Privacy Policy

The protection and security of your data is our top priority. The processing of your personal data is carried out exclusively in accordance with the legal provisions of data protection law, particularly the General Data Protection Regulation (hereinafter "GDPR"). This privacy policy applies to all companies belonging to the CMX Solutions Group.
The purpose of this privacy policy is to provide you with maximum transparency regarding the processing of your personal data by all companies within the CMX Group. Therefore, we would like to inform you in particular about which personal data we collect when you use our website, the purposes for which we process your data, and to whom we may disclose it.

I. Who is responsible for data processing and who is the data protection officer?

Data Controllers

This website is owned and administered by CMX Solutions GmbH. This privacy policy describes how CMX Solutions GmbH and its affiliates, other companies within the CMX Solutions Group ("Company" or "we"), use your data. When interacting with any of the group companies, the 'controller' of your personal information will be the specific company you are engaging with. For their contact details, please see below:

Company CMX Solutions GmbH Rosenstraße 2 10178 Berlin, Deutschland Tel: +49 30 555 785 79 E-Mail: dataprotectionde@cmx-solutions.com	Data Controller Kontakt Tel: +49 30 555 785 79 E-Mail: dataprotectionde@cmx-solutions.com
Company CMX Remote GmbH Rosenstraße 2 10178 Berlin, Deutschland Tel: +49 30 568 499 57 E-Mail: datenschutz@expertcloud.de	Data Controller Tel: +49 30 568 499 57 E-Mail: datenschutz@expertcloud.de
Company Abravo GmbH Rosenstraße 2 10718 Berlin, Deutschland Tel: +49 30 201 644 302 E-Mail: dataprotectionabravo@cmx-solutions.com	Data Controller Tel: +49 30 201 644 302 E-Mail: dataprotectionabravo@cmx-solutions.com
Company CMX Solutions Dooel Skopje Dame Gruev 14-1/1-4 Skopje, Nordmazedonien E-Mail: dataprotectionmk@cmx-solutions.com	Data Controller E-Mail: dataprotectionmk@cmx-solutions.com
Company CMX Solutions LLC Vazha-pshavela avenue, N 71 Bürofläche N2, Etage 1, Block III Bezirk Vake, Tiflis, Georgien E-Mail: dataprotectionge@cmx-solutions.com	Data Controller E-Mail: dataprotectionge@cmx-solutions.com
Company CMX Solutions LLC Vazgen Sargsyan Str. 26/1 Erebuni Plaza Business Center, Raum 500, 501, 503 Jerewan, Armenien E-Mail: dataprotectionam@cmx-solutions.com	Data Controller E-Mail: dataprotectionam@cmx-solutions.com
Company CMX Solutions LLP Bezirk Medeuskiy, Nurlan Kapparov Straße 402 R.6, 2. Stock Almaty, Republik Kasachstan E-Mail: dataprotectionkzk@cmx-solutions.com	Data Controller E-Mail: dataprotectionkzk@cmx-solutions.com

In our Company and Location section you will also find a list of the countries and regions in which CMX operates.

Websites and services of other providers, to which this website links, are designed and provided by third parties. We have no influence on the design, content, and functionality of these third-party services. Please note that third-party offers linked from this website may install their own cookies on your device or collect personal data. Please consult the providers of these linked third-party offers directly for further information.

II. What is the subject of data protection?
Data protection includes the protection of personal data. This refers to all information related to an identified or identifiable natural person (referred to as the "data subject"). This includes, for example, details such as name, address, phone number, or email address, as well as information that is necessarily collected during the use of our website, such as details regarding the start, end, and extent of use.

III. Which of my personal data is processed on this website?
Below is an overview of the type, scope, purposes, and legal bases of data processing on our website:

Logfiles

When accessing our website from your device, the following data is processed by us for statistical evaluations, website improvement, system security (e.g., prevention of abuse), and error diagnosis:

Date and time of access
Duration of the visit
Type of device
Operating system used
Features you use
Amount of data sent
Type of event
IP address
Domain name
Website from which the user arrived at the requested page (so-called "referrer")
Website accessed by the user's system via our website
HTTP status
Information about the browser type and version used
Internet service provider of the user

The processing is carried out to protect our legitimate interests based on Article 6(1)(f) of the GDPR or other applicable national data protection legislation. Our legitimate interest lies in pursuing the purposes mentioned above.

Description of the Service

When accessing our website through your device, the following data is processed by us to make our website available for use and to ensure the technical operation:

Date and time of access
Duration of the visit
Type of device
Operating system used
The functions you use
Amount of data sent
Type of event
IP address
Domain name

The processing is carried out to protect our legitimate interests based on Article 6(1)(f) of the GDPR or other applicable national data protection legislation. The data processing is necessary to safeguard our legitimate interest in enabling our customers and prospects to use our website and to ensure its technical functionality.

These data are automatically processed when you access our website. The provision of this data is neither legally nor contractually required and is not necessary for the conclusion of a contract. Without providing this data, you cannot use our services.

We use cookies on our website to offer a comprehensive range of functions, make the use more comfortable, and optimize our offerings. Cookies are small text files that are generated by a web server and stored on your computer during your online visit via the web browser you use.

We use so-called "session cookies," which are automatically deleted after the end of your browser session.

We also use long-term cookies, which are primarily used to provide you, as a visitor to our website, with recurring settings. Cookies also allow us to analyze visitors' usage behavior, but only within the validity period of the cookies. This allows us to tailor our website to your preferences.

For more information about cookies, visit: www.allaboutcookies.org

If you do not wish to use cookies, you can prevent the storage of cookies on your device by adjusting the settings of your internet browser or using separate opt-out options. Please note that the functionality and scope of our services may be limited as a result.

3.1 Technically Necessary Cookies

We use technically necessary cookies to enable and simplify the use of our website and to ensure the recognizability of our website by the browser, even after changing websites.

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR as well as § 25(2) No. 2 TDDTG or other applicable national data protection legislation. Our legitimate interests lie in the aforementioned purposes.

We do not share your data with third parties. Your data is automatically deleted after the termination of your browser session.

You are not obligated to provide your data. Your data is automatically collected when you visit the website.

3.2 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, if you are based in the EU (hereinafter: "Google").
Google Analytics uses cookies that are stored on your computer and allow the analysis of your use of the website for the purpose of optimizing our website, as well as for cross-device analysis of users through the User-ID. The cookie collects and processes the following data from you:

IP address
Location of the access
Cookie ID
Type of device
Operating system used
Date and time of the website visit
Visited website
User behavior on our website (visits, page views/clicks)
Browser information (browser type, version)
Referring pages/Referrer URL (which page users come from)
Completed pages (which pages users visit after leaving our website)
Location data
Displayed files and downloads

This website uses Google Analytics with the "_anonymizeIp()" extension for IP anonymization, which ensures that your IP address is truncated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area to prevent direct identification via the IP address. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use the collected data on our behalf to evaluate your use of the website, to compile reports on website activities for us, and to provide other services related to website use and internet usage for us.

We process your personal data based on your consent, Article 6(1)(a) of the GDPR in conjunction with § 25(1) Sentence 1 TDDTG or other applicable national data protection legislation. You can withdraw your consent at any time via the cookie settings or directly with Google by downloading and installing the browser plugin available at the link. This will set an opt-out cookie, which prevents the future collection of your data when visiting this website.

Your data is usually transferred to and stored on a server operated by Google in the USA. The transmission results in the processing of your personal data in a third country (outside the European Economic Area (EEA)). Google is certified under the Data Privacy Framework, ensuring an adequate level of data protection when transferring your personal data to the USA.

For more information on data protection in Google Analytics, please see here and here. You are not obligated to provide this data. The data is collected directly from you upon your consent when you visit the website.

Your data will be automatically deleted after 2 years.

Use of Our Contact Form

You have the option to contact us via a form. If you use the general contact form, we require your email address and your name (mandatory fields). If you voluntarily provide your phone number in the form, we will process that along with the content of your message.

We process this data based on Article 6(1)(f) of the GDPR or other applicable national data protection legislation. The purpose of processing your data is solely to handle the contact request. Our legitimate interest also lies in this purpose. Your data will be processed internally only, and will not be passed on to third parties.

We will delete your data after the completion of processing your contact request.

You can object to the processing of your personal data at any time (see Section VII). In such a case, however, the conversation cannot be continued.

Contacting Us via Email

Alternatively, you can contact us via the email addresses provided on our website. In this case, the data you transmit along with your email address will be stored. No data will be passed on to third parties.

The data will be used exclusively for processing the conversation and fulfilling your contact request. The legal basis for processing the data transmitted during the sending of an email is Article 6(1)(f) of the GDPR or other applicable national data protection legislation.

You can object to the processing of your personal data at any time (see Section VII). In such a case, however, the conversation cannot be continued.

Collection of Personal Data in Job Applications

When you apply to our company, we process the personal data you provide during the application process.
Detailed information is available during the application process.

Collection of Personal Data from Business Partners

The CMX Group processes personal data from business partners, such as customers, service providers, and other partners, in accordance with the GDPR and other applicable national data protection legislation in the countries where the group operates.

Categories of Processed Personal Data:

Contact details (e.g., name, address, phone number, email address)
Contract data (e.g., contract details, services provided)
Payment data (e.g., bank details, payment history)
Communication data (e.g., correspondence, meeting notes)

Purposes of Processing:

Management of business relationships
Fulfillment of contractual obligations
Payment processing
Fulfillment of legal obligations
Communication with business partners

Legal Basis for Processing - The processing of personal data from business partners is based on the following legal grounds:

Fulfillment of a contract
Fulfillment of legal obligations
Legitimate interests

Contracts for Data Processing:

CMX Solutions GmbH, Abravo GmbH, CMX Remote GmbH, and other companies within the CMX Group provide services to their customers. These services may be provided in collaboration with other companies within or outside the CMX Group. In such cases, these companies act as data processors or sub-processors based on concluded agreements for data processing. These agreements ensure that all parties involved comply with the necessary data protection standards and obligations.

For further detailed information, please read our specific privacy policy for business partners, which can be accessed here.

Social Media

Below is an overview of the type, scope, purposes, and legal bases of data processing, as well as the storage duration, through our social media channels:

8.1 Facebook Fanpage

We operate functionalities of our Facebook fan page (https://) as joint controllers with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, hereinafter referred to as "Meta" (Contact with the Data Protection Officer). Regarding the jointly controlled service "Page Insights," only statistical data about usage is provided to us. In relation to this service, we have entered into an agreement with Meta, which you can review here. Meta's privacy policy, especially regarding data processing in connection with the "Page Insights" service, can be accessed here: Privacy Policy. As a data subject, you can assert your rights against both us and directly with Meta.

When interacting with you as a user of our Facebook fan page, the following data is processed:

Date and time of interaction
Type of device
Type and content of the interaction (e.g., likes, direct messages, comments)
Profile name

The processing of your personal data in the operation of the Facebook fan page is based on Article 6(1)(f) of the GDPR or other applicable national data protection legislation and serves the purpose of interacting with us and other users, improving your user experience, and receiving and processing inquiries, complaints, or other feedback. A legitimate interest corresponding to this purpose is pursued.

Recipients of your personal data are internal departments. Regarding the recipients and the transfer to third countries by Facebook, we refer to Meta’s Privacy Policy.
We delete your personal data, unless there are legal retention obligations, generally after the termination of the usage relationship or after the complete completion of direct communication or after the removal of the commented post. Additionally, any unlawful content may be deleted. For deletion by Meta, we refer to Meta’s privacy notice.

8.2 Instagram Business Profile

We use the "Instagram" service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter referred to as "Facebook" (Contact with the Data Protection Officer) and operate our Instagram business profile through it.

When interacting with you as a user of our Instagram business profile, the following data is processed:

Date and time of interaction
Type and content of the interaction (e.g., direct messages, comments)
Profile name

The processing of your personal data in the operation of the Instagram business profile is based on our legitimate interests under Article 6(1)(f) of the GDPR or other applicable national data protection legislation and serves the purpose of interacting with us and other users, as well as informing you about our products and company. A legitimate interest corresponding to this purpose is pursued.

Recipients of your personal data are internal departments. Regarding the recipients and the transfer to third countries by Meta, we refer to Meta’s Privacy Policy.
We delete your personal data after the complete completion of direct communication or after the removal of the commented post. Additionally, any unlawful content may be deleted. For deletion by Meta, we refer to Meta’s privacy policy.

Marketing Tools

Below is an overview of the type, scope, purposes, and legal bases of data processing within the framework of the marketing tools used:

9.1 SalesViewer

This website uses the SalesViewer® technology of SalesViewer® GmbH, based on the legitimate interests of the website operator (Article 6(1)(f) of the GDPR or other applicable national data protection legislation), to collect and store data for marketing, market research, and optimization purposes.

For this purpose, a JavaScript-based code is used to collect company-related data and corresponding usage data. The data collected with this technology is encrypted using a non-reversible one-way function (called hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.

The data stored by SalesViewer is deleted as soon as it is no longer necessary for its intended purpose, and there are no legal retention obligations preventing its deletion.

The data collection and storage can be objected to at any time with future effect by clicking this link to prevent data collection by SalesViewer® on this website in the future. An opt-out cookie will be placed on your device for this website. If you delete your cookies in this browser, you will need to click this link again.

9.2 Meta Ads

We use Meta Ads to display advertisements on Instagram and Facebook. The purpose of our advertisements is to raise awareness of our offerings and present ourselves as a company to the public. To target our ads effectively, we use demographic data that Meta provides for these purposes. We can also evaluate the success of our advertisements and improve our ad campaigns. For this, Meta provides us with data on how often an ad was clicked and how often it was shared. These data are statistically processed anonymous data. We do not have access to clear data of the users, meaning we cannot identify the users to whom we are displaying ads.

Data processing through Meta Ads is done in joint responsibility with Meta. Regarding this Meta Ads service, we have entered into an agreement with Meta for joint responsibility, which you can review here.

Meta processes your personal data based on your consent according to Article 6(1)(a) of the GDPR in conjunction with § 25(1) TDDDG or other applicable national data protection legislations. For more information on how Meta processes your personal data, you can refer to Meta's Privacy Policy. The data received from Meta is processed based on our legitimate interests under Article 6(1)(f) of the GDPR or other applicable national data protection legislation, with our legitimate interest being to display targeted and effective advertising.

You can exercise your rights as a data subject both against us and directly against Meta.

9.3 Meta Pixel

In addition, we also use Meta Pixel from the provider Meta to measure the success of our advertising campaign and optimize our advertising presence. Meta Pixel is a so-called tracking pixel, which is a small graphic that is automatically loaded when a website is accessed, enabling the tracking of user behavior. This occurs when you interact with advertisements that we have placed with Meta. If we transmit personal data collected on our website through the use of Meta Pixel to Meta, this data processing is done in joint responsibility with Meta. Regarding this service, we have entered into an agreement with Meta for joint responsibility, which you can review here. The further processing of this data after transmission is solely the responsibility of Meta. For more information on data protection, please refer to Meta's Privacy Policy.

The processing of your personal data is based on your consent according to Article 6(1)(a) of the GDPR in conjunction with § 25(1) TDDDG or other applicable national data protection legislation. You can withdraw your consent at any time through the cookie settings at the end of the page.

9.4 Google Ads

We also use Google Ads, an online advertising program by Google. Google Ads allow us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms in the search engine (so-called keyword targeting). Additionally, we receive anonymized user data from Google (e.g., location or user interests), which enables us to target our ads effectively. Furthermore, we can measure and optimize the success of our advertising campaign through Google Ads.

If you click on one of our Google advertisements and are redirected to our website, a cookie will be stored on your device by Google Ads. In this case, Google stores personal usage data and provides it to us in an anonymized, statistically processed form. This data allows us to measure the success of our advertising efforts.

Through Google Ads, personal usage data is transmitted to Google, such as the fact that you visited our website. If you have a Google account and are logged in when visiting the website, Google may associate your user behavior with your account. Even without being logged into Google, there is a possibility that Google processes personal user data, such as your IP address. When you visit our website, a connection is made with Google's server in the USA, so personal usage data may be transferred to the USA. The third-country transfer is based on Google's Privacy Framework certification. For more information, please refer to Google's legal framework for data transfers.

Cookies set through your visit to our website will be deleted according to the information in the cookie settings.

IV. Retention Period

We delete your personal data when they are no longer required for the purposes pursued by us and no other legal basis exists.
If we process your personal data based on your consent, we will retain your consent until the end of the third calendar year after a revocation of consent to comply with our legal obligation to provide evidence and to safeguard our legitimate interest in proving consent in the event of a legal dispute. The legal basis for this processing is Article 6(1)(c) in conjunction with Article 5(1)(a), (2), Article 7(1) of the GDPR, or Article 6(1)(f) of the GDPR or other applicable national data protection legislation.

V. Recipients of Personal Data

The following groups of people receive the mentioned personal data:

Internal Recipients
Within our company, only those employees who need access to your personal data to fulfill their functions or tasks will have access to your personal data.

External Recipients
We only pass on your personal data to external recipients outside of the respective company within the CMX Group when this is necessary to fulfill the stated purposes, when there is another legal permission, or when we have your consent.
External recipients can include other companies within the CMX Group as well as external third parties, such as:

a) Processors: External service providers we use for providing services, e.g., in areas such as technical infrastructure and maintenance for our offering or content provision. These processors are carefully selected and regularly reviewed to ensure that your privacy is protected. The service providers may only use the data for the purposes we have specified.

b) Public Authorities: Authorities and government institutions, such as public prosecutors, courts, or tax authorities, to whom we may need to transfer personal data due to legal requirements on a case-by-case basis.

c) Other Parties: Other parties may also have access to your personal data under certain conditions within the framework of data protection laws. In this regard, confidentiality is legally guaranteed.

VI. Data Processing in Third Countries

If no adequacy decision by the European Commission exists for the third country, we ensure an adequate level of data protection when transferring personal data outside of the EEA by entering into appropriate agreements with the recipients, which are typically based on the EU standard contractual clauses, or other legal protective measures according to the applicable national data protection legislation.

VII. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR or other applicable national data protection legislation, as long as the respective legal requirements are met:

Right to Access: You have the right to obtain information about the personal data processed about you.
Right to Rectification: You may request the correction of incorrect data about you. Furthermore, you can request the completion of incomplete data.
Right to Deletion: In certain cases, you may request the deletion of your personal data.
Right to Restriction of Processing: You may request the restriction of the processing of your data in certain cases.
Right to Data Portability: If you have provided data based on a contract or consent, you may request that the data you provided be received in a structured, commonly used, and machine-readable format or transferred to another controller.
Right to Object to Data Processing Based on "Legitimate Interest" (Article 6(1)(f)): You have the right to object at any time to the processing of your data based on legitimate interest for reasons arising from your specific situation. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the continued processing, which override your rights.
Right to Object to Cookies: You may also object to the use of cookies at any time. Please refer to the above explanation regarding the use of each cookie.

To exercise your right to object, please contact us at info@cmx-solutions.com.

Withdrawal of Consent: If you have given consent for the processing of your data, you may withdraw it at any time with future effect. The lawfulness of the processing of your data until the withdrawal remains unaffected.

Right to Lodge a Complaint with the Supervisory Authority: You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data is unlawful.

Version adopted March 2025

Cookies

Get in touch

Are you curious, have questions, or need more information? We are happy to assist you – please enquire through our contact form. We look forward to hearing from you!