Privacy Policy

Last Updated: 15th January 2026

Introduction

Zyphorix AG ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable European data protection laws.

Data Controller Information

The data controller responsible for your personal information is:

Data Collection

We collect personal data that you provide directly to us and information that is automatically collected when you use our website. The data we collect includes:

• Contact Information: Name, email address, phone number, company details when you contact us or request our services
• Communication Data: Messages, enquiries, and correspondence you send to us
• Technical Data: IP address, browser type, device information, operating system, and website usage data
• Usage Data: Information about how you interact with our website, pages visited, time spent, and navigation patterns
• Marketing Data: Your preferences for receiving marketing communications and your communication preferences

How We Use Your Information

We use your personal data for the following purposes, based on the legal grounds specified:

• Service Provision: To provide our finance governance consulting services and respond to your enquiries (Legal basis: Contract performance and legitimate interests)
• Communication: To communicate with you about our services, respond to your questions, and provide customer support (Legal basis: Contract performance and legitimate interests)
• Website Improvement: To analyse website usage, improve our services, and enhance user experience (Legal basis: Legitimate interests)
• Marketing: To send you relevant marketing communications about our services, with your consent (Legal basis: Consent)
• Legal Compliance: To comply with legal obligations and protect our legitimate business interests (Legal basis: Legal obligation and legitimate interests)
• Security: To protect our website, systems, and users from security threats and fraudulent activities (Legal basis: Legitimate interests)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our website and providing our services
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with any merger, acquisition, or sale of business assets
• Protection of Rights: To protect our rights, property, safety, or that of our users or others

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally, we retain contact and communication data for up to 7 years for business and legal compliance purposes. Website usage data and cookies are typically retained for shorter periods as specified in our Cookie Policy. You may request deletion of your personal data at any time, subject to our legal obligations.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: To request copies of your personal data
• Right to Rectification: To request correction of inaccurate or incomplete data
• Right to Erasure: To request deletion of your personal data
• Right to Restrict Processing: To request limitation of how we process your data
• Right to Data Portability: To request transfer of your data in a structured format
• Right to Object: To object to processing of your personal data
• Right to Withdraw Consent: To withdraw consent for processing based on consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure data transmission, access controls, and regular security assessments. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us at:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In Germany, you can contact your local data protection authority or the Federal Commissioner for Data Protection and Freedom of Information (BfDI).