Privacy Policy

Protecting your personal data is particularly important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TMG). In this privacy notice we inform you about the most important aspects of data processing in the context of our website.

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection provisions, is:

We are not legally obliged to appoint a data protection officer. If you have any questions about data protection, you can contact us directly:

Email: info@vonaxai.com

You have the following rights with regard to the personal data concerning you:

Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data. The competent supervisory authority is:

Many data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time. The lawfulness of the data processing carried out before the withdrawal remains unaffected by the withdrawal.

An informal message by email is sufficient for the withdrawal: info@vonaxai.com

6.1 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) (f) GDPR.

Retention period: The data is automatically deleted after 30 days.

6.2 Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and that save certain settings and data for exchange with our system via your browser.

Types of cookies:

• Strictly necessary cookies: required for the operation of the website and cannot be deactivated. Specifically: vonaxai_consent (stores your cookie consent, lifetime 365 days).
• Analytics cookies: help us understand how our website is used. Specifically: Google Analytics 4 (_ga, _ga_*, _gid, lifetime 2 years).
• Marketing cookies: used for measurement and retargeting of our advertising campaigns. Specifically: Meta Pixel (_fbp, _fbc, lifetime 90 days), Google Ads (_gcl_au, lifetime 90 days).

Legal basis: Strictly necessary cookies are set on the basis of Art. 6 (1) (f) GDPR in conjunction with § 25 (2) TDDDG. All other cookies are only set with your consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG).

If you send us enquiries via the contact form or by email, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

Data collected in the contact form:

• Name (required)
• Company name (optional)
• Email address (required)
• Phone number (optional)
• Industry (optional)
• Message and further details (optional)

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest).

Retention period: The data remains with us until you ask us to delete it, withdraw your consent, or the purpose ceases to apply. Statutory retention periods remain unaffected.

This website is hosted externally. The personal data collected on this website is stored on the servers of the host.

Hosting provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider. The data transfer is based on the EU-U.S. Data Privacy Framework.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in an efficient and secure provision of the website).

We have concluded data processing agreements (DPAs) pursuant to Art. 28 GDPR with our service providers. This ensures that they only process your personal data on our instructions and in compliance with the GDPR.

Insofar as we process data in a third country, this only takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the Data Privacy Framework) or compliance with officially recognised special contractual obligations (so-called standard contractual clauses).

Unless a more specific retention period has been stated, your personal data remains with us until the purpose for the data processing ceases to apply. In the event of a justified request for deletion or a withdrawal of consent, your data will be deleted, provided there are no other legally permissible reasons (e.g. tax or commercial retention periods).

For security reasons, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

We hereby object to the use of contact data published within the framework of the imprint obligation for sending advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information.

To measure the effectiveness of our marketing campaigns and to display relevant advertising, we use the services described below. They are used exclusively with your express consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG, which you grant via our cookie banner and can withdraw at any time.

14.1 Meta Pixel (Facebook Pixel)

We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland; "Meta") on our website. The pixel allows us to measure the effectiveness of our advertising campaigns on Facebook and Instagram and to address visitors to our website with relevant ads (remarketing).

Data processed: IP address (truncated), browser type, pages visited, timestamp, cookie identifiers (_fbp, _fbc), click identifier when accessed via a Facebook ad (fbclid), interactions with our lead enquiry (industry, situation, city — no plain-text names or emails in the pixel).

Advanced Matching parameters: When you submit our lead form, your email address, phone number (if provided) and city are additionally hashed irreversibly using SHA-256 and transmitted to Meta. Meta matches these hashes with its own hashed user data in order to attribute conversions to your account. Plain-text data is never transmitted.

14.2 Meta Conversions API (server-side tracking)

In addition to the client-side pixel, we transmit conversion events (e.g. a successful lead form completion) directly from our server to Meta via the Meta Conversions API. Purpose: measurement even when browser-side trackers are blocked (e.g. by ad blockers or iOS 14.5 restrictions). The client and server event carry the same event ID; Meta deduplicates automatically so that each conversion is counted only once.

Data transmitted server-side: hashed email/phone/city (SHA-256), IP address, user agent, _fbp/_fbc cookie values, event timestamp, event ID, event category (e.g. industry). No plain-text PII.

14.3 Consent Mode v2

If you decline marketing cookies, we signal the status revoke to Meta via "Consent Mode v2". In this case no cookies are set, no personal data is transmitted, and no Advanced Matching is carried out. Only aggregated, anonymised pings without user identifiers are sent, from which Meta derives statistical modelling. Attribution to you as a person is excluded.

Without your consent, no pixel cookies (_fbp, _fbc) are stored or read on your device.

14.4 Google Analytics 4

We use Google Analytics 4 of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") for the statistical analysis of website usage. IP anonymisation is enabled (anonymize_ip: true). Data processed: truncated IP address, browser type, referrer, dwell time, interactions. Used only with your consent.

14.5 Third-country transfer

Meta and Google process data in the USA. The transfer is based on the EU-U.S. Data Privacy Framework (EU Commission adequacy decision of 10 July 2023) and the EU standard contractual clauses (Art. 46 (2) (c) GDPR).

14.6 Retention periods

• Pixel cookies (_fbp, _fbc): 90 days
• Analytics cookies (_ga, _ga_*): 2 years
• Event and conversion data at Meta/Google: in accordance with their policies (usually 25 months)
• Consent record (vonaxai_consent): 365 days

14.7 Withdrawal and further information

You can withdraw your consent at any time — change your settings here:

Further information on data processing by the providers can be found in their privacy policies: Meta Privacy Policy · Google Privacy Policy.

This privacy policy is currently valid and dated June 2026. As our website develops, or due to changed legal requirements, it may become necessary to amend this privacy policy. The respective current version can be accessed at any time on the website under "Privacy".

In the context of our B2B business development, we process personal data that we have not collected directly from the data subject. We inform you transparently about this in accordance with Art. 14 GDPR.

The emails we send as part of our cold-outreach campaign contain a preview GIF of a Loom video, which is loaded from servers of Loom Inc. (USA) when the email is opened. This transmits your IP address and your user agent to Loom.

Provider: Loom Inc., 100 1st St, San Francisco, CA 94105, USA. Third-country guarantee via standard contractual clauses (SCC).

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR) in the preview of the explainer video for business development. We explicitly point out the Loom embedding in every email (see the compliance footer).

Avoiding the tracking: Most email programs allow you to block external images. You can enable this in the settings of your email client.

This English privacy policy is provided for convenience. The legally binding version is the German Datenschutzerklärung, available at vonaxai.com/datenschutz.