Skip to content

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator:
Nexus Management Consulting GmbH, Im Kaisemer 11, 70191 Stuttgart, Germany
Email: simon.schilling@nexuscon.net

2. Hosting

This website is hosted by Netlify, Inc. (610 22nd Street, Suite 315, San Francisco, CA 94107, USA). When you visit our website, Netlify automatically collects information in server log files that your browser transmits (IP address, time of access, amount of data transferred, source/referral). This data is required for the technical operation of the website. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Cookies

This website itself does not set any first-party cookies. On pages with appointment scheduling (Contact), the Calendly widget is embedded, which may load functional cookies and third-party resources (see "Calendly" section).

Local Storage (localStorage)

This website uses your browser's local storage (localStorage) for the following purposes:

  • Color scheme preference: Storing your choice between light and dark mode.
  • Self-check results: Temporary storage of results from our self-checks (AI Readiness, NIS2) so they can be automatically transmitted when you contact us.
  • Whitepaper registration: Storage of registration status so you don't need to re-enter your contact details for additional downloads.

This data is stored exclusively locally in your browser and is not transmitted to our servers (except for voluntary submission via the contact form). You can delete localStorage data at any time via your browser settings. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in website functionality).

Your Rights

You have the right at any time to:

  • Access your stored personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Phone: +49 (0) 711 / 615541-0
Email: poststelle@lfdi.bwl.de
Website: www.baden-wuerttemberg.datenschutz.de

4. Data Collection on This Website

Contact Form

When you send us inquiries via the contact form, your details from the form, including the contact details you provide, are stored for the purpose of processing the inquiry and for follow-up questions. The technical processing of form data is handled by Netlify Forms (Netlify, Inc.), our hosting provider, acting as a data processor pursuant to Art. 28 GDPR. We do not share this data without your consent. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures).

Whitepaper Downloads

To download our whitepapers, we collect your name, email address, and optionally your company. We use this data exclusively to provide the download and for a one-time contact regarding the chosen topic. Legal basis: Art. 6 (1) (a) GDPR (consent) in conjunction with Art. 6 (1) (b) GDPR (pre-contractual measures). You can revoke your consent at any time.

Self-Checks (AI Readiness, NIS2)

Our self-checks process your responses exclusively locally in your browser. No data is transmitted to our servers. The results are stored in your browser's localStorage and can optionally be transmitted to us via the contact form. There is no automated individual decision-making within the meaning of Art. 22 GDPR – the evaluation serves solely as orientation and does not replace a professional assessment.

Web Analytics with Plausible

We use Plausible Analytics, a privacy-friendly web analytics service. Plausible does not use cookies and does not collect personal data. No IP addresses are stored and no cross-site tracking is performed. The collected data is used exclusively for statistical evaluation of website usage. No consent is required as no personal data is processed.

Paid Detailed Analyses (Stripe)

For payment processing of our paid digital services (EU AI Act Detailed Analysis, NIS2 Detailed Analysis), we use the payment service provider Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).

When you click the order button, you will be redirected to Stripe's hosted checkout page. Stripe processes your payment data (credit card number, bank details, etc.) as an independent controller under the GDPR. We only receive a payment confirmation and transaction ID from Stripe – no complete payment data.

Legal basis: Art. 6 (1) (b) GDPR (contract performance). For more information, see Stripe's Privacy Policy.

Calendly

For appointment scheduling, we use Calendly (Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305, USA). On our contact page, the Calendly booking tool is embedded as a widget. This loads resources (JavaScript, CSS) from assets.calendly.com. Calendly may set functional cookies and establishes connections to Calendly servers and additional services (e.g. Stripe for payment processing). When booking an appointment, your entered data (name, email, and any additional information) is transmitted to Calendly. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in efficient scheduling). For more information, see Calendly's Privacy Policy.

5. International Data Transfers

Some of our service providers are based in the USA (Netlify, Calendly). Data transfers to the USA are carried out on the basis of the EU-US Data Privacy Framework (adequacy decision of the EU Commission of July 10, 2023). Where no adequacy decision exists, we rely on Standard Contractual Clauses (Art. 46 (2) (c) GDPR) as a guarantee for an adequate level of data protection.

6. Data Retention

Personal data from the contact form and whitepaper downloads will be deleted after final processing of your inquiry, unless legal retention obligations apply. Commercial and tax retention obligations are generally 6 or 10 years (§ 257 HGB, § 147 AO). Server log data at Netlify is automatically deleted after 30 days.

7. Data Protection Officer

We are not legally required to appoint a data protection officer (fewer than 20 persons regularly involved in the processing of personal data, § 38 BDSG). For any data protection questions, please contact us at: simon.schilling@nexuscon.net

8. Fonts

This website uses the "Inter" font, which is hosted locally on the web server. No connections to external servers (e.g., Google Fonts) are established.

9. Updates to This Privacy Policy

This privacy policy is currently valid as of March 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.