Data Protection Policy

Data Protection Policy Zyglox

Last updated: May 2025

1. Data Controller

The controller responsible for processing your personal data is Zyglox GmbH. For all data protection enquiries, please use the contact details on our Contact page at zyglox.com/contact.

2. Contact & Web Forms

When you interact with us via our website forms (e.g. general contact, demo requests, or job applications) or via email, we collect and process the personal data you provide, such as your name, contact details, message content, and any attached files.

We use this data primarily to process and respond to your specific request. The legal basis for this processing depends on the nature of your inquiry: it may be for the initiation or performance of a contract (Art. 6(1)(b) GDPR), or based on our legitimate interest in effectively managing and communicating with our users and applicants (Art. 6(1)(f) GDPR). Where we rely on legitimate interests, you have the right to object at any time (see Your Rights below).

Third-Party Processing & International Transfers

Our web forms are built and hosted using Tally (Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium). When you submit a form on our website, your data is initially processed by Tally on servers located within the European Union. As a Belgian company, Tally is subject to GDPR and no international data transfer is involved at this stage. Tally acts as a data processor under a Data Processing Agreement and does not use your data for its own purposes.

Form submissions are subsequently forwarded to and stored in Notion (Notion Labs, Inc., 685 Market Street, San Francisco, CA 94105, USA), which we use to securely manage, host, and organise submissions. Data forwarded to Notion is processed on servers in the United States. Notion is certified under the EU-US Data Privacy Framework, and transfers are therefore made on the basis of the European Commission's adequacy decision of July 2023 (Art. 45 GDPR)

Your data therefore passes through two processors in sequence: Tally (EU-based, form collection) and Notion (US-based, storage and organisation). Both act solely as data processors under contract with us and do not use your data for their own independent purposes.

Data Retention

We retain your data only for as long as necessary to fulfill the purpose of your inquiry or to comply with statutory retention requirements. Business correspondence may be kept for up to 7 years to comply with Austrian commercial and tax law. Job application data is typically deleted 6 months after a position is filled, unless you explicitly consent to remaining in our talent pool. You may withdraw this consent at any time without affecting the lawfulness of prior processing.

3. Cookies

By using our website, a session is started in which a session cookie with randomly generated content is created in your browser. This session cookie is a security measure to protect against session hijacking attacks. No mapping to your IP address or any other tracking is conducted. The session cookie's value is based on a randomly generated hash and carries no constant identifier. It is deleted as soon as your session ends or you close your browser.

The legal basis for this processing is our legitimate interest in the secure operation of our website (Art. 6(1)(f) GDPR).

4. Server Logging

Our web server registers your IP address and saves this entry in a log file for security and operational purposes. These log files are not shared with third parties. The legal basis is our legitimate interest in maintaining the security and stability of our services (Art. 6(1)(f) GDPR).

5. Analytics

We use a self-hosted analytics tool to collect data about how visitors use our website. This helps us understand which content is useful and how we can improve your experience.

  • All data is processed and stored securely on our own infrastructure.

  • Analytics are only activated after you give your consent via the banner shown on your first visit (Art. 6(1)(a) GDPR).

  • You can customise your settings to allow or deny collection of location data.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access — you may request a copy of the data we hold about you.

  • Rectification — you may request correction of inaccurate data.

  • Erasure — you may request deletion of your data where no legal retention obligation applies.

  • Restriction — you may request that we limit processing of your data.

  • Portability — you may request your data in a structured, machine-readable format (Art. 20 GDPR).

  • Objection — where we rely on legitimate interests, you may object to processing at any time (Art. 21 GDPR).

  • Withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, please contact us via the details on our Contact page.

If you believe that the processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with the Austrian Data Protection Authority: Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna — dsb.gv.at

© 2026 ZYGLOX GMBH // Next generation sensor systems
Legal Notice / T&C Data Protection Policy Contact AGB