Privacy policy

The protection of your data is very important to us. This Privacy Policy explains what personal data LOX24 collects from you through interactions with you or through our products and how we use that data.

This Privacy Policy describes LOX24’s general privacy practices with respect to the processing, including collection, use and disclosure, of personal data of users and other individuals at our customers, business partners, suppliers and other companies with which LOX24 has or is considering a business relationship.

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

LOX24 GmbH, Seestr. 109, 13353 Berlin,

Your data subject rights

You can exercise the following rights at any time using the contact details provided by our contact person for data protection:

  • Information about your data stored by us and its processing,
  • Correction of inaccurate personal data,
  • Deletion of your data stored with us,
  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
  • object to the processing of your data by us and
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us consent, you can revoke this at any time with effect for the future.

You can contact the supervisory authority responsible for you at any time with a complaint. Your responsible supervisory authority depends on the state of your residence, your work or the alleged violation. A list of supervisory authorities (for the non-public sector) with address can be found at:

In addition, you have the right to complain to the Federal Network Agency:

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those mentioned. We will only share your personal information with third parties if:

  • you have given your express consent to this,
  • the processing is necessary for the performance of a contract with you,
  • the processing is necessary for compliance with a legal obligation,

the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

Deletion or blocking of the data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Collection of general information when visiting our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content of web pages requested by you and is mandatory when using the Internet. In particular, they are processed for the following purposes:

  • Ensuring that the website connection is established without any problems,
  • Ensuring a smooth use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

The processing of your personal data is based on our legitimate interest arising from the aforementioned data collection purposes. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible party and, if applicable, order processors.

Anonymous information of this kind will be used by us if necessary. evaluated statistically in order to optimize our Internet presence and the technology behind it.


Like many other websites, we also use so-called “cookies”. Cookies are small text files that are transferred from a website server to your hard drive. Through this, we automatically receive certain data such as IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to run programs or deliver viruses to a computer. Based on the information contained in cookies, we can facilitate your navigation and enable the correct display of our web pages.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can disable the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to learn how to change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.

Registration on our website

When registering to use our personalized services, some personal data is collected, such as name, address, contact and communication data such as telephone number and e-mail address. If you are registered with us, you can access content and services that we offer only to registered users. Registered users also have the option, if necessary, to change or delete the data provided during registration at any time. In addition, we will of course provide you with information about the personal data we have stored about you at any time. We will also be happy to correct or delete them at your request, provided that there are no legal storage obligations to the contrary. To contact us in this regard, please use the contact information provided at the end of this privacy policy.

Provision of chargeable services

For the provision of chargeable services, we request additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired.

Traffic data when sending SMS

We collect traffic data from registered customers in accordance with §9 TTDSG in order to be able to provide our communication services. This traffic data includes sender number, recipient number, send time, input time, delivery status, IP address of the sender, charge of the connection and data volume. This data is deleted no later than 60 days after the service has been billed, or at the customer’s request. This data is subject to telecommunications secrecy pursuant to Section 8 of the Telecommunications Telemedia Data Protection Act (TTDSG) and is protected by Article 10 of the German Basic Law (GG) and Article 8 of the European Convention on Human Rights (ECHR). Traffic data shall be used to the extent necessary for the provision of telecommunications services, including the protection of their technical systems. Use of these for other purposes, in particular disclosure to others, is only permissible if required by law. A transfer to third parties for other purposes does not take place.

Address book and groups/mass SMS

When you send bulk SMS through our website, you have the option to import your destination numbers and other data such as the names of the recipients and save them in a kind of address book. You have the possibility to view, change and delete this data at any time. You can also tell us to disable this feature for your account for free.


When you send SMS via us, we store the message texts encrypted in various folders such as Outbox, Sent SMS etc. for clarity and traceability for you. You can view or delete these messages at any time. You can also tell us to disable this feature for your account for free.

Google Calendar Appointments

You have the possibility to send appointment reminders to your customers with the help of Google Calendar. In this case, our system will connect to your calendar and read data from it. Data will only be processed to send your appointment notices. No other data is stored or processed. You can stop or disable the connection from our service to your calendar at any time on our website or on Google’s website:

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Comment function

When users leave comments on our website, in addition to this information, the time of their creation and the user name previously selected by the website visitor are also stored. This is for our security, as we can be prosecuted for unlawful content on our website, even if it was created by users.


On the basis of your expressly granted consent, we will send you our newsletter or comparable information regularly by e-mail to your specified e-mail address.

To receive the newsletter, it is sufficient to provide your e-mail address. When registering to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).

For an effective registration we need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the “double-opt-in” procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation email and the receipt of the response requested herewith. No other data is collected. The data will be used exclusively for the newsletter dispatch and will not be passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for the newsletter dispatch at any time. There is a link to this in every newsletter. In addition, you can also unsubscribe directly on this website at any time or inform us of your corresponding wish via the contact option provided at the end of this privacy notice.

Contact form

If you contact us by e-mail or contact form regarding questions of any kind, you give us your voluntary consent for the purpose of contacting you. For this, the specification of a valid e-mail address is required. This is used for the assignment of the request and the subsequent response to the same. The specification of further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. After completion of your request, personal data will be automatically deleted.

Google reCAPTCHA

We use reCAPTCHA from Google (hereinafter “reCAPTCHA”) to prevent spam and unauthorized calls to user accounts, e.g. from bots that check stolen passwords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form or login) is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The analyses run in the background. Website visitors are therefore not informed separately that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f GDPR. LOX24 has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. This measure also serves to protect customer accounts and is thus also in the interest of customers

For more information on Google reCAPTCHA and Google’s privacy policy, please visit: and

Use of script libraries (Google Web Fonts)

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Web Fonts( on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loads. If the browser does not support Google Web Fonts or prevents access, content is displayed in a standard font.

Calling script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although it is currently unclear whether and, if so, for what purposes – for operators of such libraries to collect data.

The privacy policy of the library operator Google can be found here:

Use of Google Maps

This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors’ use of the map functions. You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal privacy settings in the Privacy Center.

Detailed instructions on how to manage your own data in connection with Google products can be found here.

Embedded YouTube videos

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

When a Youtube video is started, the provider uses cookies that collect information about user behavior.

Those who have deactivated the saving of cookies for the Google Ad program will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

For more information on data protection at “Youtube”, please refer to the provider’s privacy policy at:

Google AdWords

Our website uses Google conversion tracking. If you have accessed our website via an ad placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain “” are blocked.

Please note that you must not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called “cookie” is stored in the browser of the website visitor, which makes it possible to recognize the visitor when they visit websites that belong to Google’s advertising network. On these pages, the visitor may be presented with advertisements that relate to content that the visitor has previously viewed on websites that use Google’s remarketing feature.

According to its own information, Google does not collect any personal data during this process. If you still do not wish to use the Google remarketing function, you can deactivate it in principle by making the appropriate settings at Alternatively, you can disable the use of cookies for interest-based advertising via the ad network initiative by following the instructions at

Account charging, invoice and payment service provider

We use a number of external payment service providers to order SMS credit and pay bills. However, there is a possibility for you to use a normal bank transfer for payment. In this case, no service provider comes into contact with your data.


We offer the option to process the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with PayPal, as far as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. DSGVO).

First name
Last name
E-mail address
Phone number

The processing of the data provided under this section is not required by law or contract. Without the transmission of your personal data, we cannot carry out a payment via PayPal.

PayPal performs a credit check for various services such as payment by direct debit to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made, rejected or is pending verification.

You can find more information on objection and removal options vis-à-vis PayPal at:

Your data will be stored until the completion of payment processing. This includes the time required to process refunds, receivables management, and fraud prevention.

Instant bank transfer (Sofort, Klarna)

We offer the possibility to process the payment transaction via Sofortüberweisung of the payment service provider Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we pass on the following data to Klarna as far as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit b. DSGVO).

First name
Last name
Transfer amount

Depending on how your bank manages online accounts, different verification steps are necessary: If your bank only accepts transfer orders if there is sufficient account coverage, then Klarna does not perform an account coverage check. In all other cases, Klarna checks whether the sum of the account balance and the overdraft facility, minus the amount of the overdraft facility, is sufficient. unrecognized sales, covers the amount to be transferred.

Klarna reserves the right in cases of increased risk of abuse to check instant transfers of the last 30 days to see if they were successfully executed. There are no credit checks based on historical payment data.

The check is performed either via your bank’s HBCI interface or via the user interface of your online banking – as if you were logging in yourself. If you manage multiple accounts, information about accounts that are not selected will not be saved.

Furthermore, Klarna stores your online banking user identification (login name/account number) as a hash value. PIN and TAN codes are not stored.

We have no influence on this process and only receive the result, whether the payment was made or rejected, your account number, sort code, subject, amount and date.

You can find more information about objection and removal options vis-à-vis Klarna at:

Klarna stores your name, account number, bank code, subject, date and transfer amount for billing purposes within the legal retention periods. The basis for this is § 28 para. 1. sentence 1 no. 1. BDSG.

Your data will be stored by us until the completion of payment processing. This includes the time required to process refunds, receivables management, and fraud prevention.

Stripe (credit card and SEPA direct debit)

We offer the option of completing the payment process via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre
Harcourt Road, Dublin 2 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we disclose the following data to Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).

Name of the cardholder/account holder
E-mail address
Customer number
Order number
Bank details
Credit card data
Credit card validity period
Credit card verification number (CVC)
Date and time of the transaction
Transaction amount
Provider name

The processing of the data provided under this section is not required by law or contract. We cannot process a payment via Stripe without the transmission of your personal data.

Stripe has a dual role as controller and processor in data processing activities. As a data controller, Stripe uses your submitted data to comply with regulatory obligations. This corresponds to Stripes’ legitimate interest (pursuant to Art. 6 para. 1 lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b DSGVO). We have no influence on this process.

Stripe acts as a processor to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe will act exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 DSGVO to comply with the provisions of data protection law.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information on opt-out and removal options with respect to Stripe, please visit:

Your data will be stored by us until the completion of payment processing. This includes the time required to process refunds, receivables management, and fraud prevention.

You have the optional possibility to store credit card data at Stripe for faster processing of a future payment at LOX24. In this case, the data will be stored beyond the completion of the payment processing. To use this function, you must explicitly agree to the storage of your data.

If you deposit a SEPA mandate, we are obliged to store the data of the mandate containing your name, bank details and address for 14 months from the last collection (end of the technical processing period for the return of unauthorized SEPA direct debits). We use Stripe for this purpose.

Change to our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Questions for the data protection officer

If you have any questions about data protection, please write us an e-mail or contact the person responsible for data protection in our organization directly: Miguel Bastl,

The privacy policy was created with the
data protection declaration generator of activeMind AG.