Introducing FoxRadar (Gen 4) and FoxPressure (Gen 4).Explore the new generation →
FoxInsights

Privacy Policy

We are very pleased about your interest in our company.

Personal data is any information relating to an identified or identifiable person. This also includes pseudonymous data that we cannot directly attribute to you, for example via a name or email address.

Since the protection of your personal data is very important to us, we inform you in this privacy policy about the nature, scope, and purpose of the personal data we process, as well as your rights as a data subject.

At the end of this privacy policy, you will find explanations of the key terms used under the section Definitions.

Controller

The controller responsible for the processing of personal data is:

FoxInsights GmbH Ridlerstraße 57 D-80339 Munich, Germany

Tel.: +49 89 21540220 Email: info@foxinsights.ai

Data Protection Officer

The external data protection officer is:

d.works GmbH Mr Markus Weber Essener Str. 1 57234 Wilnsdorf, Germany Tel.: +49 271 77237-60 Email: datenschutz@d.works

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us as the controller or our data protection officer at any time.

Data Subject Rights

You may assert the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

If you submit a request for access, we will inform you in accordance with data protection requirements whether and what data we have collected about you. We always strive to ensure that data is current and accurate. If incorrect information has been recorded, we will rectify it promptly upon request.

Please send your request to: datenschutz@foxinsights.ai

In addition to exercising your rights against us, you also have the right to lodge a complaint with a supervisory authority if you suspect a breach of data protection regulations (Art. 77 GDPR).

Data Transfers to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (so-called third countries) if you have consented to such processing or if there is another legal permission. This applies in particular where processing is required by law or necessary for the fulfilment of a contractual relationship, and in any case only to the extent generally permitted.

Where data is processed outside the EU/EEA and no level of data protection equivalent to European standards exists, we conclude EU Standard Contractual Clauses together with a Transfer Impact Assessment (TIA) with the relevant service providers in order to establish an adequate level of data protection.

Regarding data transfers to US companies, the transatlantic data protection agreement known as the Data Privacy Framework (also referred to as "Privacy Shield 2.0") entered into force on 10 July 2023. Under certain conditions, this once again permits the use of tracking, analytics, and marketing tools involving data transfers to the USA. For a US company to be considered a secure data recipient and to comply with the principles of the Data Privacy Framework, it must undergo a self-certification process with the US Department of Commerce (DoC). This self-certification requires a company to submit a series of documents. Once complete, the organisation is added to the DPF list and is considered self-certified under the requirements of the new data protection framework.

Data processing by US services that are not active participants of the EU–US Data Privacy Framework may result in data being processed and stored without anonymisation. Furthermore, US government authorities may potentially access individual pieces of data. In addition, data collected may be linked with data from other services of the same provider if you hold a corresponding user account. Where possible, we endeavour to use server locations within the EU where this is offered.

Privacy Notice for Business Partners

We are pleased that you are interested in our company and are getting in touch with us.

The protection of your data is very important to us. With this privacy notice, we provide you with the following information pursuant to Art. 13 GDPR regarding the processing of your personal data in connection with our business relationship.

Further information about our company, details of authorised representatives, and additional contact options can be found at https://www.foxinsights.ai/en/imprint.

What data do we process and for what purposes?

We process exclusively personal data that we have received from you within the scope of our business relationship or, where applicable, from publicly accessible sources.

Personal data within the meaning of Art. 4 No. 1 GDPR may include: names, telecommunications data, and address data. In addition, we also process offer, enquiry, and order data, data from the fulfilment of our contractual obligations, product data, documentation data, and other data comparable to the categories mentioned.

The provision of your personal data is required for the initiation, execution, and settlement of the contractual relationship. If data is not provided, we are unfortunately unable to contact you to clarify pre-contractual or contractual matters.

What is the legal basis for processing your personal data?

The processing of your personal data is carried out in accordance with the legal provisions of the GDPR and the Federal Data Protection Act (BDSG) for the fulfilment of contractual obligations or for pre-contractual measures (Art. 6(1)(b) GDPR).

We may also use this data for additional purposes within the scope of our business relationship.

How long is the data stored?

We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods, such as those under the German Commercial Code (HGB) or the Fiscal Code (AO).

To whom is the data passed on and where is it processed?

We use personal data only for our own purposes in the course of the business relationship.

Privacy Notice for Applicants

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case when an applicant submits application documents electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. In addition to the information voluntarily provided by an applicant as part of the application, our company may also process supplementary publicly accessible information, such as information found via internet search engines or from professional online platforms such as Xing or LinkedIn.

The legal basis for this processing is Art. 6(1)(b) GDPR, Art. 88 GDPR, and § 26(1) BDSG.

If no employment contract is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided there are no other legitimate interests of the controller that preclude deletion. The legal basis in this case is Art. 6(1)(f) GDPR and § 24(1) No. 2 BDSG.

If you expressly consent to a longer storage period, for example for inclusion in an applicant or candidate database, the data will be processed for a maximum of two years on the basis of your consent. The legal basis is then Art. 6(1)(a) GDPR. You may withdraw your consent at any time pursuant to Art. 7(3) GDPR with future effect.

Data Protection When Visiting Our Website

Nature and purpose of processing

When you access our website — i.e. when you do not register or otherwise submit information — general information is automatically collected. This information (server log files) includes the type of web browser used, the operating system, the domain name of your internet service provider, your IP address, and similar data.

It is processed in particular for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring smooth use of our website
  • Evaluating system security and stability
  • Optimising our website

We do not use your data to draw conclusions about your identity. Information of this kind may be statistically evaluated by us in anonymised form in order to optimise our website and the underlying technology.

Legal basis and legitimate interest

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients

Recipients of the data may include technical service providers acting as data processors for the operation and maintenance of our website.

Retention period

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For data used to provide the website, this is generally the case when the respective session has ended. In the case of data stored in log files, this is the case after no more than 14 days. Further storage is possible. In such cases, the IP addresses of users are anonymised so that it is no longer possible to identify the requesting client.

Mandatory or required provision

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and the functionality of our website cannot be guaranteed. In addition, individual services and features may be unavailable or restricted. For this reason, an objection is excluded.

Hosting

We host the content of our website with the following provider:

Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. Contact: https://aws.amazon.com/contact-us/

For details, please refer to the privacy policy of Amazon Web Services EMEA SARL: https://aws.amazon.com/privacy/

The use of Amazon Web Services (AWS CloudFront) is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation of our website. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as consent covers the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Demo Request

When you complete the demo form on our website, we collect and process certain personal data that you voluntarily provide to us, such as your first and last name, email address, telephone number, and your company.

The data is used to process your request and to provide you with the requested demo. Data is stored for as long as necessary to fulfil the aforementioned purposes, unless statutory retention obligations apply. Beyond this, the information may be processed with your explicit consent for the purpose of improving the website experience and optimising our services.

The processing of your personal data in connection with a demo request is carried out on the basis of Art. 6(1)(b) GDPR, as the processing is necessary for the performance of pre-contractual measures. If you have additionally consented to further contact, for example for information or marketing purposes, the processing is also carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Your data will be used exclusively to process your request and to prepare and conduct the demo.

Use of Cookies and Similar Technologies

Cookies are small text files placed on your device that collect data which can later be read by a web server of the domain that placed the cookie.

Our website uses cookies and similar technologies to provide users with a more user-friendly service, to analyse the performance of our products, and to fulfil other legitimate purposes.

You may prevent the setting of cookies by our website at any time by adjusting the settings of your internet browser, thereby permanently objecting to the setting of cookies. Cookies that have already been set may also be deleted at any time via an internet browser or other software. This is possible in all common internet browsers. If you deactivate cookies in your browser, some functions of our website may not be fully available.

9.1 Technically Required Cookies

Technically necessary cookies are those that secure the basic functions of the website and thus enable its operation. This concerns only the technical necessity of providing the website and not commercial aspects.

The legal basis is our legitimate interest in providing a functional website pursuant to Art. 6(1)(f) GDPR or the fulfilment of a legal obligation pursuant to Art. 6(1)(c) GDPR. Under EU ePrivacy law, technically required cookies are used without consent on the basis of § 25(2) No. 2 TDDDG.

For the aforementioned purposes, we use the services of the following third parties:

9.2 Statistics Cookies, Marketing Cookies, and Functional Cookies

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies store user information regarding the visited website. This data is used, for example, to display ads tailored to user interests, optimise offers, recognise the user, or simplify website use.

Functional cookies increase the usability of the website by storing personal data such as location or form data, enabling improved and personalised functions.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Under EU ePrivacy law, technically required cookies are used without consent on the basis of § 25(1) TDDDG.

For the aforementioned purposes, we use the services of the following third parties:

Contact

When you contact us (e.g. via a contact form, chat, or email), we process your information to handle the request and in case follow-up questions arise. Where data processing is carried out for the performance of pre-contractual measures initiated by your request, or where you are already our customer, for the performance of the contract, the legal basis for this data processing is Art. 6(1)(b) GDPR. Data is stored for as long as necessary to fulfil the aforementioned purposes, unless statutory retention obligations apply.

Retention Period

Unless expressly stated otherwise in this privacy policy, we store personal data only for as long as is necessary to achieve the respective purposes.

Where processing is based on your consent, such as when subscribing to our newsletter or using consent-required cookies, storage continues until you withdraw your consent.

In addition, statutory retention obligations may apply in certain cases, for example for data relating to contact requests, appointment bookings, or contractual transactions. In such cases, further storage takes place exclusively to fulfil legal obligations, e.g. under tax or commercial law. Once the original purpose has ceased and the applicable statutory retention period has expired, the data will be deleted. Commercial and tax retention periods are generally 6, 8, or 10 years pursuant to §§ 257 HGB and 147 AO.

Definitions

Personal data: Any information relating to an identified or identifiable natural person.

Data subject: Any identified or identifiable natural person whose personal data is processed by the controller.

Processing: Any operation carried out in connection with personal data, such as collection, recording, storage, use, disclosure, or deletion.

Restriction of processing: The marking of stored personal data with the aim of limiting its future processing.

Profiling: Automated processing of personal data to evaluate certain personal aspects relating to a natural person.

Pseudonymisation: Processing of personal data in such a way that it can no longer be attributed to a specific person without the use of additional information.

Controller: The natural or legal person or body that determines the purposes and means of the processing of personal data.

Processor: A natural or legal person or body that processes personal data on behalf of the controller.

Recipient: A natural or legal person or body to whom personal data is disclosed.

Third party: Any natural or legal person or body other than the data subject, the controller, the processor, and those authorised to process personal data.

Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by which they signify agreement to the processing of their personal data.

Disclosure of Personal Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We share your personal data with third parties only if:

  • you have given your express consent pursuant to Art. 6(1)(a) GDPR,
  • the disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise, or defence of legal claims,
  • there is a legal obligation to disclose pursuant to Art. 6(1)(c) GDPR, or
  • this is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the processing of contractual relationships with you.

Data Security

We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to your enquiries and any customer login. We use SSL (Secure Socket Layer) encryption; however, we point out that data transmission over the internet (e.g. when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Currency and Amendments to this Privacy Policy

This privacy policy is currently valid and was last updated in April 2026.