headux International GmbH
Privacy Policy
We are committed to protecting your personal data and respecting your privacy in full compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.
Last updated: March 2026
Data Controller
The controller responsible for the processing of your personal data within the meaning of the GDPR is:
Headux International GmbH
Waldstrasse 7, 57614 Wahlrod, Germany
Email: info@headux.de
Phone: +49 152 5143 8375
Personal Data We Collect
We collect and process the following categories of personal data, depending on how you interact with our website and services:
| Category | Data Types | Purpose |
|---|---|---|
| Contact Data | Name, email, phone, company, VAT number | Order processing, support, warranty |
| Order Data | Billing/shipping address, order history, payment method | Contract fulfilment, invoicing |
| Technical Data | IP address, browser type, device, cookies | Website functionality, analytics |
| Communication Data | Emails, support tickets, warranty registrations | Customer service, after-sales support |
| Marketing Data | Email preferences, newsletter subscription | Direct marketing (with consent only) |
Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 GDPR:
Art. 6(1)(b) — Contract
Processing necessary for the performance of a contract (orders, warranty, delivery).
Art. 6(1)(a) — Consent
Marketing emails and non-essential cookies, where you have given explicit consent.
Art. 6(1)(c) — Legal Obligation
Tax records, invoicing, and compliance with EU commercial law.
Art. 6(1)(f) — Legitimate Interest
Fraud prevention, website security, and improving our services.
Data Sharing & Third Parties
We do not sell your personal data. We share data only where necessary with the following categories of recipients:
- Shopify Inc. — e-commerce platform and order management (data processed under EU Standard Contractual Clauses)
- Payment processors — Shopify Payments, PayPal (PCI-DSS compliant)
- Logistics partners — DHL, DPD, UPS, GLS (for order fulfilment and delivery)
- Email service providers — for transactional and marketing communications
- Tax and accounting services — for legal compliance and invoicing
- Public authorities — where required by EU or German law
All third-party processors are bound by data processing agreements (DPA) in accordance with Art. 28 GDPR.
Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Order & invoice records | 10 years | § 147 AO (German Tax Code) |
| Warranty registrations | 2 years + 1 year | EU Consumer Rights Directive |
| Customer account data | Until account deletion | Consent / Contract |
| Marketing consent | Until withdrawal of consent | Art. 6(1)(a) GDPR |
| Website analytics / cookies | Up to 24 months | Consent |
Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights, which you may exercise at any time by contacting us at info@headux.de:
📋 Right of Access
Art. 15 GDPR — Request a copy of all personal data we hold about you.
✏️ Right to Rectification
Art. 16 GDPR — Request correction of inaccurate or incomplete data.
🗑️ Right to Erasure
Art. 17 GDPR — Request deletion of your personal data (“right to be forgotten”).
⏸️ Right to Restriction
Art. 18 GDPR — Request restriction of processing in certain circumstances.
📦 Right to Portability
Art. 20 GDPR — Receive your data in a structured, machine-readable format.
🚫 Right to Object
Art. 21 GDPR — Object to processing based on legitimate interests or for direct marketing.
🇩🇪 Right to Lodge a Complaint: You have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Rheinland-Pfalz (LfDI RLP) — the data protection authority for the state of Rhineland-Palatinate where headux is registered.
Cookies & Tracking
Our website uses cookies and similar tracking technologies. We distinguish between:
- Essential cookies — Required for the website to function (shopping cart, session management). No consent required.
- Analytics cookies — Used to understand how visitors use our site (e.g. Google Analytics). Requires consent.
- Marketing cookies — Used for targeted advertising and remarketing. Requires consent.
You can manage your cookie preferences at any time via our cookie consent banner or your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
International Data Transfers
Some of our service providers (including Shopify Inc., based in Canada) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable (e.g. Canada under PIPEDA)
- Binding Corporate Rules where relevant
Data Security
We implement appropriate technical and organisational measures (TOMs) to protect your personal data against unauthorised access, loss, destruction, or alteration, including:
- SSL/TLS encryption for all data transmitted via our website
- Access controls and role-based permissions for staff
- Regular security assessments and updates
- PCI-DSS compliant payment processing (no card data stored by headux)
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is shown at the top of this page. We encourage you to review this policy periodically. Where changes are material, we will notify you by email or via a prominent notice on our website.
Data Protection Enquiries
To exercise your rights or for any questions regarding this Privacy Policy, please contact our data protection team directly.
📧 Contact Data Protection TeamWe will respond to all data subject requests within 30 days in accordance with Art. 12 GDPR.
