dynexo
Book a call
Back to Home

Privacy policy.

TL;DR. Privacy per GDPR. We process as little as possible. EU data residency standard. No tracking, no newsletter without consent. Sub-processor list public. Detailed inquiries under NDA.

1. Data controller

dynexo GmbH, Willy-Brandt-Platz 19, 38102 Braunschweig, Germany. Email: hallo@dynexo.de.

2. Data protection officer

We have appointed an external data protection officer. Contact: hallo@dynexo.de with subject "DPO".

3. Data collection and processing on website visits

When you visit our website, we automatically collect the following information (server logs):

  • IP address of the requesting device (shortened after 14 days)
  • Date and time of the request
  • Requested URL
  • Data transferred
  • HTTP status message
  • Referer (if provided by browser)
  • User-Agent string

Legal basis: Art. 6(1)(f) GDPR (legitimate interest — secure and stable operation of the website). Retention: maximum 14 days; thereafter IP addresses are shortened or deleted.

4. Cookies and comparable technologies

We do not use tracking cookies. No third-party scripts are active on the website (no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag). Language settings use an optional localStorage entry — no transmission to third parties.

5. Forms and lead capture

When you use the mandate configurator or direct contact form, we process your entered data solely for handling your inquiry and any follow-up communication.

Data processed:

  • Name, company, role, email address (required fields)
  • Phone number (optional)
  • Selections from the configurator (trigger, mandate size, operating model)
  • Optionally: business area, tenant size

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures upon request). Retention: maximum 24 months after last contact, then deletion or pseudonymization. We use this data exclusively for responding and quote generation — no newsletter, no automated marketing.

6. Processors and sub-processors

A complete list of our sub-processors is publicly available at /en/privacy/sub-processors/. Machine-readable variant: /.well-known/sub-processors.json. For active clients, the full list is part of the Data Processing Addendum.

7. Data transfer to third countries

Standard data residency: Germany / EU. Third-country transfer occurs only if (a) the client has explicitly consented and (b) we have conducted EU Standard Contractual Clauses and Transfer Impact Assessments. US sub-processors are only used if transferred data is not personal or sensitive.

8. Your rights as a data subject

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)
  • Lodge a complaint with your supervisory authority (Art. 77 GDPR)

The competent supervisory authority for dynexo GmbH is the State Commissioner for Data Protection of Lower Saxony.

Submit requests for data subject rights to hallo@dynexo.de with subject "GDPR Request". We respond within the statutory period of one month.

9. Data security

We implement technical and organizational measures (TOMs) per Art. 32 GDPR. Key measures:

  • TLS 1.3 for all transfers
  • AES-256 for data at rest
  • Audit log for every client operation
  • Clear access separation (RBAC + network segmentation)
  • Annual penetration testing

Detailed TOMs are provided with the Data Processing Addendum.

10. Changes to this privacy policy

This privacy policy is updated when our processing practices change. Active clients are notified in writing of material changes.

Last updated: 2026-05-27.

Next step

Questions on legal topics?

Write to hallo@dynexo.de or use the contact form on the pricing page.

Contact form Imprint