Foxel Media GmbH

Privacy Policy

1. Data protection at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data means all data that can be used to identify you personally. Detailed information can be found in the sections of this privacy policy below.

Data collection on this website

Who is responsible?

The party named in Section 3.2 is responsible (hereinafter “we”).

How do we collect your data?

Some data is collected when you provide it to us (e.g., via a contact form or by email). Other data is collected automatically by our IT systems when you visit the website (e.g., IP address, browser, operating system, time).

What do we use your data for?

To technically provide and secure the website, to deliver content via a Content Delivery Network (CDN), to display externally embedded videos, and to process your inquiries. The respective legal bases are stated in the relevant sections below.

What rights do you have?

You have, among other things, rights of access, rectification, erasure, restriction of processing, data portability, as well as the right to object to processing based on Art. 6(1)(e) or (f) GDPR. You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with a supervisory authority.

2. Hosting & Infrastructure

2.1 External hosting

This website is hosted by an external service provider (host). Personal data collected on this website is processed on the host’s servers (e.g., IP addresses, metadata/communication data, website access, request content). The host is used to fulfil contracts (Art. 6(1)(b) GDPR) and on the basis of our legitimate interest in secure, fast and efficient provision (Art. 6(1)(f) GDPR).

Hosting provider: dogado GmbH Antonio-Segni-Straße 11, 44263 Dortmund, Germany

2.2 Content Delivery Network (CDN) – bunny.net

To deliver content faster and with high availability, we use the CDN by bunny.net (BunnyWay d.o.o., Slovenia/EU). Technically, your browser’s requests are routed through the CDN; your IP address is processed, among other things. At bunny.net, IP anonymization is enabled; full IP logs are disabled. EU-only routing is enabled, so there is no transfer to third countries. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in fast, secure delivery).

Provider: BunnyWay d.o.o. (bunny.net), Dunajska cesta 165, 1000 Ljubljana, Slovenia.

2.3 Data Processing & privacy measures at bunny.net

We have concluded a Data Processing Agreement (DPA) with bunny.net pursuant to Art. 28 GDPR. bunny.net processes access requests on our behalf. IP anonymization is enabled and full IP logs are disabled. We have also enabled EU-only routing, ensuring that requests from within the EU are handled exclusively through EU locations. Further details on bunny.net’s privacy measures and sub-processors are available in bunny.net’s official documentation. The legal basis remains Art. 6(1)(f) GDPR (legitimate interest in fast and secure delivery).

3. General information and mandatory disclosures

3.1 Data protection

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Please note that data transmission over the Internet (e.g., email communication) may have security vulnerabilities.

3.2 Controller

The controller responsible for data processing on this website is: Foxel Media GmbH Oehrenstöcker Chaussee 21, 98693 Ilmenau, Germany

Phone:

E-Mail: info@foxel.media

3.3 Storage period

Unless a more specific storage period is specified in this privacy policy, personal data remains with us until the purpose of processing ceases to apply. Statutory retention obligations remain unaffected.

3.4 Legal bases for processing

Depending on the process, we process data on the basis of Art. 6(1)(a) (consent), (b) (contract/pre-contract), (c) (legal obligation) or (f) (legitimate interest) GDPR. Access to terminal devices (e.g., Local/Session Storage) – unless strictly necessary – takes place only on the basis of your consent pursuant to Section 25(1) TDDDG.

3.5 Note on data transfers to third countries

If we use services that involve transferring data to third countries, we will inform you in the respective section and implement appropriate safeguards (e.g., EU Standard Contractual Clauses) where required.

3.6 Withdrawal of consent / Right to object

You can withdraw your consent at any time with effect for the future. You also have the right, on grounds relating to your particular situation, to object to processing based on Art. 6(1)(e) or (f) GDPR.

3.7 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

3.8 Objection to direct marketing (Art. 21(2) GDPR)

Where personal data is processed for direct marketing purposes, you have the right to object at any time; this also applies to profiling to the extent it is related to such direct marketing. We do not currently engage in direct marketing.

3.9 Obligation to provide data and consequences of non-provision

Providing certain information is necessary to process your inquiries (e.g., contact details and your request). Without this information, we may be unable to handle your request. There is no obligation to provide data for mere informational use of the website.

3.10 No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

3.11 Categories of recipients

In addition to the providers named in this policy (hosting/CDN/video), we may use IT service providers and technical support as needed. Processing is based on data processing agreements (Art. 28 GDPR) or legal obligations.

4. Data collection on this website

4.1 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits. In particular, these include IP address (possibly in anonymized form), date/time, requested URL, referrer URL, and user agent. Processing is carried out to ensure technical functionality, stability and security (Art. 6(1)(f) GDPR).

4.2 Cookies and comparable technologies (Local/Session Storage)

We use cookies and comparable technologies (e.g., Local/Session Storage) to provide and optimize our services. Where consent is required, the storage or access to information on your terminal device takes place on the basis of Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Technically strictly necessary access to terminal devices is permitted without consent under Section 25(2) TDDDG.

You can configure your browser to inform you about storage, allow it only in individual cases, exclude acceptance for certain cases or generally, and enable automatic deletion when closing the browser. If disabled, some functions of the website may be limited.

Where third-party technologies are used (e.g., to embed external content), we inform you in the respective section and—where required—obtain your consent beforehand.

Local storage for remembering your video choice (technically necessary)

To conveniently remember your decision to display embedded videos from bunny.net, we store a small flag in your device’s Local Storage (e.g. consent:bunny:provider). This flag contains no personal data and serves only to apply your selection on future visits (so that you do not have to confirm the overlay again). Access is technically necessary to provide the service you explicitly requested (video display).

Legal basis (device access): § 25 (2) No. 2 TDDDG (strictly necessary). If personal data is processed beyond that, this is done only with your consent under Art. 6 (1) (a) GDPR (e.g. when you load the video by clicking).

4.3 Contact (form/email/phone)

If you contact us, we process your details to handle the request and for follow-up questions. The legal basis is Art. 6(1)(b) GDPR (pre-contractual/contractual communication) or Art. 6(1)(f) GDPR (general inquiries).

4.4 Storage period for contact requests

We store information from contact requests for processing and tracking purposes. Routine deletion takes place after 12 months, unless statutory retention obligations prevent this.

5. External media: Videos via bunny.net “Bunny Stream” & 3D models via Sketchfab

We embed videos via Bunny Stream (bunny.net) and interactive 3D models via Sketchfab (sketchfab.com). For data protection reasons, we use a “click-to-load” approach: initially, only a placeholder is shown. Only when you click “Load & play video” or “Load 3D model” is a connection to the respective provider established and the player/viewer loaded.

What data is processed? Upon clicking, your IP address and technical request data are transmitted to the respective provider to deliver the content. The video player may send performance-related telemetry (e.g., error/buffering metrics). The 3D viewer may send rendering/performance telemetry (e.g., load errors, framerate/buffering); device/graphics capabilities (e.g., WebGL features) may be required for 3D rendering. In addition, comparable technologies may be used on your device (e.g., Local/Session Storage for UI elements/settings; optionally “remember playback position” for videos and camera/view settings for the 3D model). Such access to your terminal device occurs only after your click.

Protective measures at bunny.net: IP anonymization is enabled; full IP logs are disabled. EU-only routing is enabled; no transfers to third countries take place.

Notes on Sketchfab: Depending on technical delivery, there may be a transfer to third countries (e.g., the U.S.). For details (e.g., recipients and retention), please refer to Sketchfab’s privacy information.

Legal bases: Access to your terminal device is based on your consent under Section 25(1) TDDDG. For subsequent processing by us, we rely on Art. 6(1)(a) GDPR (consent). Where pure delivery occurs without storage access, we rely on Art. 6(1)(f) GDPR (legitimate interest in performant content delivery).

Controls: You can withdraw your decision at any time by disabling the embedding again (e.g., via a “block” function or by reloading the page without giving consent).

You can withdraw your consent to display bunny.net videos and Sketchfab 3D models at any time. Use the button “Reset video & 3D consents”. This will delete the local/session storage flags we set. After withdrawal, external content will be blocked again until you actively consent again. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Deletes the locally stored choices for bunny.net videos and Sketchfab 3D models. After resetting, embedded external content will be blocked again until you give consent again.

6. Data Processing Agreements (DPA)

For services where providers process personal data on our behalf (e.g., hosting, CDN), we have concluded Data Processing Agreements in accordance with Art. 28 GDPR.

We have a DPA in place with bunny.net. bunny.net also provides a sub-processor list and notifies customers of changes in accordance with Art. 28(2) GDPR. Where configured, we enable IP anonymization and EU-only routing.

Note on logs: By default, bunny.net provides anonymized IP logs. De-anonymized/full IP logging would only be available after explicit DPA acceptance and an additional setting; this is not enabled for our setup.

7. Security

This site uses TLS encryption (HTTPS). You can recognize an encrypted connection, among other things, by the padlock icon in your browser’s address bar.

8. Your rights

9. Updates and changes to this privacy policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services within the privacy policy.

Last updated: 6 October 2025