pmX Group - Privacy Policy

This data protection declaration informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”). Regarding the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

pmX GmbH
Kegelenstr. 3
70372 Stuttgart
Germany

Managing Director: Iyad El-Khatib
Email: info@pmx-group.com

Types of Processed Data

– Inventory data (e.g., names, addresses)
– Contact data (e.g., email, telephone numbers)
– Content data (e.g., text input, photographs, videos)
– Usage data (e.g., websites visited, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offer (hereinafter collectively referred to as “users”).

Purpose of Processing

– Provision of the online offer, its functions, and content
– Responding to contact requests and communicating with users
– Security measures
– Range measurement and marketing (if applicable)

Legal Basis of Processing

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. Unless the legal basis is stated specifically, the following applies:
– Consent: Art. 6(1)(a) GDPR
– Performance of contracts or pre-contractual measures: Art. 6(1)(b) GDPR
– Legal obligations: Art. 6(1)(c) GDPR
– Legitimate interests: Art. 6(1)(f) GDPR

Security Measures

We take appropriate technical and organizational measures pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk. These measures include safeguarding the confidentiality, integrity, and availability of data by controlling access to data, as well as procedures for ensuring rights of data subjects, data deletion, and response to data breaches.

Cooperation with Processors and Third Parties

Insofar as we disclose, transmit, or otherwise grant access to data to other persons and companies (processors or third parties), this is done on the basis of:
– A legal permission (e.g., performance of a contract, Art. 6(1)(b) GDPR)
– Your consent
– A legal obligation
– Our legitimate interests (e.g., hosting providers)

Where we commission third parties to process data, this is done on the basis of Art. 28 GDPR.

Transfers to Third Countries

If we process data in a third country (outside the EU/EEA) or use third-party services that process data in a third country, this is done only:
– For the performance of our (pre-)contractual obligations
– Based on your consent
– Due to legal obligations
– Based on our legitimate interests

Processing takes place only if the special conditions of Art. 44 et seq. GDPR are met (e.g., adequacy decisions or standard contractual clauses).

Rights of Data Subjects

You have the right:
– To request confirmation of whether data concerning you is being processed and to receive information about such data (Art. 15 GDPR)
– To request rectification of incorrect data or completion of incomplete data (Art. 16 GDPR)
– To request erasure of data (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR)
– To receive your data in a structured, commonly used format (Art. 20 GDPR)
– To lodge a complaint with the competent supervisory authority (Art. 77 GDPR)

Right of Withdrawal

You have the right to withdraw consent granted under Art. 6(1)(a) GDPR at any time with effect for the future.

Right to Object

You may object to the future processing of your data at any time in accordance with Art. 21 GDPR.

We only use cookies that are technically necessary for the operation and security of our website (e.g., session cookies). These cookies do not require prior consent. You can configure your browser to block cookies or to notify you before they are saved. Please note that disabling cookies may restrict the functionality of our website.

Note: If you implement analytics or marketing cookies in the future, this section must be updated and a cookie consent banner implemented.

Deletion of Data

Data processed by us will be deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Data will be deleted when no longer required for their intended purpose and when deletion does not conflict with legal retention obligations. If data is not deleted because it is required for other legally permissible purposes, processing is restricted.

Retention obligations under German law:
– 10 years (§147 AO, §257 HGB)
– 6 years (§257 HGB)

Hosting and Email Delivery

Our website is hosted by:
STRATO AG, Pascalstraße 10, 10587 Berlin, Germany

An order processing agreement has been concluded pursuant to Art. 28 GDPR.

The hosting services used serve the provision of infrastructure and platform services, computing capacity, storage, database services, email delivery, security services, and technical maintenance.

In doing so, we process:
– Inventory data
– Contact data
– Content data
– Usage data
– Meta and communication data

Collection of Access Data and Log Files

We or our hosting provider collect data about every access to the server (server log files) based on our legitimate interests (Art. 6(1)(f) GDPR). Access data includes:
– Name of the accessed website
– File, date, and time of access
– Amount of data transferred
– Notification of successful retrieval
– Browser type and version
– User’s operating system
– Referrer URL
– IP address
– Requesting provider

Log file information is stored for security reasons (e.g., to clarify abuse or fraud) for 7 days and then deleted.

Contact Form and Contact Requests

When you contact us via the contact form, email, telephone, or social media, the following data is collected and processed:
– Name
– Company (optional)
– Job title (optional)
– Email address
– Your message

The processing of this data is based on Art. 6(1)(b) GDPR (performance of pre-contractual measures) or, if your inquiry is of a general nature, Art. 6(1)(a) GDPR (consent).

We store this data for a maximum of 6 months after final processing of your request unless statutory retention periods require longer storage. You are not obliged to provide this data, but without it, we cannot process your request.

By submitting the contact form, you consent to the processing of your personal data for the purposes of handling your request. You can revoke this consent at any time with effect for the future.

Data Protection in the Application Process

We process applicant data only for the purpose of and within the scope of the application procedure in accordance with legal requirements. Applicant data is processed for the fulfillment of our (pre-)contractual obligations within the scope of the application procedure in accordance with Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR insofar as the data processing becomes necessary for us, e.g., within the scope of legal procedures (in Germany, §26 BDSG also applies).

The application procedure requires applicants to provide us with applicant data. The necessary applicant data is marked, if we offer an online form, otherwise results from the job descriptions and basically includes the personal details, postal and contact addresses, and the documents belonging to the application, such as cover letter, resume, and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting their application, applicants consent to the processing of their data for the purposes of the application process as described in this privacy policy. They can revoke this consent at any time.

If the application is successful, the provided data may be processed for the purposes of the employment relationship. Otherwise, it will be deleted after six months, unless legal retention obligations require longer storage.

Business Analyses and Market Research

In order to run our business economically, to recognize market trends and user wishes, we analyze the data we have on business transactions, contracts, inquiries, etc. The processing is based on Art. 6(1)(f) GDPR. The analyses serve only internal purposes and will not be disclosed externally unless they are aggregated and anonymized.

Administration, Financial Accounting, Office Organisation, Contact Management

We process data in the context of administrative tasks, financial accounting, and compliance with legal obligations. Processing is based on Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. The same retention periods apply as described in the “Deletion of Data” section.

Version: July 2025