Legal · Privacy

Privacy Notice

Last updated: 26 June 2026  ·  ORDYX Group, Frankfurt am Main, Germany  ·  Governed by German & EU law (GDPR) · Applicable to visitors worldwide

ORDYX Group (“ORDYX”, “we”, “us”, or “our”) is committed to protecting your personal data and processing it responsibly, transparently, and in line with applicable privacy and data protection laws — in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

This Privacy Notice explains what personal data we collect when you visit www.ordyxgroup.com (the “Website”) or contact us, why we collect it, how we use and share it, how long we keep it, and the rights and choices available to you. Our Website is accessible globally; this Notice therefore addresses the rights of visitors located both inside and outside the European Economic Area (EEA).

At a glance
Contents
Section 01

Who We Are (Data Controller)

The controller responsible for the processing of personal data described in this Notice, within the meaning of Article 4(7) GDPR, is:

ORDYX Group
Frankfurt am Main, Germany
Website: www.ordyxgroup.com
Privacy contact: via our secure contact form

Where you have an existing client, supplier, or contractual relationship with us, additional or more specific privacy terms agreed with you in that context will also apply to the processing carried out under that relationship.

Section 02

Scope of This Notice

This Notice applies to personal data we process in connection with:

This Notice does not apply to third-party websites or services that you may reach via links from our Website (see Section 14). Their processing is governed by their own privacy policies.

Section 03

Personal Data We Collect

3.1 — Information you provide to us

We collect personal data that you choose to share with us, primarily when you complete the application/contact form on our Website. This includes:

If you contact us through our AI assistant (see Section 06), we also process the content of the messages — and, where you use voice, the audio input — that you provide during that conversation.

3.2 — Information collected automatically

When you access our Website, certain technical data is processed automatically by our hosting provider for security and stable operation. This may include your IP address, browser type and version, operating system, referring URL, and the date and time of access (server log data). This information is used for technical administration and protection against misuse, and is not combined with other data to identify you personally.

In addition, when your browser loads the web fonts used to display our Website, your IP address is transmitted to the font provider (see Section 07).

3.3 — What we do not collect or do

We do not use web analytics, advertising cookies, tracking pixels, social media tracking, or cross-site profiling tools. We do not build behavioural profiles, we do not engage in automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR, and we do not collect special categories of personal data.

Section 04

How & Why We Use Your Data (Purposes and Legal Bases)

We process your personal data only for clearly defined purposes and only where we have a valid legal basis under Article 6(1) GDPR:

Responding to your enquiry and assessing a potential engagement
Art. 6(1)(b) GDPR — pre-contractual measures taken at your request; and Art. 6(1)(f) GDPR — our legitimate interest in handling legitimate business enquiries.
Operating, securing, and maintaining the Website (including server logs)
Art. 6(1)(f) GDPR — our legitimate interest in a secure, stable, and functional website.
Providing and improving the AI assistant where you choose to use it
Art. 6(1)(f) GDPR — our legitimate interest in offering a responsive support channel; and, where applicable, Art. 6(1)(a) GDPR — your consent.
Complying with legal obligations and retaining records where required
Art. 6(1)(c) GDPR — compliance with a legal obligation to which we are subject (e.g. commercial and tax law).
Establishing, exercising, or defending legal claims
Art. 6(1)(f) GDPR — our legitimate interest in protecting our rights.

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. Where we rely on consent, you may withdraw it at any time with effect for the future.

Section 05

Cookies & Similar Technologies

Our Website is intentionally lightweight. We do not use advertising or analytics cookies. We use only what is strictly necessary to deliver and secure the Website, and functional storage that may be set by the embedded AI assistant when you choose to interact with it (for example, to maintain the state of your conversation).

Because we set no non-essential tracking cookies, we do not display a tracking-consent banner. You can control or delete cookies and local storage at any time through your browser settings; restricting essential or functional storage may affect parts of the Website (such as the AI assistant).

Section 06

AI Assistant (Voice & Chat)

Our Website features an embedded AI assistant, provided by JotForm Inc. (United States), which allows you to ask questions about ORDYX via text or voice. Use of the assistant is entirely optional.

When you interact with the assistant, the content of your conversation — and, if you use the voice function, your audio input — is processed by JotForm on our behalf in order to understand your request and generate a response. We use this only to assist you and to improve the quality of our responses. Please do not enter confidential, sensitive, or special-category personal data into the assistant. If your enquiry is substantive, we recommend using our contact form instead.

Section 07

How We Share Your Data (Recipients & Processors)

We do not sell, rent, or trade your personal data. We share it only with a limited number of carefully selected service providers who process it strictly on our instructions as processors under Article 28 GDPR, and only to the extent necessary to operate the Website and respond to you:

We may also disclose personal data where required to comply with applicable law, a court order, or a lawful request from a competent authority, or where necessary to establish, exercise, or defend legal claims. Should our business be reorganised, merged, or transferred, personal data may be disclosed to the relevant party subject to this Notice and applicable law.

Section 08

International Data Transfers

Some of our service providers are located in, or process data in, countries outside the EEA — in particular the United States. Where personal data is transferred to such countries, we ensure an adequate level of protection through appropriate safeguards under Chapter V GDPR. These include the European Commission’s Standard Contractual Clauses (SCCs) and, where the recipient is certified, the EU–U.S. Data Privacy Framework, together with supplementary technical and organisational measures where appropriate.

You may request further information about the safeguards we apply through our contact form.

Section 09

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or for as long as required by law:

Section 10

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration, in line with Article 32 GDPR. These include encryption of data in transit (HTTPS/TLS), strict security response headers, access controls limiting who can view submissions, and engaging service providers who maintain recognised security standards. No method of transmission over the internet is entirely secure, but we work to protect your data using measures appropriate to the risk.

Section 11

Your Privacy Rights

11.1 — Rights under the GDPR (EEA / UK)

If you are located in the EEA or the United Kingdom, you have the following rights regarding your personal data:

11.2 — Visitors in other regions (including California)

Because our Website is accessible worldwide, we extend comparable choices to visitors outside the EEA as a matter of good practice. In particular, residents of California and similar jurisdictions may request to know what personal data we hold, request its deletion or correction, and are assured that we do not sell or “share” personal data as those terms are defined under applicable privacy laws (e.g. the CCPA/CPRA). We do not discriminate against you for exercising any privacy right.

11.3 — How to exercise your rights

To exercise any of these rights, please submit a request through our contact form. We will respond within the timeframe required by applicable law (generally within one month under the GDPR). We may need to verify your identity before fulfilling a request.

Section 12

Complaints & the Right to Lodge with a Supervisory Authority

If you have a concern or complaint about how we handle your personal data, we encourage you to contact us first through our contact form so we can try to resolve it directly.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your residence, place of work, or the place of the alleged infringement. Our competent lead supervisory authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany
Website: datenschutz.hessen.de

Section 13

Children’s Privacy

Our Website and services are directed at businesses and professionals and are not intended for children. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it.

Section 14

Links to Third-Party Websites

Our Website may contain links to external websites and platforms operated by third parties (for example LinkedIn, Instagram, and Facebook). We have no control over, and accept no responsibility for, the content or privacy practices of those sites. We encourage you to review the privacy policy of any third-party website you visit.

Section 15

Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes to our practices, our Website, or legal and regulatory requirements. The current version is always available on this page, and the “Last updated” date above indicates when it was most recently revised. Where changes are material, we will take reasonable steps to make them prominent.

Section 16

How to Contact Us

Questions, requests, or complaints?

For any privacy matter — including exercising your rights, asking about our processing, or raising a complaint — please reach us through our secure contact form. We deliberately do not publish a public email address; the form ensures your request reaches the right people directly and securely.

Open the Contact Form →