Privacy Policy

Privacy Policy according to Art. 13 GDPR

1. Data Controller

The data controller for this website is:

nexalign GmbH
Stresemannstraße 23
10963 Berlin, Germany
Email: [email protected]

2. Hosting

Our website is hosted by a hosting provider with servers located in Germany. Personal data is processed exclusively on servers within the EU. We have concluded a data processing agreement with the hosting provider in accordance with Art. 28 GDPR.

3. Collection and Storage of Personal Data When Visiting the Website

When accessing this website, the following data is automatically collected by the web server:

  • IP address (anonymized)
  • Date and time of access
  • Page/URL accessed
  • Referrer URL
  • Browser type and version
  • Operating system

This data is technically necessary to correctly display the website and ensure stability and security.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

4. Cookies

Our website uses only technically necessary cookies. Where applicable, a first-party identifier may be stored to attribute a visit to a known business contact (see Section 8). No third-party cookies and no cross-site tracking are used.

5. Contact Form and Communication

When you contact us via the contact form or email, we process the following data:

  • First name, last name
  • Email address
  • Company name
  • Phone number (optional)
  • Message content

Processing is carried out exclusively to handle your inquiry.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation)

Retention: Up to 6 months after completion of the inquiry.

5a. Demo Booking

When you book a demo via our booking page, we process the following data:

  • Full name
  • Email address
  • Company name
  • Preferred date and time
  • Optional message

This data is used exclusively to schedule and conduct the demo meeting. A confirmation email is sent to the provided email address via our email service provider Resend (Resend Inc., USA). The data transfer is based on the EU-US Data Privacy Framework.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation)

6. Processing of Personal Data in Business Relationships

When you enter into a business relationship with us (e.g., as a customer, partner, or supplier), we process additional personal data:

  • Name, company, position
  • Email address, phone number
  • Contract and invoice data
  • Payment information
  • Communication history

This data is processed for the initiation, execution, and possible termination of a contractual relationship.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract) and Art. 6 para. 1 lit. c GDPR (legal retention obligations)

Further details can be found in our contracts or General Terms and Conditions (GTC).

6a. AI-Assisted Processing in the DecisionOS Application

Within our DecisionOS application, content you enter (for example a decision brief, company context, requirements, or vendor criteria) is processed with the help of AI services to research vendors, structure information, and draft decision documents. For this processing we rely on carefully selected technical service providers (sub-processors) acting on our behalf under data processing agreements.

We limit the data passed to these services to what is necessary for the requested analysis and avoid transmitting directly identifying personal data where it is not required. Some providers may process data on servers outside the European Union; in those cases the transfer is based on appropriate safeguards such as EU Standard Contractual Clauses or a recognized adequacy mechanism. These providers process the content only to deliver the requested functionality, not for their own independent purposes.

Legal basis: Art. 6 para. 1 lit. b GDPR (provision of the service you requested) and Art. 6 para. 1 lit. f GDPR (our legitimate interest in providing useful analysis).

7. Google Fonts

We use Google Fonts locally embedded. No data transfer to Google servers takes place. No personal data is processed in this context.

8. Analysis and Tracking Tools

We use a privacy-friendly, self-hosted analytics tool operated entirely on our own servers in Germany. We deliberately avoid external tracking services such as Google Analytics.

Our analytics tool does not use cookies and does not store any personally identifiable information. In particular:

  • IP addresses are anonymized
  • No cross-site tracking takes place
  • No third-party cookies are set

If you reach our website via a personalised link from one of our communications (e.g., email or campaign link containing an opaque identifier), or if you submit one of our contact or booking forms, your visit may be associated with the corresponding business-contact record on a pseudonymous basis. This allows us to understand which content is relevant to existing contacts and to communicate more relevantly. The identifier is stored as a first-party cookie and corresponding entry in our analytics database; no profile data is shared with third parties.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in website optimisation and relevant business communication with existing and prospective contacts).

Right to object: You may object to this processing at any time with effect for the future by sending a short note to [email protected]. Upon receipt we will remove the association and stop linking further visits to your contact record.

9. Your Rights as a Data Subject

You have the following rights under GDPR:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Please send inquiries to: [email protected]

10. Right to Complain

You have the right to lodge a complaint with a supervisory authority. The competent authority is, for example:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61
10555 Berlin, Germany
Web: https://www.datenschutz-berlin.de

11. Data Security and Technical-Organizational Measures

To protect the security of your data during transmission, we use SSL/TLS encryption (Secure Socket Layer/Transport Layer Security).

We implement technical and organizational measures (TOMs) according to the state of the art in accordance with Art. 32 GDPR to ensure the security of the data we process. This includes measures for pseudonymization, encryption, confidentiality, integrity, and availability of data.

12. Updates to This Privacy Policy

Last updated: April 2026

We reserve the right to update this privacy policy to adapt it to current legal requirements or changes to our services.