Privacy Policy

This Privacy Policy explains the nature, scope and purpose of processing personal data (hereinafter referred to as the “Data”) within our online offer and related websites, features and content, as well as external presence on the Internet, for example, our profile in social networks (hereinafter referred to as the “Online Offer”). Regarding the terminology used, for example, “Processing” or “Responsible Person”, we refer to the definitions specified in Art. 4 of the General Data Protection Regulations of the European Union (hereinafter referred to as the “GDRP”).

Responsible Persons

Convex International GmbH

265 Koelner St.

51149 Cologne



Managers: Pavel Golovenko, Siarhei Golovenko

Output Data (Link)

Types of data processed:

  • account data (for example, names, addresses),
  • contact data (for example, email, phone numbers),
  • content data (for example, text input, photos, video),
  • usage data (for example, visited websites, interest in content, access time),
  • meta/communication data (for example, device information, IP addresses).


Categories of Data Subjects

  • visitors and users of our website (hereinafter, the data subjects are referred to as the “Users”).


Purpose of Processing

  • response to contact requests and communication with users,
  • security measures,
  • reach measurement/marketing.

Used Terms

“Personal Data” means any information relating to an identified or identifiable individual (hereinafter referred to as the “Data Subject”). An individual is considered identifiable when they can be identified directly or indirectly, in particular by assigning an identifier, such as a name, identification number, location data, an online identifier (for example, cookies), or one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

“Processing” means any process performed with or without the aid of automated procedures or any sequence of such processes associated with personal data. The term goes far and includes virtually every handling of data.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable individual.

“Profiling” means any kind of automated processing of personal data that involves the use of such personal data to evaluate, analyse or predict certain personal aspects relating to an individual, in particular, aspects relating to the job, economic status, health, personal preferences, reliability, behaviour, location or movement of that individual.


“Responsible Person” is an individual or a legal entity, a state body, institution or another body that independently or jointly with others determines the purposes and means of processing personal data.

“Data Processor” means an individual or a legal entity, a state body, institution or another body that processes personal data on behalf of the responsible person.


Relevant Legal Framework

In accordance with Art. 13 of the GDPR, we inform you about the legal framework of our data processing. If the legal framework is not specified in the Privacy Policy, the following will apply: the legal basis for obtaining consent is Art. 6 (1) (a) of the GDRP, the legal basis for processing in order to render our services and fulfil contractual obligations, as well as respond to requests is Art. 6 (1) (b) of the GDRP, the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) (c) of the GDRP, as well as the legal basis for processing in order to ensure our legitimate interests is Art. 6, (1) (f) of the GDRP. If the vital interests of a data subject or another person may require the processing of personal data, Art. 6 (1) (d) of the GDRP will apply.

Security Measures

We take appropriate technical and organisational measures in accordance with Art. 32 of the GDPR, taking into account the state of the art, the implementation costs as well as the nature, scope, circumstances and purposes of processing as well as different likelihood and severity of the risk to the rights and freedom of individuals in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring data confidentiality, integrity and availability by controlling physical access to the data, as well as their related input, disclosure, availability and separation. We have also set up procedures to ensure the compliance with the data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data starting from the development or selection of hardware, software and procedures according to the principle of data protection through technology design and privacy-friendly default settings (Art. 25 of the GDRP).


Collaboration with Data Processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant access to the data, it takes place only on the basis of the legal permission (e.g. if data transmission to third parties is required by payment service providers pursuant to Art. 6 (1) (b) of the GDPR to fulfil the contract) you have consented to, or on the basis of our legitimate interests (e.g. the use of agents, webhosts, etc.).

If we contract third parties to process data on the basis of a so-called “data processing contract”, it takes place on the basis of Art. 28 of the GDPR.

Data Transmission to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure, or transmission of data to third parties, it will take place only if it is to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 ff. of the GDRP. It means that data are processed e.g. on the basis of specific guarantees, such as the officially recognised level of data protection (e.g. for the USA through the Privacy Shield) or compliance with the officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects

You are entitled to ask for confirmation as to whether the data in question are processed and for information about these data as well as for further information and a copy of the data in accordance with Art. 15 of the GDPR.

You are entitled to demand the completion or correction of the incorrect data concerning you in accordance with Art. 16 of the GDPR.

In accordance with Art. 17 of the GDPR, you are entitled to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of the relevant data in accordance with Art. 18 of the GDPR.

You are entitled to demand that the relevant data, which you have provided to us, be obtained in accordance with Art. 20 of the GDPR and request their transmission to other responsible persons.

You are entitled to file a complaint with a competent supervisory authority in accordance with Art. 77 of the GDPR.

Consent withdrawal

You are entitled to withdraw the consent given in accordance with Art. 7 (3) of the GDPR with effect for the future.


You are entitled to object to the further processing of your data at any time in accordance with Art. 21 of the GDRP. In particular, an objection may be raised against processing for direct marketing purposes.

Cookies and Right of Objection

“Cookies” are small files that are stored on users’ computers. A cookie may store various information. A cookie is primarily used to store information about a user (or the device, on which the cookie is stored) during or after visiting the online offer. Temporary cookies, or “session cookies,” are cookies that are deleted after the user leaves the online offer and closes their browser. Such a cookie stores, for example, the contents of the basket in the online store or a login status. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users use it in a few days. Similarly, the interests of users can be stored in such a cookie, which are used to study the reach or for marketing purposes. “Third-party cookies” refer to cookies that are offered by providers other than the person who manages the online offer (otherwise, if it is only their cookies, this is called “first-party cookies”).

We can use temporary and permanent cookies and clarify this in our Privacy Policy.

If users do not want cookies to be stored on their computer, they will be asked to turn off this option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may result in functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be expressed in a variety of services, especially in the case of tracking, via the US website or the EU page Furthermore, the storage of cookies can be set off by switching them off in the settings of the browser. Please note that not all functions of this online offer may be used in this case.

Google Analytics

This website uses Google Analytics web analytics service. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies that are stored on your computer and allow us to analyse your use of the website. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored under Art. 6 (1) (f) of the GDRP. The website operator has a legitimate interest in analysing user behaviour in order to optimise both their website and advertising.

Data Deletion

The data we have processed are deleted, and their processing is restricted in accordance with Art. 17 and 18 of the GDRP. If this is not explicitly stated in this Privacy Policy, the data we store will be deleted as soon as they are no longer needed for their intended purpose, and the deletion of data does not conflict with any statutory data storage requirements. If the data are not deleted, since they are necessary for other legitimate purposes, their processing will be restricted. This means that the data are blocked and not processed for other purposes. This applies, for example, to the data, which must be stored for commercial or tax reasons.

In accordance with the requirements of the German law, data are stored, in particular, for 10 years in accordance with §§ 147 (1) AO, 257 (1) (1) (4), (4) of the German Commercial Code (account ledgers, accounting, management reports, taxation documents, etc.) and for 6 years in accordance with § 257 (1) (2) (3), (4) of the German Commercial Code (commercial letters).

In accordance with the requirements of the Austrian law, data are stored, in particular, for 7 years in accordance with § 132 (1) BAO (accounting documents, receipts/invoices, receipts, business papers, statement of income and expenses, etc.) and for 22 years in case of land property related documents, and for 10 years in case of documents relating to services provided in electronic form, telecommunications, broadcasting and television services provided to non-companies in the EU, for which Mini-One-Stop-Shop (MOSS) is used.

Administration, Financial Accounting, Office Management, Contact Management

We process data in the context of the administrative tasks and organisation of our business, financial accounting and compliance with legal obligations, such as archiving. While doing so, we process the same data that we process in the course of rendering our contractual services. Principles of processing – according to Art. 6 (1) (c) of the GDRP, Art. 6 (1) (f) of the GDRP. Processing affects customers, potential customers, business partners and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office management, data archiving, i.e. tasks that serve to maintain our business, perform our duties and render our services. Data deletion in terms of contractual performance and contractual communication corresponds to the information provided in these processing activities.

We disclose or transmit data to the financial authorities, consultants such as tax accountants or auditors, and other payment agents and payment service providers.

Furthermore, relying on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. We generally store this majority of company-related data permanently.

Hosting and E-mailing

The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security, and technical maintenance services we use to operate this online offer.

While doing so, we or our hosting provider process login data, contact data, content data, contract data, usage data, metadata and communication data of customers, parties involved and visitors of this online offer based on our legitimate interest in providing this online-offer effectively and securely in accordance with Art. 6 (1) (f) of the GDRP and Art. 28 of the GDRP (conclusion of a data processing agreement).

Collection of Access Data and Log Files

Our hosting provider and we collect information based on our legitimate interests within the meaning of Art. 6 (1) (f) of the GDRP for the protection of data on each access to the server, on which this service is located (the so-called server log files). The access data include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about the successful retrieval, type and version of the browser, type of the user’s operating system, referrer URL (previously visited page), IP address and name of the requesting provider.

Information from log files is stored for security reasons (for example, to investigate abuse or fraud) for no more than 7 days and then deleted. The data, the further storage of which is required for evidential purposes, are not deleted until the final clarification of the incident.

Generated through von RA Dr. Thomas Schwenke


Signing of the Framework Agreement at the URC 2024 Conference

As part of the Ukraine Recovery Conference Berlin 2024, our company signed a framework agreement…
Show more

Convex International GmbH participated in the AGRO UKRAINE SUMMIT 2024, which took place on February 2, 2024, in Kyiv

AGRO UKRAINE SUMMIT is a forum focused on agrotechnologies, innovations, and the pursuit of effective…
Show more