LocaFox takes the protection of your personal data very seriously. The following statement provides an overview of how we ensure this protection, as well as what types of data we collect and for what purposes.
Privacy Policy
This Privacy Policy explains how we handle your personal data and outlines your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Unless otherwise stated below, LocaFox GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.
Our Privacy Policy consists of two parts. Part A provides general information about data protection at LocaFox and explains, among other things, what rights you have and where you can exercise them. Part B focuses on the various groups of data subjects and explains in detail what data we collect and process about you. In doing so, we address you in your role as:
a. Visitors to our websites;
b. Users of our point-of-sale app;
c. Customers of our online store;
d. Newsletter subscribers;
e. Social media visitors;
f. Contact persons at service providers, suppliers, and business partners;
g. Applicants.
A. General Information
1. Our contact information
If you have any questions or comments regarding this information, or if you wish to exercise your rights, please direct your inquiry to
LocaFox GmbH
Striegauer Street 21
33719 Bielefeld
E-mail: ds@anker.net
Phone: +49 521 521 816 01
2. On what basis do we process your data?
The data protection term “personal data” refers to any information relating to an identified or identifiable natural person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We process data only on the basis of a legal authorization. We process personal data only with your consent (Art. 6(1)(a) GDPR), to fulfill a contract to which you are a party, or at your request to take pre-contractual measures (Art. 6(1)(b) GDPR), to fulfill a legal obligation (Art. 6(1)(c) GDPR), or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override those interests (Art. 6(1)(f) GDPR).
When you apply for a job opening at our company, we also process your personal data to make a decision regarding the establishment of an employment relationship (Section 26(1), sentence 1 of the Federal Data Protection Act).
3. Your rights
You have a say in how your data is used! As a data subject, you therefore have the right to exercise your data subject rights with us. Under the data protection laws applicable to you, you have the following rights:
- Pursuant to Article 15 of the GDPR and Section 34 of the BDSG, you have the right to request information regarding whether we process personal data about you and, if so, to what extent.
- You have the right to request that we correct your data in accordance with Article 16 of the GDPR.
- You have the right to request that we erase your personal data in accordance with Article 17 of the GDPR and Section 35 of the BDSG.
- You have the right to restrict the processing of your personal data in accordance with Article 18 of the GDPR.
- You have the right, in accordance with Article 20 of the GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.
- If you have given us separate consent to process your data, you may withdraw this consent at any time in accordance with Article 7(3) of the GDPR. Such withdrawal does not affect the lawfulness of processing carried out on the basis of your consent prior to the withdrawal.
- If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.
Pursuant to Article 21(1) of the GDPR, you have the right to object to processing based on the legal grounds set forth in Article 6(1)(e) or (f) of the GDPR for reasons arising from your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Article 21(2) and (3) of the GDPR.
When you exercise your rights under Articles 15 through 22 of the GDPR, we process the personal data you provide for the purpose of fulfilling those rights and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and preparing such information solely for this purpose and for data protection monitoring purposes, and will otherwise restrict processing in accordance with Article 18 of the GDPR.
This processing is based on the legal basis of Article 6(1)(c) of the GDPR in conjunction with Articles 15 through 22 of the GDPR and Section 34(2) of the BDSG.
4. How do we process your data?
As a general rule, we process your data on European servers that meet the highest security standards. In providing our services, we rely on external service providers to whom we transmit your data. Some data processing operations may involve the transfer of certain personal data to third countries—that is, countries where the GDPR is not applicable. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is ensured in that third country. This applies to all transfers to countries on this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
If no such adequacy decision has been issued by the European Commission, personal data may be transferred to a third country only if appropriate safeguards are in place in accordance with Article 46 of the GDPR or if one of the conditions set forth in Article 49 of the GDPR is met.
Unless an adequacy decision is in place and unless otherwise specified below, we use the EU Standard Data Protection Clauses as appropriate safeguards for the transfer of personal data falling within the scope of the GDPR to third countries. You have the option to receive a copy of these EU Standard Data Protection Clauses or to review them. Please contact us at the address listed under “Contact” for this purpose.
If you consent to the transfer of personal data to third countries, such transfer is based on Article 49(1)(a) of the GDPR.
5. To whom and why do we share your personal data?
In order to provide our services and operate as a business, we engage various external companies to which we may, in some cases, transfer personal data. If there are additional specific recipients of personal data for certain groups of data subjects, we will provide information about this in Section B.
- Hosting providers: We engage certified service providers to host our data, all of whom adhere to the highest security standards.
- IT service providers and SaaS providers: We use the services of various service providers who support us as data processors and help simplify and optimize our processes.
- Advertising and marketing providers: We work with various advertising and marketing providers to increase brand awareness, drive demand for our products, and strengthen customer loyalty. To this end, we plan and run campaigns, and measure and analyze their success. These providers are generally also data processors.
- Payment providers: To process payments in our online store, we share your data with payment providers and banks, which process your data as data controllers and/or data processors.
- Retail partners and shipping service providers: We may share your personal data with fulfillment service providers, postal and delivery services, and retail partners in order to offer and deliver our products to you.
- Affiliated Companies: We are a group of companies, which means that data may be transferred between the companies.
- Government agencies and authorities: Additional disclosures may be made to comply with legal requirements or to respond to court orders or other similar requests from government authorities. This includes disclosures to tax authorities as well as to tax advisory and auditing firms.
6. How long do we retain your data?
Unless otherwise specified in the following information, we store the data only for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise, in particular, from commercial or tax regulations. Starting at the end of the calendar year in which the data was collected, we will retain personal data contained in our accounting records for eight years and personal data contained in business correspondence and contracts for six years. Furthermore, we will retain data related to consent requiring proof, as well as complaints and claims, for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
7. How do we use “cookies” and other tracking technologies?
We use cookies and similar technologies on our websites. We have provided more information about how we use these technologies in our cookie banners. The banner can be accessed via the cookie button on the website. There you will also find a list of other companies that place cookies on our websites and process data based on your consent pursuant to Article 6(1)(a) of the GDPR, a list of cookies that we place, and an explanation of how you can opt out of certain types of cookies.
8. How can you contact our Data Protection Officer?
You can contact our Data Protection Officer using the following contact information:
Email: datenschutzbeauftragter@locafox.de
Herting Oberbeck Datenschutz, LLC
https://www.datenschutzkanzlei.de
B. Special Section – How and Why We Process Your Data
a. Visitors to our website
1) We process pseudonymous information about the device and browser you use, server log files, your network connection, and your IP address for the following purposes:
- Ensuring the security, operability, and stability of our websites, including defending against attacks;
- Inclusion of third-party content.
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR in ensuring the proper functionality and stability of the website.
2) We process the data you enter in the contact form (e.g., name, email address, message) as well as technical information about the device you are using and your IP address for the following purposes:
- Processing and responding to your inquiry;
- Ensuring the security and proper functioning of the contact form.
The legal basis for this processing is our legitimate interest, pursuant to Article 6(1)(f) of the GDPR, in efficiently handling inquiries and ensuring the technical integrity of the contact form.
3) We process information about your behavior on the website. This includes your IP address and user IDs, some of which are assigned by third-party providers, and is done for the following purposes:
- Measuring reach and analyzing visitor behavior to optimize our websites, improve customer satisfaction, and identify issues;
- (Conversion) tracking to measure reach and calculate commissions for our affiliate partners and influencers;
- Remarketing to attract new customers through personalized ad delivery.
Legal basis: Consent pursuant to Article 6(1)(a) of the GDPR, which we obtain via the consent banner on our website and which you may revoke or modify at any time via the website footer.
b. Users of our point-of-sale app
1) Responsibility of App Store operators
When you download the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or the Apple App Store); in particular, your username, email address, account number, the time of the download, and your device’s unique identifier may be processed. The processing of this data is carried out exclusively by the provider of the respective app store as the data controller and is beyond our control.
2) LocaFox's Liability
i. We process your login credentials (merchant ID, custom password), which are generated and used when you use our app, for the following purposes:
· Management and authentication of your user account on our cloud systems;
· Providing the app's features
· Ensuring access to our services.
Legal basis: Performance of a contract pursuant to Article 6(1)(b) of the GDPR.
ii. We process information about your mobile device’s permissions for the following purposes:
· Internet access for data transfer and communication;
· Camera access for using image-based features;
· Access to location data for the provision of location-based services.
Legal basis: Your consent pursuant to Article 6(1)(a) of the GDPR, which you may withdraw at any time by revoking the permissions on your mobile device.
iii. We process anonymized information about the use of our app (e.g., usage statistics) for the following purposes:
· Analysis and improvement of the app;
· Error detection and further development of our services.
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR in optimizing and further developing our app.
c. Customers of our online store
1) We process the data you provide when placing an order in our online store and the data we collect in connection with the order, such as your name, address, email address, phone number, payment information, and information about purchased items, including your purchase history. This data is processed for the following purposes:
- Customer Care: This includes answering questions about your order or our products, as well as handling complaints.
Legal basis: Performance of a contract pursuant to Article 6(1)(b) of the GDPR. Without the provision of this data, it is not possible to perform the contract.
- Non-marketing communications regarding technical, contractual, and security-related matters (e.g., order and shipping confirmations, password reset messages, customer account confirmations);
- Internal analysis of purchasing behavior and segmentation by interest groups as preparation for marketing initiatives.
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR for the purpose of promoting customer loyalty.
- to comply with legal requirements and retention obligations.
Legal basis: Compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR
2) We may use the email address you provided when placing your order to inform you about similar products and services we offer.
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the German Unfair Competition Act (UWG). You may object to this at any time without incurring any costs other than the standard transmission charges. To do so, you can unsubscribe by clicking the unsubscribe link included in every email.
d. Newsletter subscribers
1) We process the name and contact information you provide when you sign up for our newsletter for the following purposes:
- Sending personalized promotional emails containing information and updates about our products, promotions, and events for the purpose of promoting sales and acquiring new customers;
- Verification of your email address via the double opt-in process.
2) We process pseudonymized information regarding the use of our newsletter (click behavior, open rate and time, dwell time) for the following purposes:
- Measuring performance to optimize our content and improve our products.
The legal basis for the data processing related to our newsletter is your consent under Article 6(1)(a) of the GDPR, which you may withdraw at any time by contacting us using the contact information provided above or by using the unsubscribe link.
e. Social media users
1) Responsibility of social media providers
When you visit our social media pages (Facebook, Instagram, LinkedIn, TikTok, XING), where we showcase our company, certain information about you as a visitor is processed.
For more information:
Facebook and Instagram:
- Privacy Policy of Meta Platforms Ireland Limited
- Opt-out option
TikTok: Privacy Policy of TikTok Technology Limited
LinkedIn: Privacy Policy of LinkedIn Ireland Unlimited Company
2) Joint responsibility of social media providers and us (joint controllers)
Social media providers collect and process event data and send us anonymized statistics and data for our pages, which help us gain insights into the various activities visitors engage in on our site (so-called “Page Insights”). These Page Insights are generated based on certain information about people who have visited our site(s).
For more information:
Facebook and Instagram:
- Joint Controller Agreement
- Data subjects may also exercise their rights with respect to Meta. For more information, please see the Privacy Policy.
LinkedIn:
- Joint Controller Agreement
- Data subjects can exercise their rights via this contact form on LinkedIn. You can contact LinkedIn’s Data Protection Officer via this link.
- We have agreed with LinkedIn that the Irish Data Protection Commission is the competent supervisory authority responsible for overseeing the processing of Page Insights. You may file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with another supervisory authority.
TikTok:
- Joint Controller Agreement
- Data subjects can exercise their rights by submitting this form to TikTok.
- We have agreed with TikTok that the Irish Data Protection Commission is the competent supervisory authority responsible for overseeing the processing of Page Insights. You may file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with another supervisory authority.
3) Our Responsibility
We process information that you have provided to us through our social media channels on the respective social media platform. This information may include your username, contact information, or a message you have sent us.
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR in communicating with prospective customers and followers.
f. Contact persons at service providers/suppliers/business partners
1) We process the data you provide to us about yourself and the company you work for—such as your name, email address, and phone number—for the following purposes:
- To fulfill the contract with the company you work for (this includes contract management, documentation related to our ongoing collaboration, billing, and communication).
Legal basis: Legitimate interest pursuant to Article 6(1)(f) of the GDPR in the performance of the contract between the company you work for and us.
g. Applicants
1) Data that you provide to us as part of your application or that a recruitment agency forwards to us on your behalf. This includes information from your resume, your professional history, and other data that we process for the following purposes:
- Determining whether employment is a possibility;
- Initiation of an employment relationship.
Legal basis: Pre-contractual processing pursuant to Article 6(1)(b) of the GDPR and Section 26(1), first sentence, of the BDSG.
- Compliance with statutory retention requirements or defense against legal claims.
Legal basis: Compliance with legal obligations pursuant to Article 6(1)(c) of the GDPR.
- Inclusion in our talent pool so we can contact you again at a later date if we are unable to offer you a position at this time.
Legal basis: Consent pursuant to Article 6(1)(a) of the GDPR, which you may withdraw at any time by contacting us using the contact information provided above.
If we are unable to offer you a position, we will retain the application materials you submitted for up to six months following any rejection in order to answer questions related to your application and the rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for evidentiary purposes, or if you have expressly consented to longer storage.
As of January 2026
