Privacy Policy

Nodus Nexus GmbH
Represented by Managing Directors Daniel Nisen and Sammy Gounden
Holtorfer Straße 35
53229 Bonn, Germany

Tel.: +49 1709054938
Email: info@nodusnexus.de

We welcome you to our website. The protection of your data is very important to us. Below we explain how we process your personal data.

Our website can generally be used without providing personal data.

However, we note that access data is collected and stored in server log files even in this case. This data includes in particular:

• Browser type / browser version,
• Operating system,
• The website from which you visited us,
• Date and time of the visit,
• Your IP address.

We generally evaluate this information in anonymised form to defend against attacks and improve our services (processing of personal data within the framework of a balancing of interests pursuant to Art. 6 Para. 1 lit. f GDPR) and then delete it. The data is generally not attributable to your person and is not merged with other data.

In the event of concrete indications of unlawful use, we reserve the right to subsequently evaluate the data.

As a general rule, we process the personal data that is transmitted in connection with your use of our website or that you provide to us in the context of an enquiry, pre-contractual relationship, or contractual relationship. In individual cases and where necessary for contract fulfilment, we also process personal data lawfully obtained from publicly accessible sources (e.g. commercial register, debtor directories, internet) or lawfully transmitted to us by third parties (e.g. credit agencies).

This may include technical data (IP address, browser type, operating system), personal details (name, email address, contact person) and communication data (correspondence, email traffic).

In individual cases, we obtain your consent for specific purposes expressly stated in connection with data collection.

Data processing in these cases takes place exclusively on the basis of your consent. Processing your request may not be possible without your consent and may therefore depend on it. Data is processed exclusively for the explicitly stated purposes.

You may withdraw consent you have given at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Where a contract is being prepared or concluded in connection with your contact via our website, we use the personal data transmitted for this purpose to the extent necessary for the performance of pre-contractual measures.

We process personal data on the basis of a balancing of interests where this is necessary to protect our interests or the interests of third parties.

Examples of such purposes include:

• Ensuring IT security and the integrity of our systems,
• Prevention or investigation of criminal offences,
• Assertion or defence of legal claims.

When you contact us by email or telephone, we process the personal data you provide in order to respond to your enquiry. The legal basis is generally Art. 6 Para. 1 lit. b GDPR; exceptionally, where there is no contractual relationship, Art. 6 Para. 1 lit. f GDPR, with the legitimate interest being the proper handling of your enquiry. We delete the data after final processing of your enquiry, unless a contractual or statutory retention obligation exists.

If you send us an enquiry via our contact form, we process the data you provide on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR in order to handle your request. Your data is generally deleted after the enquiry is processed, unless a contractual or statutory retention obligation exists. Where you communicate contractually relevant information, we transfer this to our customer records system.

You may withdraw your consent at any time with effect for the future using any of the contact details provided.

When you visit our website, various cookies may be used. These are text files placed on your computer that, among other things, enable smooth browsing of our website.

Some cookies are necessary to guarantee the functionality or IT security of our website. Such functional cookies are used on the basis of a legitimate interest in enabling the use of our website including its functions pursuant to Art. 6 Para. 1 lit. f GDPR. Processing in these cases also complies with § 25 Para. 2 No. 2 TDDDG.

Further — non-essential — cookies may be used on the basis of Art. 6 Para. 1 lit. a GDPR, i.e. on the basis of your consent. Purposes of the cookies used may include:

• Enabling the use of special functions,
• (Pseudonymised) analysis of usage behaviour to optimise our website,
• Enhancing the attractiveness and ease of use of our website,
• Improving and tailoring our services.

Currently we use only one technically necessary cookie (cookie consent), which stores your selection in the cookie banner. This cookie is deleted when you close the browser or withdraw your consent. No marketing, tracking, or other non-essential cookies are used.

Cookies on our site are used exclusively by us and not by third parties, with the exception of third-party cookies expressly mentioned in this Privacy Policy.

You can give your consent by confirming our cookie banner when you visit our website. Consent given can be withdrawn at any time with effect for the future. You can adjust your cookie settings here at any time. Further information on the specific cookies we use is also available there.

We use the following cookies:

We use Cloudflare Web Analytics on our website, a privacy-friendly web analytics service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.

Data Categories Processed

Cloudflare Web Analytics collects only aggregated, non-personal statistics:

• Aggregated page views
• Referrer URL (referring page)
• Approximate country of origin (derived from anonymised IP address; IP is not stored)
• Device type and browser type

There is no individual user tracking. Cloudflare Web Analytics sets no cookies and uses no fingerprinting. No persistent user profiles are created.

Legal Basis

Processing is based on Art. 6 Para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is measuring website reach to improve our services. Since only anonymised, aggregated data is collected and no cookie or fingerprint tracking takes place, the interests of data subjects do not override ours.

Retention Period

Aggregated statistics are stored in a rolling 30-day window and automatically deleted after this period.

International Transfer

Data is transferred to Cloudflare, Inc. (USA). The basis for this international transfer is the EU Commission's adequacy decision on the EU–U.S. Data Privacy Framework (DPF), which Cloudflare has joined.

Opt-Out

Since Cloudflare Web Analytics sets no cookies and performs no individual tracking, a traditional opt-out is not required. Users can prevent the analytics script from loading by enabling the "Do Not Track" setting in their browser or using an ad blocker. Cloudflare Web Analytics respects the DNT signal.

Provider's Privacy Policy

For more information on data processing by Cloudflare, see: https://www.cloudflare.com/privacypolicy/

We do not use any social plugins on our website.

We disclose data to other third parties where and to the extent we have delegated tasks to them. Data is only disclosed to the extent necessary for the performance of those tasks.

Service providers may be engaged in the following areas, for example:

• IT maintenance
• IT development
• IT provision
• Legal services

Data disclosure is always based on a statutory provision or a suitable contract pursuant to Art. 26 or 28 GDPR, which ensures compliance with all data protection requirements.

Otherwise, data is only disclosed in the cases provided for by law, for example in the case of a statutory disclosure obligation to law enforcement authorities. Disclosure in these cases is authorised by Art. 6 Para. 1 lit. c GDPR.

Data transfers to a third country are intended. Such transfers are made on the basis of your consent and on the basis of Standard Contractual Clauses issued by the EU Commission. Recipients of the data are the following companies:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Webflow Inc., 398 11th St, San Francisco, CA 94103, USA
• Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

Where personal data is transferred to a third country, we ensure compliance with data protection requirements by basing such transfers on Standard Contractual Clauses and/or obtaining your consent pursuant to Art. 49 Para. 1 lit. a GDPR.

A data transfer takes place, for example, in connection with the use of Google services. Due to the use of these services, data is transferred to the United States of America.

Data transfer only takes place if you give us your consent.

The specific recipient, the personal data transferred, and the purpose of the data disclosure can be found in the information on the respective processing above.

Due to the data transfer, there may be a risk to your personal data. For data transfers to the United States, an adequacy decision of the EU Commission exists, which generally ensures an adequate level of data protection. In addition, depending on the service, Standard Contractual Clauses are also partly used to achieve the greatest possible protection for your data.

You may withdraw consent you have given at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Your personal data is deleted by us as soon as it is no longer needed for the fulfilment of contractual and statutory obligations or for the exercise of our legitimate interests.

Personal data in the context of a contractual relationship is retained for at least as long as necessary to fulfil contractual obligations and exercise contractual rights. This period may extend beyond the actual contract term, since data may still be relevant after the contract ends within limitation periods. Deletion may also only occur after applicable tax and commercial law retention periods have expired.

The criteria for the retention period for cookies can be found in the relevant section.

As a person affected by the processing of personal data, you have the following rights:

You have the right to request confirmation as to whether personal data is being processed. If so, you have the right of access to the personal data and the information listed individually in Art. 15 GDPR.

You have the right to request that the controller immediately rectify inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

You have the right to request that the controller erase personal data concerning you without undue delay where one of the grounds listed individually in Art. 17 GDPR applies, e.g. where the data is no longer required for the purposes for which it was collected (right to erasure).

You have the right to request the controller to restrict processing where one of the conditions listed in Art. 18 GDPR is met, e.g. where you have objected to the processing, for the duration of the controller's review.

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us, where the processing of that data is based on your consent or a contract and the processing is carried out by automated means (Art. 20 GDPR). In exercising the right to data portability, you have the right to request that personal data be transmitted directly from us to another controller, to the extent technically feasible (right to data portability).

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on our legitimate interests. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defence of legal claims (Art. 21 GDPR).

To exercise your rights, you may contact us at any time using the contact details provided on our website.

We do not engage in direct marketing via our website. Personal data that you transmit to us via the contact form or by email is used exclusively to process your enquiry.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR). You may exercise this right with a supervisory authority in the member state of your habitual residence, place of work, or the place of the alleged infringement. In North Rhine-Westphalia, the competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit).

More information is available at: www.ldi.nrw.de

Of course, you may also contact us directly if you are dissatisfied or have questions about data protection. You can reach our internal data protection contact most quickly at the contact details provided above.

We do not use processes involving fully automated decision-making or profiling pursuant to Art. 22 GDPR.

There is generally no obligation to provide data. However, providing data may be required to use certain functions or to conclude a contract. If you do not provide the required data, you may not be able to use certain functions or services, or a contract may not be concluded.

This Privacy Policy is current as of April 2026.

We reserve the right to update this Privacy Policy as needed to adapt to legal and technical developments or in connection with new services or products. Should we change our privacy practices, we will post the updated policy directly on our homepage.