This Privacy Policy explains how Intraxta GmbH handles personal data when you visit intraxta.de, create an account, place an order, or contact us. Intraxta is established in Germany and serves customers primarily in Germany and across the European Union. This policy is written to satisfy the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the German Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG).
1. Who we are (Data controller)
Intraxta operates the website at intraxta.de. The data controller is Intraxta GmbH, a German limited liability company registered in the commercial register (Handelsregister) of the Local Court of Berlin-Charlottenburg (Amtsgericht Berlin-Charlottenburg).
Berlin, Germany
You can reach us at info@intraxta.de or through our postal address. For privacy-specific requests, please use the dedicated mailbox described under How to exercise these rights below rather than the general contact address — it shortens response time.
2. What data we collect
We process the following categories of personal data:
- Account data — your name, email address, optional phone number, and a salted bcrypt hash of your password (we never store the password itself).
- Order data — billing and shipping addresses, the items you purchase, invoice records, and any tax identifiers required by law.
- Technical data — IP address, user-agent string, session cookies, device and browser metadata, and security logs (failed login attempts, suspicious requests, rate-limit events).
- Communication data — messages you send through the contact form, email correspondence with our support team, and any attachments you provide.
3. Purposes of processing
We process personal data to:
- operate your account and authenticate you across sessions;
- fulfil orders, issue invoices, and arrange shipping with our carriers;
- provide customer support and resolve disputes or warranty claims;
- protect the service against fraud, account takeover, abuse, and security incidents;
- comply with legal obligations under tax, consumer-protection, accounting, and electronic-commerce law.
4. Legal basis
Our processing rests on four legal bases under the GDPR. We rely on performance of a contract (Art. 6(1)(b) GDPR) to operate your account, fulfil your orders, and handle returns. We rely on legal obligation (Art. 6(1)(c) GDPR) to retain invoices, tax records, and accounting books for the periods required by German commercial and tax law (HGB §§ 238–257, AO §§ 140–147). We rely on legitimate interests (Art. 6(1)(f) GDPR) for fraud prevention, network and information security, and limited internal analytics needed to keep the service reliable. Where neither of the above applies — for example, non-essential analytics or marketing emails — we rely on your consent (Art. 6(1)(a) GDPR; § 25(1) TDDDG for cookies on terminal equipment), which you can withdraw at any time without affecting prior lawful processing.
5. Recipients and transfers
We share personal data only with processors who help us run the service: payment processors (to charge your card and remit funds), shipping carriers (to deliver your orders), email service providers (to send transactional and account messages), and infrastructure hosts (to operate our servers, databases, and backups). Each processor is bound by a written agreement requiring confidentiality, security, and data-minimisation. Where personal data leaves the European Economic Area (EEA), we rely on the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent transfer mechanism under Chapter V GDPR (Art. 44–49). We do not sell personal data, and we do not share it with advertising networks for cross-site tracking.
6. Retention
We keep personal data only as long as we need it. Account data is retained while your account is active and for up to twelve months after closure, so we can reinstate it if you change your mind or resolve outstanding issues. Order and invoice records are retained for the period required by German commercial and tax law — ten years for accounting records and invoices (HGB § 257 Abs. 4; AO § 147 Abs. 3). Security logs are retained for twelve months. After the applicable retention period expires, data is deleted or irreversibly anonymised.
7. Your rights (Art. 15–22 GDPR)
Under EU data protection law, you have the right to:
- be informed about whether we process your personal data and request access to it (Art. 15);
- request rectification of incomplete or inaccurate data (Art. 16);
- request erasure of personal data when the grounds for processing no longer apply (Art. 17);
- request restriction of processing in specific circumstances (Art. 18);
- receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller (data portability, Art. 20);
- object to processing based on legitimate interests, including profiling (Art. 21);
- not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Art. 22);
- withdraw consent at any time, without affecting prior lawful processing (Art. 7(3)).
You also have the right to lodge a complaint with a supervisory authority — for residents of Germany this is the data protection authority of the federal state (Landesdatenschutzbehörde) where you live, work, or where the alleged infringement took place; for residents of other EU/EEA member states, your national data protection authority is competent.
8. How to exercise these rights
To exercise any of the rights above, email privacy@intraxta.de from the address associated with your account. We respond within one month as required by Art. 12(3) GDPR, with a possible two-month extension for complex or high-volume requests (we will tell you within the first month if we need the extension and why). To prevent unauthorised disclosure, we may ask you to verify your identity before acting on a request; the verification step is itself processed only for that purpose and discarded afterwards.
9. Cookies
We use a small number of strictly necessary cookies to keep you signed in and to protect against CSRF. Non-essential cookies — analytics and any future marketing cookies — fire only after you give consent through our cookie banner, and can be revoked at any time from the same banner. For the full list of cookies, their purpose, and their lifetime, see our Cookie Policy.
10. Updates to this policy
The “Last updated” date at the top of this page reflects the most recent change. When we make material changes — such as new processing purposes, new recipients, or longer retention periods — we will notify registered users by email and post a prominent notice on the site before the change takes effect.
11. Contact
- Data controller — Intraxta GmbH
- Registered office — Berlin, Germany.
- General inquiries — info@intraxta.de
- Privacy inquiries — privacy@intraxta.de
If you would prefer to contact us through the website, please use our contact page. For information about returns and refunds, see Returns & Refunds; for delivery details, see Shipping Information; and for the contractual terms governing your purchase, see our Terms of Service.