automation (Q1-Q2), Data availability (Q3-Q4), Team autonomy (Q5-Q6), Decision speed (Q7-Q8). The algorithm weights these factors equally (25% each) and assigns you to one of 7 archetypes.

    Erklärbarkeit: Upon request, you will receive a detailed explanation of how your individual assessment came about, including the weighting of your responses.

    Menschliche Überprüfung: You have the right to human review at any time. Contact [email protected] with subject 'AI Review'. We will reassess your assessment with human judgment within 15 business days.

    Widerspruchsrecht: You have the right to object to automated processing. In this case, we will handle your case without AI analysis.

    Audit-Trail: All AI assessments are logged with timestamp, anonymized input data, and result. These audit logs are retained for 3 years.

    Kontakt: For questions about automated processing: [email protected]

    Data Protection Impact Assessment (Art. 35 GDPR)

    A Data Protection Impact Assessment (DPIA) was conducted for AI-powered assessment processing.

    Umfang: Assessed processing activity: AI-powered analysis of assessment responses using Anthropic Claude to determine leverage score and business archetype.

    Betroffene Personen: Categories of data subjects: Managing directors and decision-makers of SMEs in Germany who voluntarily participate in the assessment.

    Empfänger: Recipients: Anthropic PBC (AI processing), Neo4j on Hetzner (storage), Google Workspace (email sending).

    Risk assessment: ACCEPTABLE RESIDUAL RISK after implementation of safeguards

    Justification for controlled risk:

    • No legal effect on data subjects - result is non-binding guidance
    • Users can object at any time and request human review
    • Data minimization: Transmission of only data strictly necessary for analysis and result generation to the AI system
    • No sensitive categories of personal data (Art. 9 GDPR) are processed
    • Full control by user (consent, revocation, deletion)

    Schutzmaßnahmen: Implemented safeguards: Encryption in transit and at rest, access control, audit trail for all AI decisions, regular security audits, data processing agreements with all service providers.

    DPIA conducted: December 2025

    Next review: December 2027 or upon material changes

    Complete DPIA documentation available upon request: [email protected]

    Data Retention (Art. 13(2)(a) GDPR)

    • Assessment data: 3 years after last contact (reference date: Dec 31 of following year) or until deletion request
    • Contact form data: 3 years after processing the inquiry (reference date: Dec 31 of following year)
    • Analytics data: 14 months (Google Analytics standard, automatic deletion)
    • Booking data: According to legal retention requirements (up to 10 years for tax-relevant data per German fiscal code)

    Retention period is determined by necessity for processing purpose and legal retention requirements. Deletion occurs at year-end after retention period expires.

    Your Rights (GDPR Chapter III)

    • Right to access (Art. 15) - Receive a copy of your stored data
    • Right to rectification (Art. 16) - Correction of inaccurate data
    • Right to erasure (Art. 17) - 'Right to be forgotten'
    • Right to restriction of processing (Art. 18)
    • Right to data portability (Art. 20) - Receive your data in machine-readable format
    • Right to object (Art. 21) - Object to processing based on legitimate interests
    • Right to withdraw consent (Art. 7(3)) - At any time without giving reasons
    • Right to lodge complaint with supervisory authority (Art. 77) - Competent: State Commissioner for Data Protection Lower Saxony

    Competent Supervisory Authority

    State Commissioner for Data Protection Lower Saxony

    Prinzenstrasse 5, 30159 Hannover, Germany

    Phone: +49 511 120-4500

    Email: [email protected]

    https://lfd.niedersachsen.de

    Contact for Data Protection Inquiries

    Email: [email protected]

    Subject: 'Data Protection Inquiry'

    Response time: Maximum 30 days per GDPR Art. 12(3)

    To process your request, I may require proof of identity.

    Changes to this Privacy Policy

    I reserve the right to adapt this privacy policy to comply with changed legal requirements or changes to the service and data processing. The current version can always be found on this page.