Privacy Policy

Last updated: February 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

HTX2
Germany
Email: contact@htx2.de

2. Overview of data processing

We take the protection of your personal data very seriously. This privacy policy explains what data we collect when you use our website https://www.htx2.de, how we use it, and what rights you have.

We process personal data only in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), the German Telecommunications-Telemedia Data Protection Act (TTDSG), and other applicable legislation.

3. Hosting

This website is hosted on Amazon Web Services (AWS) using Amazon S3 and Amazon CloudFront. The servers are located in the EU (Frankfurt, eu-central-1). When you visit our website, your browser automatically transmits certain technical data to the hosting servers, including:

• IP address (anonymized in server logs)
• Date and time of access
• Requested URL and referrer
• Browser type and operating system
• HTTP status code and data volume transferred

This data is processed to deliver the website content and to ensure security and stability. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a secure and functional website). Server log data is deleted automatically after 30 days.

AWS acts as our data processor under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. More information: AWS Privacy Policy.

4. Contact form

When you use our contact form, we collect the following data:

• Full name (required)
• Email address (required)
• Company (optional)
• Phone number (optional)
• Request details (optional)

This data is transmitted via encrypted connection (TLS) and forwarded to us via email. We use the data exclusively to process and respond to your enquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). Your data is deleted once the enquiry has been fully dealt with, unless legal retention periods apply.

5. AI assistant

Our website features an AI-powered assistant that helps answer questions about our services. When you enter a query, your text input is sent to our server and processed using Amazon Bedrock (AWS AI services) within the EU region. No personal data is stored beyond the session. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing helpful information to visitors).

6. Web analytics

We use Simple Analytics for privacy-friendly website analytics. Simple Analytics:

• Does not use cookies
• Does not collect personal data or IP addresses
• Does not track individual users
• Is fully GDPR-compliant without requiring consent

Simple Analytics only collects aggregated, anonymous usage statistics (e.g. page views, referrer, browser type). Data is processed on servers in the EU. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in understanding website usage). More information: What Simple Analytics collects.

7. Cookies and local storage

We use the browser's local storage (localStorage) for the following functional purposes:

• Theme preference — storing your light/dark mode selection
• Language preference — storing your preferred language (EN/DE)

If you choose to sign in with LinkedIn (see section 8), the following cookies are set:

• htx2_auth — an encrypted session token (HttpOnly, Secure, expires after 24 hours)
• htx2_user — your display name for the welcome greeting (expires after 24 hours)

These are technically necessary for authentication functionality and do not track you across websites. The legal basis is § 25(2) TTDSG (strictly necessary storage) and Art. 6(1)(f) GDPR (legitimate interest). You can clear cookies at any time through your browser settings or by clicking "Sign out" in the navigation.

8. LinkedIn authentication

You may optionally sign in using your LinkedIn account via the "Sign in with LinkedIn" button. When you do so, the following data is retrieved from LinkedIn:

• Full name
• Email address
• Profile picture URL

How we use this data: Your name and email are used to pre-fill the contact form for your convenience. Your name is displayed as a welcome greeting in the navigation bar.

Storage: This data is stored exclusively in a signed session token (JWT) in your browser cookie. We do not store your LinkedIn data in any database or server-side storage. The session expires automatically after 24 hours.

Revocation: You can sign out at any time by clicking "Sign out" in the navigation bar. This immediately clears all authentication cookies and removes your LinkedIn data from the browser. You can also revoke access in your LinkedIn account settings.

The legal basis is Art. 6(1)(a) GDPR (your explicit consent by clicking the sign-in button). The authentication is provided by Microsoft/LinkedIn. See LinkedIn's Privacy Policy.

9. SSL/TLS encryption

This website uses SSL/TLS encryption (recognizable by "https://" in the browser address bar) to protect the transmission of data between your browser and our servers. This prevents third parties from reading data in transit.

10. Third-party services

Fonts

This website uses self-hosted web fonts (Inter via Fontsource). No requests are made to external font services such as Google Fonts. Your data is not shared with font providers.

11. Your rights under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — request information about your stored data
• Right to rectification (Art. 16 GDPR) — request correction of inaccurate data
• Right to erasure (Art. 17 GDPR) — request deletion of your data
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR) — object to processing based on legitimate interest

To exercise any of these rights, please contact us at contact@htx2.de.

12. Right to lodge a complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

13. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by statutory retention obligations (e.g. tax law: 10 years, commercial law: 6 years). After expiry of the retention period, data is deleted securely.

14. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our data processing practices or legal requirements. The current version is always available on this page.