// LEGAL valexcon GmbH · PLM ENGINEERING
Legal

Privacy policy

We take the protection of your data on our website very seriously and are committed to protecting your personal data in accordance with applicable law (in particular the GDPR). This policy describes which data we collect, how we use it and with whom we share it.

Controller

valexcon GmbH
Odenwaldweg 6, 84048 Mainburg, Germany
Phone: +49 8751 841829
Email: kontakt@valexcon.de
Managing directors: Ralph Müller, Sébastien Chaumiole, Heinrich Fritz, Tobias Jost

Data collected

Non-personal data: non-identifiable technical and aggregated usage information arising from the use of our services.

Personal data: individually identifiable information such as name, email address, postal address, phone number and IP address.

Methods of collection

  • Technical access data generated automatically when the website is called up (server log files)
  • Information you provide directly when you contact us (e.g. by email)

Purposes of processing

  • Provision, secure operation and delivery of the website
  • Preventing and analysing technical faults and ensuring IT security
  • Handling your enquiries and contact requests

Hosting – Cloudflare Pages

This website is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) using the “Cloudflare Pages” service, including its global content delivery and security network (CDN). When you access the site, Cloudflare processes technically required connection data (in particular your IP address) in order to deliver the content and protect it against attacks (e.g. DDoS). The legal basis is our legitimate interest in secure and efficient provision (Art. 6(1)(f) GDPR).

A data processing agreement (Art. 28 GDPR) is in place with Cloudflare. Where data is transferred to the USA, this takes place on the basis of the EU Standard Contractual Clauses and – where applicable – the EU-US Data Privacy Framework.

Server log files

Each time the site is accessed, information transmitted by your browser is automatically recorded in server log files: browser type and version, operating system, referrer URL, date and time of access, and the IP address. This data is technically necessary, is not combined with other data sources and is used solely to deliver and secure the website. Legal basis: Art. 6(1)(f) GDPR.

Reach measurement (own, cookieless statistics)

To design our offering in line with demand, we compile privacy-friendly, aggregated statistics about how our website is used. No cookies are set and no cross-device tracking takes place.

For each page view we record: the page accessed, the source/referrer (e.g. search engine, social network or referring website), approximate location data provided by Cloudflare (country, region, city), device type, browser, operating system and language. Clicks on key buttons (e.g. “Contact” or submitting a form) are also counted as anonymous events.

Your IP address is not stored. To distinguish repeat views within a single day, we derive a non-reversible check value (hash) from your IP address, the browser identifier (user agent) and a secret random value that changes daily. Because the random value rotates every day, recognition beyond that day is technically impossible; no conclusions about your identity can be drawn.

The aggregated data collected in this way is stored in a database (Cloudflare D1) within the Cloudflare infrastructure and deleted after no more than 14 months. The legal basis is our legitimate interest in the statistical analysis and demand-oriented design of website usage (Art. 6(1)(f) GDPR). As no information is stored on or read from your device, no consent under Section 25 TDDDG is required.

You can object to the reach measurement at any time by enabling the “Do Not Track” or “Global Privacy Control” setting in your browser; in that case no data is collected.

Fonts

Fonts are served exclusively locally from our server (or the CDN). There is no connection to Google Fonts or any other external font provider; in particular, your IP address is not transmitted to third parties for this purpose.

Contacting us

The contact form on our website does not transmit data to a server; instead, it opens your local email program pre-filled with the details you entered (“mailto”). When you contact us by email (or form), we process the data you submit (e.g. name, email address, content of your enquiry) to handle your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (handling enquiries). The data is deleted as soon as it is no longer required for the purpose and no statutory retention obligations apply.

Cookies, local storage and consent

We only use technologies that are strictly necessary to operate the website. Non-essential cookies or comparable technologies (e.g. for statistics or marketing) are only used with your explicit consent in accordance with Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.

Strictly necessary (no consent required, Section 25(2) TDDDG): To store your privacy choice, we place an entry in your browser’s local storage (key vx-consent). This means we do not have to ask you again on every visit. The entry contains only your selection and a timestamp and is not transmitted to us or any third party.

Statistics / marketing & external media: Beyond the cookieless reach measurement described above (based on legitimate interest, without storing your IP address), we do not use any consent-requiring statistics or marketing technologies. Should we integrate such services in the future, they will only be loaded after you have given your consent via our consent banner.

Withdrawal: You can withdraw or adjust any consent given at any time with effect for the future – via the “Cookie settings” link in the footer.

Storage & retention

Data is retained for as long as necessary to provide the services, fulfil legal and contractual obligations and resolve disputes.

Data security

Data is stored on secured servers behind a firewall with HTTPS access. However, absolute protection cannot be guaranteed. Please use secure passwords and do not transmit confidential information via email or instant messaging.

Your rights (EU)

  • Withdraw consent you have given
  • Obtain information about processing and access to your data
  • Data portability (structured format)
  • Rectification of inaccurate data
  • Erasure of your data
  • Object to processing and request restriction of processing
  • Lodge a complaint with a supervisory authority

Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18, 91522 Ansbach, Germany
Phone: +49 981 180093 0 · Email: poststelle@lda.bayern.de
www.lda.bayern.de

International data transfer

A transfer of personal data to a third country takes place in the context of hosting by Cloudflare (see above). For such transfers outside the EEA, we ensure an adequate level of protection through appropriate safeguards (in particular the EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework).

Changes to this policy

This privacy policy may be revised; the version published on the website is always the current one.

Last updated: 29 June 2026