Privacy Policy

1. Preliminary remarks

This Data Privacy Notice informs you which of your personal data are collected, processed and/or used (hereinafter collectively referred to as “processed”) if you visit our website (hereinafter referred to as “Website”).

2. Controller and data protection officer

The controller pursuant to Article 4 (7) GDPR is:

FinXP Ltd. Ardent Business Centre, Oratory Street, Naxxar NXR2505, Malta. 

Email address:

For further information, please refer to the legal notice on our website.

The best way to contact our data protection officer is either by email to or by letter to the above address.

3. Data processing when using the website

Generally, you can use our website without disclosing your identity. When the web-site is accessed, the following are recorded:

  • the IP address
  • the time and content of data retrieval
  • the amount of transferred data and
  • a message whether the retrieval was successful.

The data are automatically logged and used exclusively for the provision, optimisation and security of the Internet content on our website. The legal basis for pro-cessing data relating to the use of the website and its functions is our legitimate interest to operate the website pursuant to Article 6 (1) point (f) of the EU General Data Protection Regulation (“GDPR”).

IP addresses are stored for a period of 12 months. They are not transmitted to third parties.

4. Contact form

You can contact us and send us requests, for example if you wish to receive information. The following data can be entered into our contact form:

  • Surname
  • First name
  • Email address
  • Company
  • Standardized contact text and free text

We use the data you send us as part of your contact request exclusively to process the contact request. This also constitutes our legitimate interest to process the data, which is the legal basis for the data processing (Article 6 (1) point (f) GDPR). If the objective of the contact is to enter into a contract, Article 6 (1) point (b) GDPR serves as additional legal basis for processing. The data will be erased when they are no longer required to achieve the purpose of your contact request.

5. Cookies

Please refer to our Cookie Policy.

6. Recipients of personal data

Generally, personal data collected by us during the use of the website are not trans-mitted to third parties or otherwise transferred. This does not apply to the transmission of personal data to state institutions and authorities and to private right holders based on statutory provisions or decisions by courts of law or, respectively, public authorities, nor to the transfer to state institutions and public authorities for purposes of asserting our legal rights or criminal prosecution in the event of attacks on our legally protected interests.

Technical storage and processing of the data takes place on the servers of our external service provider (processor according to Article 28 GDPR), Azure Cloud Services. As our processors, they are contractually bound to comply with the applicable legal provisions on data protection and data security.

7. Duration of the storage of your data

Your personal data will be stored by us to the extent and for as long as it is required for the purposes of our processing. If, for example, you use the functions on our website, e.g. by sending a request to us or asking for product information, we store the data collected in this context until the respective user relationship has been completed or terminated. Should statutory or contractual retention periods apply beyond this time, obliging us to continue to store your data, your personal data will be erased at the end of the respective retention periods, unless you have expressly consented to the continued use of your data.

8. Rights of data subjects

If we process your personal data, you are a data subject within the meaning of the GDPR and have the following rights:

If the legal requirements are met, you are entitled to request information from us about your personal data and its processing (Article 15 GDPR), to rectification, erasure and restriction of your personal data and its processing (Articles 16 to 18 GDPR), and to a transfer of your personal data (Article 20 GDPR). If erasure is not possible due to statutory or contractual obligations, obligations under tax law or commercial law, or for other legal reasons, your data can only be blocked, but not erased.

Moreover, you have the right to object to data processing based on a “legitimate interest” of the controller pursuant to Article 6 (1) point (f) GDPR if the legal requirements pursuant to Article 21 GDPR are met.

In order to assert the aforementioned rights and/or to obtain further information, please contact us at the address stated in section 2.

9. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your data is in breach of statutory provisions, you may, without prejudice to any other administrative or judicial remedy, lodge a complaint with the appropriate supervisory authority, in particular in the Member State in which you are located, in which you work or where the alleged infringement has occurred.

Our supervisory authority is:

Germany / Schleswig Holstein:
ULD – Unabhängiges Landeszentrum für
Datenschutz Schleswig Holstein,
Holstenstraße 98, 24103 Kiel
P.O. Box 71 16, 24171 Kiel.


IDPC - Office of the Information and Data Protection Commissioner,
The Commissioner Mr. Ian Deguara, Level 2,
Airways House, High Street, Sliema SLM 1549, Malta.