1. Scope of Application
This privacy policy provides information on the processing of your personal data when visiting the website and entering into contracts with milo x GmbH (hereinafter "milo x," "we," or "us") in accordance with the GDPR and the German Federal Data Protection Act (BDSG).
If you are acting as a legal entity, the rights set out in this privacy policy apply only to a limited extent. The GDPR protects the rights of natural persons only.
2. Controller
The controller responsible for processing your personal data under this privacy policy is:
milo x GmbH
Dorotheenstr. 63
22301 Hamburg
Germany
Email: contact@milox.io
Please direct all privacy-related inquiries or complaints to this contact address.
3. Definitions
The following terms are used in this privacy policy for better understanding:
BDSG refers to the German Federal Data Protection Act of June 30, 2017.
GDPR refers to the General Data Protection Regulation (Regulation (EU) 2016/679).
Recipient under Article 4(9) GDPR is any natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities that may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law are not considered recipients.
Personal data under Article 4(1) GDPR refers to any information relating to an identified or identifiable natural person.
Controller under Article 4(7) GDPR refers to the person or entity who determines the purposes and means of the processing of personal data.
Processing under Article 4(2) GDPR means any operation performed on personal data, such as collection, recording, organization, structuring, storage, alteration, retrieval, use, disclosure, erasure, or destruction.
4. Purposes and Legal Bases of Processing
When you visit our website, learn about us and our products, enter into a contract with us, or contact us otherwise, we process your personal data for the following purposes and on the following legal bases:
4.1 Visiting Our Website
We process the following data necessary for technical reasons to provide and secure the website:
- IP address
- Browser type and version
- Operating system and platform
- Referrer URL (previous page)
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
Server log files are stored for 7 days for security reasons and then automatically deleted unless required for a longer period to resolve a security-related incident.
This processing is based on our legitimate interest in maintaining the stability and security of the website (Art. 6(1)(f) GDPR).
Our website is hosted by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. The processing of personal data occurs under a data processing agreement pursuant to Art. 28 GDPR. EU Standard Contractual Clauses ensure the protection of your data.
4.2 Customer Service
If you contact us via the contact form, we process the data you provide (e.g., name, email address, phone number, message).
Processing is based on our legitimate interest in responding to your inquiry (Art. 6(1)(f) GDPR). If your inquiry is pre-contractual in nature, the legal basis is Art. 6(1)(b) GDPR. Voluntary information is processed based on your consent (Art. 6(1)(a) GDPR).
The data you enter is processed via the service provider Webflow Inc. under a data processing agreement pursuant to Art. 28 GDPR. Data is processed on servers in the USA and protected by EU Standard Contractual Clauses.
4.3 Contract Conclusion and Execution
When entering into a contract, we process your personal data as necessary to fulfill the agreement (e.g., name, contact details, job title). This is based on Art. 6(1)(b) GDPR.
4.4 Legal Disputes
We also process personal data as necessary to assert, exercise, or defend legal claims (e.g., in case of dunning procedures). This is based on our legitimate interest (Art. 6(1)(f) GDPR).
4.5 Website Analytics via Webflow
We use Webflow Inc.'s internal analytics to gather usage statistics (e.g., page views, duration). This may include processing IP addresses and browser data.Processing is based on our legitimate interest in improving our services (Art. 6(1)(f) GDPR). Data is processed on Webflow servers in the USA and protected by EU Standard Contractual Clauses. Where consent is required, processing is based on Art. 6(1)(a) GDPR.
4.6 Cookie and Consent Management via Concord Privacy
We use the Concord Privacy tool to manage cookie and third-party service consent. A cookie stores your consent or denial on your device. The following data is processed:
- Date and time of visit
- Device and browser information
- Your consent decision
Processing is required to meet our legal obligations (Art. 6(1)(c) GDPR in conjunction with Art. 7 GDPR).
5. Retention and Deletion
We retain your data only as long as necessary for the purposes stated in Section 4 and for the duration during which claims may be made (generally 3 years). After that, your data will be deleted unless:
- Legal retention obligations apply (e.g., under the German Commercial Code or Tax Code, up to 10 years)
- Longer retention is needed due to ongoing legal disputes
- You have consented to longer retention (Art. 6(1)(a) GDPR)
6. Categories of Recipients
Your data may be shared with the following recipients:
- Internal personnel responsible for handling your inquiry
- Hosting providers (e.g., Webflow)
- Email or communication service providers
- Processors pursuant to Art. 28 GDPR under contract
Disclosure to other third parties occurs only where required by law or based on your explicit consent.
7. Legitimate Interests and Right to Object
If processing is based on legitimate interests (e.g., website security, handling inquiries – see Section 4), you may object at any time on grounds relating to your situation (Art. 21 GDPR).
If you object, we will stop processing unless we can demonstrate compelling legitimate grounds or the processing serves the establishment, exercise, or defense of legal claims.
You can object to direct marketing at any time without providing reasons. In this case, your data will no longer be used for direct marketing.
Please send objections to the contact listed in Section 2. In response, we will process your data to verify and handle your objection based on Art. 6(1)(c) GDPR.
8. Withdrawal of Consent
You may withdraw consent at any time with future effect. The lawfulness of processing before withdrawal remains unaffected.
Please send your withdrawal to the contact in Section 2. We will process your request in accordance with Art. 6(1)(c) GDPR.
9. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15 GDPR)
- Correct inaccurate data (Art. 16 GDPR)
- Erase your data (Art. 17 GDPR)Restrict processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
To exercise your rights, please contact us at the address listed in Section 2. We will process your request to fulfill our legal obligations under Art. 6(1)(c) GDPR.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR) if you believe your data has been processed unlawfully.
10. Miscellaneous
This privacy policy applies in the version valid at the time of your visit. The current version is always available at https://milox.io/data-privacy.
We reserve the right to update this privacy policy. The current version applies from the time it is published on our website.
Version 1.0, July 2025