The privacy policy of Manaxo Inc., 693 5th Ave Fl 11, New York, NY 10022, United States (hereinafter referred to as the “Provider” or “Manaxo”), applies to all individuals whose personal data is processed by Manaxo. This includes customers who have contracted services with the Provider, their employees, website visitors, and other individuals interacting with our services. The privacy policy may also apply to other contractual partners on a contractual basis.

The Provider is responsible for handling personal information with care and diligence and ensures compliance with U.S. federal and state data privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as well as international data protection regulations, including the General Data Protection Regulation (GDPR) of the European Union for customers within the European Economic Area (EEA). For customers in Switzerland, the Provider complies with the Swiss Data Protection Act (FADP) and its associated ordinances. Where applicable, Manaxo also follows industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for health-related data, and the Children’s Online Privacy Protection Act (COPPA) for personal information collected from children under the age of 13.

Customers may withdraw their consent to this privacy policy at any time with future effect. However, certain legal obligations may require continued processing of specific personal data even after consent is withdrawn.

1. Contact Information

The data controller responsible for processing personal data is:

 Manaxo Inc.
693 5th Ave Fl 11
New York, NY 10022
United States

For questions regarding data protection, the Data Protection Officer (DPO) can be reached at support@manaxo.com.

For California residents, additional rights and disclosures regarding personal data under CCPA and CPRA, as well as for EU residents under GDPR, are outlined in Section 13 of this Privacy Policy.

2. Legal Basis

Data processing by the Provider is subject to applicable legal provisions in the regions in which we operate.

For customers within the United States, data processing is conducted in compliance with federal and state laws, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Children’s Online Privacy Protection Act (COPPA), and Health Insurance Portability and Accountability Act (HIPAA) where applicable. If state-specific privacy laws impose additional obligations, Manaxo will adhere to such requirements to ensure compliance across different jurisdictions. Additional provisions for customers within the US can be found in Section 13 of this privacy policy

For customers within the European Union and European Economic Area (EEA), the processing of personal data is subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The legal basis for processing personal data under GDPR includes the necessity for contract performance, compliance with legal obligations, protection of vital interests, legitimate interests pursued by the Provider, and, where required, explicit consent. Additional provisions for customers within the EU can be found in Section 13 of this privacy policy.

For customers located in Switzerland, the processing of personal data is governed by Swiss law, specifically the Federal Act on Data Protection (FADP, SR 235.1) and the associated Ordinance on Data Protection (SR 235.11). The General Data Protection Regulation (GDPR) does not apply to data processing in Switzerland unless expressly stated in this privacy policy or where it is mandatorily applicable to Swiss customers under specific circumstances.

The Provider may update this privacy policy to reflect changes in legal requirements, and customers will be notified of any material changes where required by law.

3. Collection of Personal Data When Visiting Our Website (Without Login)

When visiting the website outside the protected login area, general technical visitor information is automatically recorded for security, analytics, and service improvement purposes. This includes the IP address of the device used, which is anonymized where required by law to ensure that it can no longer be directly associated with the customer. Google Analytics is used to collect data related to browser type, internet service provider, and operating system, and utilizes the “anonymizeIp()” method to enhance user privacy where applicable.

Users can manage their tracking preferences through browser settings or opt out of analytics tracking where legally required. The Provider offers a cookie consent banner in jurisdictions where explicit user consent is required for cookies and tracking technologies. More details on cookies, tracking technologies, and opt-out options can be found in Section 7 of this privacy policy.

Using the Manaxo Cloud Software (With Login)

During trial access and paid use of the Manaxo software in the login area, all customer data entered or transmitted during the registration and usage process is securely stored in accordance with applicable privacy laws. This includes, but is not limited to, data collected during registration, placing orders, filling out online forms, participating in surveys or competitions, and communicating with the Provider via social media, blogs, or other interactive media.

Personal data such as name, address, email address, and necessary settings for the respective service are generally collected. The Provider employs encryption, access controls, and other security measures to protect personal data from unauthorized access, disclosure, or alteration. More information about data processing and its purposes can be found in the data processing agreement (DPA). By providing their data, the customer consents to the processing, use, and disclosure of personal data for the purposes described in this privacy policy, unless another legal basis for processing applies under applicable privacy laws.

Data Sharing with Third Parties / Processors

The customer may share their data with third parties, such as their personal trustee, either directly or through the Provider’s trustee affiliate program. By granting access rights, the customer agrees that the Provider may make all customer data available to authorized third parties (e.g., trustees) or grant them access as necessary. The customer always retains full control over the third party’s access rights to their data and can modify, restrict, or revoke access at any time.

Additionally, the Provider offers the option for third parties (such as trustees) to open a Manaxo account as a customer, where they can manage access rights and permissions independently. The Provider reserves the right to disclose certain data to authorized third parties in specific cases where legally required, where disclosure is necessary for service provision, or where it is in the legitimate interests of the Provider and does not override the customer’s rights.

For customers subject to GDPR or CCPA, the Provider does not sell personal data to third parties for marketing purposes. Any sharing of personal data with third-party service providers is conducted strictly for the purpose of providing, improving, or securing the Provider’s services, and such providers are contractually bound to confidentiality and data protection obligations.

Further details regarding third-party data transfers can be found in Section 7 of this privacy policy.

Payroll Accounting

When using the Provider’s optional payroll accounting software, the customer’s employees’ personal data is transmitted to the Provider for payroll processing purposes. The Provider ensures that this data is handled with due care and in compliance with applicable laws, adhering to strict security protocols.

The customer is responsible for obtaining the necessary employee consent before transmitting their data and acknowledges that they bear sole responsibility for informing employees about the collection, processing, and disclosure of their data by the Provider in accordance with this privacy policy. The Provider provides security measures to protect payroll data but does not assume responsibility for the customer’s internal compliance with employee privacy regulations.

If any employee does not consent to the intended data processing, it is the customer’s responsibility to delete the relevant employee data from the Manaxo cloud system and ensure compliance with applicable employment and privacy laws.

Third-Party Add-ons / Custom Add-ons

The Provider offers the customer an interface (“API”) to integrate third-party software into the Manaxo software. This allows the customer to integrate various additional packages or offers from third parties (“Add-ons”) into the Manaxo software. The customer can order these add-ons from the Provider’s app marketplace. Additionally, the customer may authorize other third parties to use the interface of their Manaxo account.

Unless otherwise agreed, a contractual relationship for the use of add-ons arises exclusively between the customer and the third-party provider. If access rights are required for the use of an add-on, the customer explicitly agrees to grant all necessary access rights by ordering or integrating the add-on. The Provider is then authorized to provide all necessary customer data for the use of the add-on or grant access to it. However, the customer always retains full control over the third party’s access rights to their data and can modify, restrict, or revoke access at any time.

The Provider does not assume responsibility for how third-party providers process customer data and encourages customers to review the privacy policies of third-party providers before integrating add-ons. By using the Manaxo platform, customers acknowledge and agree that data may be exchanged between the Provider and the third party when using other add-ons.

Further details regarding third-party data transfers can be found in Section 7 of this privacy policy.

Consulting Services for Third Parties

The Provider offers customers consulting services from third parties. To verify customers’ eligibility and provide the necessary contact details to third-party providers, the following data is shared with the third-party provider: name/company name, address (street, postal code, city, address additions), contracts concluded between the Provider and customers, phone numbers, and email addresses. The privacy policy of the respective third-party provider in its current version applies.

More Partner Functions

When using additional optional partner functions of the Provider or connecting a Manaxo account with a partner, data is exchanged between the Provider and the corresponding partner. The Provider ensures that any data transfers follow applicable privacy laws and are limited to what is necessary to provide the requested service. Customers should review the privacy policy of the respective partner for details on how their data is processed.

4. Data Security

The Provider takes technical and organizational security measures according to recognized market standards to protect stored personal data against accidental, unlawful, or unauthorized manipulation, deletion, alteration, access, disclosure, use, or partial or complete loss. The Provider’s servers are located in the United States. In some cases, services may be processed through servers in other countries with an adequate level of data protection, ensuring that the provisions of the Swiss Data Protection Act (DSG), the General Data Protection Regulation (GDPR), and applicable U.S. data protection laws are fully complied with at all times.

The connection to the servers is secured through SSL/TLS encryption. The Provider regularly performs data backups to prevent data loss and, in extreme cases (e.g., destruction of a data center due to a natural disaster), ensures that encrypted backups are stored across multiple secure data centers in the United States and other jurisdictions that meet applicable data protection standards. The Provider continuously evaluates and improves security measures in accordance with industry best practices and the latest technological developments.

Despite these security measures, the Provider cannot guarantee the absolute security of data transmission over the internet. Customers acknowledge that there is an inherent risk of third-party access when transmitting data, particularly via email communications. To enhance account security, the Provider offers two-factor authentication (2FA), which can be enabled upon the customer’s express request.

The Provider assumes no liability for data loss, unauthorized access, or misuse by third parties unless caused by gross negligence or intentional misconduct on the part of the Provider. Customers are responsible for protecting their access credentials and ensuring their own security practices align with the sensitivity of the data they handle within the Provider’s services.

5. Purposes of Data Processing / Data Recipients

The Provider processes personal data to enhance and continuously improve its products and services, manage access to applications, maintain business relationships with customers, monitor and optimize service performance, detect and prevent illegal activities, and provide customers with relevant offers, information, and marketing materials about potentially interesting products or services.

For these purposes, personal data may also be shared with partner companies, service providers, selected third parties, institutions, and/or legally authorized government agencies in the United States, Switzerland, the European Union, and other jurisdictions where the Provider operates. The Provider ensures that all data transfers comply with applicable data protection laws, including the Swiss Data Protection Act (DSG), the General Data Protection Regulation (GDPR), and U.S. federal and state data protection laws (such as the California Consumer Privacy Act (CCPA) for California residents).

If personal data is processed or stored in countries that do not offer an adequate level of data protection under Swiss, EU, or U.S. privacy laws, the Provider contractually ensures that its third-party processors comply with the necessary safeguards, including EU Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and legally recognized international data transfer mechanisms.

The Provider engages data protection-compliant service providers for various processes and services, particularly in the areas of IT services, payment transactions, printing services, billing, debt collection, consulting, sales, and marketing. These service providers operate within the United States and other jurisdictions that meet the required legal and security standards.

The Provider does not sell personal data to third parties for marketing purposes. Where legally required, customers are provided with the option to opt out of certain types of data processing.

6. Processing Your Data

We process your data when you use our services, engage with us, or contact us in any other way.

In general, we process your data for the following purposes:

• To fulfill and process obligations arising from a contract or legal requirements.

• To notify you about updates or changes to our services, events, terms of service, privacy policies, and guidelines related to advertising opportunities on our platforms.

• To verify your access authorization and manage your user account (if applicable).

• To prevent fraud, misuse, and security risks.

• To maintain and develop customer relationships.

• To tailor and improve our services to your needs.

• To analyze user behavior to optimize our offerings.

Below, we have outlined the specific types of data processed within the scope of our services.

6.1 Access to Our Services

When you use our services without providing additional information, general technical visit data is automatically collected and stored in log files. This technical information includes the IP address of the device used, browser type, internet service provider, operating system, accessed services, referring and exit pages, as well as the duration and time of access.

To ensure connection stability, system security, fraud prevention, and service analytics, we may collect general demographic data for internal statistical purposes. This data is not personally identifiable unless it is linked to a registered account or specific user action. If you have a registered user account or use specific guest functions (e.g., contact forms), this automatically collected technical information may be combined with personal data to optimize our services, enhance user experience, and improve our digital platforms.

Messages sent via our portal’s communication functions (e.g., to third parties such as advertisers) may be stored by us, including their content, to facilitate communication tracking and prevent misuse. If you use free services on our platform, any personal data provided (such as an email address or phone number) may be used for internal analysis and service improvements in compliance with applicable data protection laws.

Where personal data is processed as part of website access or user behavior analysis, this is done based on our legitimate interest in ensuring system security, stability, and service optimization, in accordance with applicable data protection laws.

6.2 Creating a User Account

To create a user account, we collect and store the following data: first name, last name, email address, and password. This information is treated confidentially and used exclusively for account creation, authentication, and user account management. You may modify or delete your personal data at any time through your user account settings.

By registering, you confirm that the information provided is accurate and agree to our terms of service and privacy policy.

In addition to mandatory account details, you may voluntarily provide and store additional personal information in your account. Your data is processed for account management, contract execution, and service billing (if applicable) in compliance with data protection laws.

6.3 Services

When using our services as a registered user, we collect statistical data to ensure platform functionality, analyze engagement, and improve service quality. This data includes the use of digital services, engagement with platform features, and interaction with advertisements or other content.

Our goal is to enhance, optimize, and improve our services while ensuring compliance with legitimate interest provisions under applicable data protection laws.

Certain aggregated or anonymized statistical data may be visible to other registered users only in non-identifiable forms to maintain user privacy.

6.4 Paid Services

To purchase or access a paid service, you may be required to provide personal details such as your first name, last name, postal address, and payment information. This information is collected and processed strictly for contract execution and billing purposes in compliance with applicable data protection laws.

If you choose an online payment method (such as credit card, Stripe, or PayPal), your payment will be processed through the respective payment service provider. Personal and payment data are handled directly by the payment processor, and we do not store or have access to your payment details. The privacy policies of the respective payment provider apply.

We may retain transaction data in your user account for future purchases, service continuity, and legal compliance. The collected data may be used for service improvement, internal analysis, and statistical purposes, but will not be shared with third parties for marketing purposes.

6.5 Contact via Chat or Contact Form

When you contact our customer support team, we may process your contact details (e.g., title, first name, last name, phone number, email, or postal address) and the content of your inquiry to respond appropriately and handle your request.

If you have given consent, customer service consultations may be recorded for training and quality assurance purposes.

If you fill out a contact form or use a chat feature on our website, the personal data you enter (such as name, phone number, email, or postal address) will be processed to provide relevant information and resolve your inquiry in compliance with legitimate interest provisions under applicable data protection laws.

6.6 Sweepstakes or Contests

If you voluntarily participate in our sweepstakes or contests, we process the personal data you provide (such as name, email, and postal address) for event organization, winner notification, and public announcements where applicable.

Your data may be shared with third-party organizers or evaluation partners if a third party is responsible for managing the event. If a sweepstake or contest is conducted in collaboration with a third party via our services, the third party’s privacy policy applies.

6.7 User Surveys

If you voluntarily participate in user surveys, we may collect your name, contact details, and responses. This information is used exclusively to improve our services and enhance user experience, in line with our legitimate interest in service improvement under applicable data protection laws.

Survey results are aggregated and anonymized before analysis to ensure individual privacy.

6.8 Analytics and Marketing

We prioritize data protection and confidentiality in our analytics and marketing efforts. Customer data is treated with strict confidentiality and is never sold to third parties.

We do not use customer data for direct marketing unless explicit consent has been given. Data processing for analytics is strictly used for internal purposes to improve user experience, service offerings, and platform performance.

6.9 Fraud Prevention and Legal Disputes

We may process your data to protect against fraud, unauthorized activities, and legal disputes. This processing is conducted based on legitimate interest provisions under applicable data protection laws to safeguard our company and enforce claims in cases of fraud or litigation.

Furthermore, we may process your data to comply with legal obligations, including tax, financial, or regulatory requirements as mandated by applicable data protection laws.

7. Cookies

Cookies help make the visit to the provider’s website easier, more pleasant, and more meaningful. These are information files that are automatically stored by the web browser on the customer’s computer hard drive when the customer visits the provider’s website and uses services. The customer has the option to manage their browser’s security settings, thereby blocking or deactivating cookies. However, this may mean that certain services from the provider may no longer be fully usable.

Tracking and Analytics Tools / Social Media

To measure and evaluate the use of the provider’s digital offerings, various technical systems are used, primarily from third-party providers such as Google Analytics. These measurements can be carried out anonymously or personally. It is possible that the collected data may be passed on by the provider or the third-party providers of such technical systems to third parties in the United States and other countries. The most well-known and commonly used analytics tool is Google Analytics, a service provided by Google Inc. The collected data can usually be transferred to a Google server in the USA or to another location determined by Google and stored there.

The provider’s website uses Google Analytics, a web analytics service of Google Inc. based in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043). Google Analytics uses cookies, text files that are stored on the customer’s computer and allow an analysis of the use of the website. The information generated by the cookies about the use of the website (including the IP address, which is anonymized by Google before storage) is transmitted to a Google server in the USA or another location determined by Google and stored there. Google will use this information to evaluate the use of the website, compile reports on website activities for the provider, and provide other services related to website activity and internet usage. Google may also pass this information on to third parties if required by law or if third parties process the information on Google’s behalf. Google will never associate the IP address with other data.

The provider’s website also uses the “demographics” feature of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of customers. This data comes from Google’s interest-based advertising and third-party visitor data. They cannot be assigned to a specific person. Customers can deactivate this feature via the ad settings in their Google account or generally prohibit the collection of their data by Google Analytics. Further information can be found in Google’s privacy policy.

If the customer does not want their website activity to be tracked by Google Analytics, they can install the browser add-on to deactivate Google Analytics. This prevents activity data from being shared with Google Analytics via the JavaScript running on websites (ga.js, analytics.js, and dc.js). The use of the add-on does not affect the analysis of data by other tools of the website operator. Data can still be sent to the website or other web analytics services.

Finally, the provider collects certain information via server log files on their website, which are automatically transmitted by the customer’s internet browser. This information includes the user agent (browser type and version, operating system used), HTTP header data (referrer URL, IP address of the accessing computer), time of the server request, and login status. These server log files are used exclusively for error analysis along with other data sources.

Data Collection and Analysis for Advertising Purposes

The provider’s website uses Google Analytics Remarketing functions in combination with the cross-device capabilities of Google AdWords and Google DoubleClick. The provider is Google Inc., based at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

This function allows the advertising target groups created by Google Analytics Remarketing to be linked with the cross-device capabilities of Google AdWords and Google DoubleClick. This allows interest-based, personalized advertising messages that were tailored based on the customer’s previous usage and browsing behavior on one device (e.g., mobile phone) to also be displayed on another of their devices (e.g., tablet or PC).

If the customer has given Google the corresponding consent, Google will link the customer’s web and app browsing history with their Google account to support this function. This enables the same personalized advertising messages to be displayed on any device where the customer is logged into their Google account.

To support this function, Google Analytics collects authenticated user IDs, which are temporarily linked with the provider’s data to define and create cross-device advertising target groups.

The customer can permanently opt out of cross-device remarketing by disabling personalized advertising in their Google account:
🔗 Google Ad Settings

Further information can be found in Google’s privacy policy:
🔗 Google Privacy Policy

The provider’s website also uses the Google AdWords online advertising program. As part of Google AdWords, the provider uses conversion tracking. When the customer clicks on an ad placed by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification. If the customer visits the provider’s website and the cookie has not yet expired, Google and the provider can recognize that the customer clicked on the ad and was redirected to this page.

Google only provides the provider with the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, the provider does not receive any information that could personally identify the customer.

The customer can prevent the storage of cookies by adjusting their browser settings. However, this may limit the full functionality of the website. The customer also has the option to prevent tracking by deactivating the Google conversion tracking cookie through the user settings of their internet browser.

Further information can be found in Google’s privacy policy:
🔗 Google Privacy Policy

The provider’s website also uses the Facebook visitor action pixel, a tool provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). The Facebook pixel allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad.

Users can opt out of Facebook remarketing by disabling the “Custom Audiences” remarketing feature in their Facebook Ad Settings:
🔗 Facebook Ad Settings

Further information can be found in Facebook’s privacy policy:
🔗 Facebook Privacy Policy

Integration of Third-Party Offers / Social Media

The provider’s digital offerings are often linked with third-party platforms, including social media plugins such as Facebook, Twitter, and YouTube. These third parties may track and collect user activity on the provider’s website if the user has a linked account with them.

Users are encouraged to review the privacy policies of these third parties before using social media features:
🔗 Facebook Privacy Policy
🔗 Twitter Privacy Policy
🔗 YouTube Privacy Policy

Other Tools

The provider’s website integrates the Google Maps service through an API. This service is offered by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. When customers use the functions of Google Maps, their IP address is collected by Google and is usually transferred to a Google server in the United States. The provider has no influence over this data transfer.

For detailed information, please refer to Google’s privacy policy, available at the following link:
🔗 Google Privacy Policy

The provider’s website benefits from the integration of Google Maps by offering customers a high-quality and user-friendly mapping function. The provider has chosen to use the Google Maps API, a widely used mapping and navigation service offered by Google.

When customers use Google Maps features, Google collects their IP addresses. Typically, this data is stored and transmitted to a Google Inc. server in the United States. The provider does not have direct control over this data transfer. Data transfers to third countries, including the United States, may pose certain risks to data protection and integrity. However, Google has implemented security measures to ensure compliance with applicable data protection standards.

For more detailed information on how Google handles personal data, as well as its data transfer policies, please refer to Google’s privacy policy, available at:
🔗 Google Privacy Policy

Data protection and security are a priority for the provider. Accordingly, the provider has chosen a trusted service partner like Google, which adheres to high security and data protection standards.The provider recommends that customers carefully review Google’s privacy policy to gain a clear understanding of how their data is handled. 

The provider does not control Google’s data processing practices and assumes no liability for how Google or other third-party services handle personal data. Customers should review the privacy policies of third-party services before using their features.

8. Profiling / Automated Decisions

Profiling refers to the automated process of analyzing or predicting certain personal aspects or behaviors based on relevant information. This allows for more personalized customer service and tailored offers to better meet individual needs.

“Automated individual decisions” are decisions made entirely automatically, without human involvement, and which can have legal or similarly significant impacts on the customer. Generally, the provider does not make automated individual decisions. If such decisions do occur in specific cases, the customer will be separately informed and will have the option to request manual review by a provider employee.

For U.S. customers, any automated decision-making that falls under consumer protection laws such as the CCPA will be subject to explicit disclosure requirements, and customers will have the right to opt out where applicable.

9. Communication via Email and/or Newsletter

To subscribe to the newsletter, the provider requires the customer’s email address and additional verification information to confirm ownership of the email address and consent to receive the newsletter (Double Opt-In procedure).

Through the newsletter, customers regularly receive recommendations and offers that may be of interest. For this purpose, personal data related to customer interactions with the website, the Manaxo software, and newsletter engagement (such as opening the email, clicking on links) may be collected and analyzed for statistical purposes. This data helps improve content relevance and personalization.

The processing of personal data for newsletters is based on customer consent, which can be withdrawn at any time by clicking the “unsubscribe” link in the newsletter.

The provider retains customer personal data related to newsletter subscriptions until the customer unsubscribes. However, certain aggregated statistical data related to newsletter analytics may be retained for internal business purposes, in compliance with applicable data protection laws.

For U.S. customers, email communication and marketing practices comply with the CAN-SPAM Act, ensuring that customers can opt out of marketing emails at any time.

10. Duration of Storage of Personal Data

The provider stores and processes personal data for as long as the customer uses the service. It is important to note that the contractual relationship between the provider and the customer is generally intended to be long-term.

After termination of the contractual relationship, the provider is not obligated to retain the customer’s data unless legally required. Data that is no longer needed is regularly deleted.

However, certain data may still be retained due to legal requirements, regulatory obligations, or internal business purposes, such as:

• Compliance with tax and financial regulations

• Retention obligations under commercial law

• Fraud prevention and dispute resolution

The retention of certain data for compliance purposes will follow U.S. (CCPA, CPRA), EU (GDPR), and Swiss (DSG) data retention requirements.

11. Links to External Websites

The provider’s website contains links to third-party websites that are not under the provider’s control or responsibility. The provider assumes no liability for the content, data processing practices, or privacy policies of these external websites.

Customers are encouraged to review the privacy policies of any third-party websites they visit to understand how their data is collected, processed, and stored.

Under U.S. law (CCPA/CPRA), users should be aware that third-party websites may collect personal information independently and that those third parties are responsible for their own compliance with data protection laws.

12. Information, Correction, Deletion, Blocking, Consent

For U.S. Customers (CCPA, CPRA):

Customers have the following rights under California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Customers can request access to what personal data is collected, used, or shared.

• Right to Delete: Customers can request the deletion of personal data, except where retention is required by law.

• Right to Opt-Out: Customers can opt out of the sale or sharing of their personal information (if applicable).

• Right to Limit Use of Sensitive Personal Data: Customers can restrict the use of sensitive personal information, such as precise location or financial data.

Requests can be submitted to support@manaxo.com, and the provider will respond within the legally required timeframe.

For EU and Swiss Customers (GDPR, DSG):

Customers have the following rights under GDPR and Swiss DSG:

• Right to Deletion (Art. 17 GDPR) – Request the erasure of personal data under specific conditions.

• Right to Correction (Art. 16 GDPR) – Request correction of inaccurate personal data.

• Right to Access (Art. 15 GDPR, Art. 8 DSG) – Request a copy of stored personal data.

• Right to Object (Art. 21 GDPR) – Object to certain types of data processing, including marketing.

• Right to Restriction (Art. 18 GDPR) – Request limited processing under certain conditions.

• Right to Data Portability (Art. 20 GDPR) – Receive data in a structured, machine-readable format.

Customers can withdraw consent at any time without affecting the lawfulness of previous data processing. Withdrawal requests can be submitted in writing or via email to support@manaxo.com. However, withdrawing consent may limit access to certain services or functionalities.

13. Additional Provisions for U.S. and EU Customers

These provisions apply to customers from the United States and the European Union and outline additional rights and disclosures under applicable U.S. (CCPA/CPRA) and EU (GDPR) regulations.

For U.S. Customers (California Residents – CCPA/CPRA Compliance)

These provisions apply exclusively to California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of Personal Data Collected

In the past 12 months, Manaxo has collected the following categories of personal information as defined under CCPA/CPRA:

• Identifiers (e.g., name, email, phone number).

• Commercial information (e.g., transaction history, purchases).

• Internet activity (e.g., browsing behavior on our website).

• Geolocation data (if the user consents to location-based services).

• Professional or employment-related information (if applicable).

Manaxo does not sell personal data for monetary gain, but it may share data with service providers as necessary for business operations and service improvements.

California Consumer Rights

Under CCPA/CPRA, California residents have the following rights:

• Right to Know: Customers may request access to the personal data collected, used, or shared about them.

• Right to Delete: Customers may request deletion of their personal data, except where retention is legally required.

• Right to Opt-Out: Customers may opt out of the sale or sharing of personal information (if applicable).

• Right to Correct: Customers may request corrections to inaccurate personal information.

• Right to Limit Use of Sensitive Personal Information: Customers may restrict the processing of sensitive data, such as precise geolocation or financial data.

To exercise these rights, California residents may contact support@manaxo.com. Requests will be processed within the legally required timeframe.

Non-Discrimination Clause

Manaxo will not discriminate against any California resident for exercising their CCPA/CPRA rights. This means Manaxo will not deny services, charge different prices, or reduce service quality based on privacy preferences.

For EU Customers (GDPR Compliance)

These provisions apply exclusively to customers from the European Union and do not apply to customers from the United States or Switzerland.

Legal Grounds for Data Processing

Processing for the mentioned purposes is based on applicable U.S., EU, and Swiss laws.

For EU customers, data processing follows the General Data Protection Regulation (GDPR) to fulfill contractual obligations. The contract includes the services mentioned above.

Data processing to protect legitimate interests is carried out to:

• Improve products and services.

• Monitor and enhance performance.

• Detect, prevent, or investigate illegal activities.

Data processing to fulfill legal obligations (GDPR, Art. 6(1)(c)) includes processing of master data.

If an EU customer believes that their data processing is not covered by the stated legal grounds, they may request that their personal data not be processed for certain purposes (Opt-Out).

Such an Opt-Out does not affect continued use of the provider’s services unless the service necessarily requires corresponding data processing.

The customer may send an Opt-Out request in writing to the address provided in this document or via email to support@manaxo.com.

Right to Complain to a Supervisory Authority

If a customer believes that their personal data is being processed in violation of applicable laws, they have the right to lodge a complaint with a competent supervisory authority.

For U.S. customers, complaints may be filed with the California Privacy Protection Agency (CPPA) under CCPA/CPRA regulations. More information is available at:
🔗 California Privacy Protection Agency

For EU customers, complaints may be filed under Article 77 GDPR with their country’s data protection authority. Before filing a formal complaint, customers are encouraged to contact the provider at support@manaxo.com to resolve concerns.

14. Security Measures

14.1. Security of Personal Data

Manaxo provides security measures to prevent loss, misuse, or alteration of information and personal data. These measures include:

• Data encryption during transmission and storage.

• Restricted access to personal data through authentication controls.

• Regular security testing and updates to maintain protection standards.

14.2. Data Transmission Risks

The customer is aware that data transmissions over the internet are not fully secure. Once Manaxo has received the transmitted information, it is secured appropriately within Manaxo’s systems. However, external cyber threats and unauthorized access cannot always be completely prevented.

For any security-related concerns, customers may contact security@manaxo.com.

15. Privacy Policy Updates

Manaxo reserves the right to adjust this privacy policy at any time within the scope of legal requirements. If updates significantly impact customer rights, Manaxo will notify customers via:

• Email notifications (if subscribed).

• A notice on the Manaxo website.

Continued use of Manaxo’s services after an update indicates acceptance of the revised privacy policy. If required by law, explicit consent will be obtained before applying changes to personal data.

16. Disclaimer

The contents available on this website are for informational purposes only and do not constitute legal advice.

Any liability for potential damages arising from the use of the website or the available information is excluded. In particular, the provider does not assume liability for the timeliness, completeness, and accuracy of the contents.

Right to Complain to a Supervisory Authority

If the customer believes that their personal data is being processed in violation of applicable laws, they have the right to lodge a complaint with a competent supervisory authority.

For U.S. customers, complaints may be filed with the California Privacy Protection Agency (CPPA) under CCPA/CPRA regulations. More information is available at:
🔗 California Privacy Protection Agency

For EU customers, complaints may be filed under Article 77 GDPR with their country’s data protection authority. Before filing a formal complaint, customers are encouraged to contact the provider at support@manaxo.com to resolve concerns.

Last Updated: March 20, 2025

General Terms of Use for Licensees for Communication via the Manaxo Platform

1. User Account

Registration for a user account to communicate with licensees occurs through the Manaxo platform. For this purpose, the user needs their email account and possibly also their mobile phone to utilize two-factor authentication.

The user is expected to provide complete and accurate information during registration and other usage actions, keep their account information up to date, and correct any errors immediately. By registering, the user confirms their legal capacity or that they are acting with the consent of a legal representative.

After confirming the email address, the user is registered, and the user account is created.

2. Rights and Responsibilities of the User

2.1. Authentication Tools

The user is responsible for carefully and securely maintaining their authentication tools (e.g., username, password, code, mobile phone, etc.) to prevent unauthorized access to their account. Specifically, these authentication tools must not be shared with third parties. If the user grants access to their account to third parties, they are responsible for the actions of those third parties.

After successful authentication, the user remains logged into their Manaxo account until they manually log out or the online service automatically logs them out after a period of inactivity.

The Manaxo platform provides the user with a digital signature for communication with licensees. By using the digital signature, the user acknowledges the legal implications equivalent to a handwritten signature.

2.2. User Systems

The user is responsible for their internet access and the necessary hardware and/or software components (including configuration). They must ensure that their systems are adequately protected against malware (viruses, malware, etc.) and unauthorized access.

The user must ensure that the devices and systems they use for login and for accessing the online services available on the Manaxo platform are protected from unauthorized access and manipulation.

2.3. Reporting Obligation

If the user has reason to believe that third parties know their authentication credentials or have access to their user account or the online services available via the Manaxo platform, they must immediately report this to the licensee and promptly change their password.

2.4. Place of Performance and Receipt of Communications

The user’s electronic mailbox within the Manaxo platform is considered the place of performance for the electronic delivery of correspondence, invoices, etc. However, the licensee is entitled to deliver correspondence by other means (e.g., in paper form or by email) at any time, without providing reasons.

Electronic communications from the licensee sent via the Manaxo platform are considered duly delivered on the day they are made available on the Manaxo platform. The deadlines for each communication, including complaint and payment deadlines, commence upon receipt of each message.

3. Rights and Responsibilities of the Licensee

3.1. Security

The licensee protects their infrastructure and user data with appropriate measures and treats entrusted data confidentially. The infrastructure relevant to Manaxo (e.g., architecture, network, systems) and processes are regularly reviewed both internally and externally; any deficiencies are promptly addressed.

3.2. Availability

The licensee is committed to ensuring continuous availability of services through the Manaxo platform. However, neither the licensee nor Manaxo guarantees uninterrupted availability of their services or functions and assumes no responsibility for the availability or uninterrupted operation of the Manaxo platform. Likewise, the licensee cannot guarantee unlimited operational readiness of the internet or the timely transmission of data via email, SMS, etc.

Interruptions for troubleshooting, maintenance windows, introduction of new technologies, etc., will be kept as brief as possible by the licensee and Manaxo, and, whenever possible, scheduled during low-traffic periods.

3.3. Recording and Retention of Documents

In accordance with legal requirements, the user is responsible for the content, recording, and retention of electronic documents. The user acknowledges that each document is available in their electronic mailbox on the Manaxo platform for 5 years from the date of receipt and is no longer available after this period.

3.4. Transition to Analog Correspondence

The user may request that documents be sent exclusively in paper form at any time. The user acknowledges that documents already delivered via the Manaxo platform are considered delivered. Additional requests for paper or electronic documents will incur charges. The licensee is entitled to invoice all services ordered by the user based on actual costs.

3.5. Access Suspension

The licensee is entitled to suspend the user’s access to the Manaxo platform without prior notice and without any cost consequences if the user violates these General Terms and Conditions, there is suspicion of misuse, or the security of the system is or could be compromised. To lift the suspension, the user may contact the licensee and must verify their identity. The licensee may take further measures to prevent misuse.

3.6. Involvement of Third Parties

The user expressly agrees that the licensee may involve third parties to provide its services and that user data may be shared with such third parties as necessary for service provision and improvement. The third party may process the user data solely on behalf of and according to the instructions of the licensee.

4. Intellectual Property

Termination of the contract with the licensee results in the simultaneous termination of the right to use the user account and functions on the Manaxo platform. The user hereby authorizes the licensee to delete their user account on the Manaxo platform or to request its deletion.

Last Updated: March 20, 2025