Data protection

HomeData protection

Privacy policy

Maxitory FZ-LLC
As of January 5, 2026

1. Controller

The controller within the meaning of data protection laws, in particular the GDPR, is:

Maxitory FZ-LLC
Ras Al Khaimah Economic Zone (RAKEZ)
United Arab Emirates

E-mail: hello@maxitory.com
Website: www.maxitory.com

Maxitory FZ-LLC provides services exclusively in the B2B sector.

2. Scope

This privacy policy applies to the processing of personal data:

  • when visiting this website

  • for contact requests

  • in the context of consulting and project services

  • when using external tools (e.g. CRM)

Where applicable, processing is carried out in accordance with the General Data Protection Regulation (GDPR) and, additionally, in accordance with the applicable data protection laws of the United Arab Emirates.

3. Principles of data processing

Maxitory processes personal data exclusively according to the following principles:

  • Lawfulness & transparency

  • Purpose limitation

  • Data minimization

  • Integrity & confidentiality

  • Storage limitation

Only data that is required for the respective purpose is processed.

4. Hosting & server location

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

IONOS processes personal data exclusively within the European Union and complies with the requirements of the General Data Protection Regulation (GDPR).

As part of the hosting process, technical access data (e.g. IP address, date and time of access, browser information) are processed in particular to ensure the secure and stable operation of the website.

  • Server location: European Union

  • Hosting provider: IONOS Germany

  • Data processing: exclusively within the EU

Project and company data (Microsoft Azure / SharePoint)

Maxitory uses Microsoft Azure or Microsoft SharePoint for internal collaboration and for the execution of customer projects.

The processing takes place exclusively on servers within the European Union (EU region).

Microsoft is certified according to international security standards (including ISO/IEC 27001) and meets the requirements of the GDPR. The processing is based on a data processing agreement pursuant to Art. 28 GDPR.

5. Access data / server log files

The following data is automatically processed when the website is accessed:

  • IP address (shortened, if technically possible)

  • Date and time of access

  • Browser type and version

  • Operating system

  • Referrer URL

This data is used exclusively for technical security, stability and abuse detection and is not used for profiling.

6. Contacting us

When you contact us (e.g. via e-mail or form), the following data is processed:

  • Name

  • E-mail address

  • Content of the request

  • if applicable, company data

Purpose: Processing the request, initiation of a contractual relationship
Legal basis: Art. 6 para. 1 lit. b GDPR

7. CRM system (Monday CRM)

Maxitory uses Monday CRM to manage customer and project relationships.

Processed data may include:

  • Contact details

  • Company data

  • Project and communication information

The processing takes place:

  • exclusively for a specific purpose

  • on the basis of a data processing agreement (DPA)

  • in compliance with GDPR requirements

We use a CRM system for the internal management of customer and business contacts.
Personal data is processed exclusively within the framework of existing business relationships and not via this website.

8. Disclosure of data

Personal data will only be disclosed if:

  • this is necessary for the performance of a contract

  • there is a legal obligation to do so

  • explicit consent has been given

Data will not be sold or disclosed to unauthorized parties.

9. International data transfer

If data is processed outside the EU as part of the provision of services:

  • this is done exclusively using appropriate data protection guarantees

  • in particular through standard contractual clauses (SCC) in accordance with Art. 46 GDPR

  • or equivalent protection mechanisms

10. Storage period

Personal data will only be stored for as long as:

  • the respective purpose exists

  • statutory retention obligations apply

  • contractual obligations exist

After the purpose has ceased to exist, the data will be properly deleted.

11. Rights of data subjects (GDPR)

Data subjects have the following rights – provided that the GDPR is applicable:

  • Information (Art. 15 GDPR)

  • Correction (Art. 16 GDPR)

  • Deletion (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

Requests can be made informally by e-mail.

12. Right to lodge a complaint

Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority.

Jurisdiction is determined by the respective place of residence or work.

13. EU representative (Art. 27 GDPR)

If required by law, Maxitory will appoint a representative within the European Union in accordance with Art. 27 GDPR.
The contact details will be provided to data subjects upon request.

14. Data security

Maxitory implements technical and organizational measures (TOMs), including:

  • Access restrictions

  • Encryption

  • Role-based permissions

  • Regular security checks

The measures comply with the state of the art.

15. Changes to this privacy policy

This privacy policy may be adapted to reflect legal changes or technical developments.

Cookies

This website only uses technically necessary cookies.
These are required to provide basic functions of the website.

User behavior is not evaluated or tracked for marketing or analysis purposes.

The current version is available on the website.