Privacy Policy
Effective Date: January 13, 2026
At Xomyx, we take the protection of your personal data very seriously. This privacy policy explains clearly and understandably which personal data we collect, why we need it, how long we store it, and what rights you have.
Important note upfront: We do not sell your data. We do not use it for third-party advertising. We only process data to operate a secure, fair, and trustworthy review platform.
1. Who is responsible?
Controller within the meaning of the GDPR:
XOMYX LTD
128 City Road
London EC1V 2NX
United Kingdom
Email: datenschutz@xomyx.com
2. Our Data Protection Officer
You can reach our Data Protection Officer at:
Email: dsb@xomyx.com
3. What data do we collect?
Data you actively provide
- First and last name, email address, phone number (when registering as a user or company)
- Company data (for business profiles): company name, address, registration number, VAT ID, owner/proof of authorization
- Content you upload: review texts, photos, videos, responses to reviews
- Payment data (only for paid plans): processed exclusively via our payment provider (Stripe) – we do not store complete card details
Data collected automatically
- IP address, browser type, operating system, device information
- Access times, visited pages, duration of visit (log files)
- Technically necessary cookies (login, security) – see section 9
- Rough location data (only if you allow it – e.g., for regional search)
4. Why do we use your data? (Purposes & legal basis)
| Purpose |
Legal basis (GDPR) |
| Registration & account management |
Performance of contract (Art. 6(1)(b) GDPR) |
| Publication & moderation of reviews |
Contract + legitimate interest (Art. 6(1)(b) & (f)) |
| Verification of companies |
Legal obligation + legitimate interest |
| Sending review invitations & system messages |
Legitimate interest |
| Platform security (abuse detection, spam protection) |
Legitimate interest |
| Analysis & improvement of the platform (anonymized) |
Legitimate interest |
| Payment processing |
Contract + legal obligation |
5. How long do we store your data?
- User account: as long as the account exists + 6 months after deletion
- Reviews: permanently (as long as the company profile exists)
- Verification documents: 10 years (legal retention obligation under German Commercial Code)
- Server logs: max. 90 days
- Anonymized statistics: indefinitely (no longer personal data)
6. Who receives your data? (Recipients)
We do **not** pass on your data for advertising purposes.
Possible recipients (all within EU/GDPR level):
- Hosting provider (servers in Germany/EU)
- Payment processor (Stripe – only payment data)
- Email delivery service (e.g. Brevo – only for system emails)
- Authorities & courts (if legally required)
7. Your rights – short & clear
- Right to access: What data do we store about you?
- Right to rectification: Correct inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to object (especially against processing based on legitimate interest)
- Right to data portability
- Right to withdraw consent at any time (for the future)
Just write to us: datenschutz@xomyx.com
You can also lodge a complaint with the competent supervisory authority (e.g. Hessian Data Protection Commissioner).
8. SSL encryption & security
Our entire website uses HTTPS (SSL/TLS) – you can recognize this by the green padlock in your browser. All data transmissions are encrypted.
9. Cookies & similar technologies
We only use technically necessary cookies (login, security, CSRF protection). There is **no** advertising tracking, no Google Analytics, no Facebook Pixel, no third-party tracking.
More details → Cookie Policy
10. Changes to this privacy policy
We may update this privacy policy due to legal or technical changes. You will always find the current version here.
