What is nanoEFX ecoSpray?

nanoEFX ecoSpray is a patented nano-spray technology applied to a vehicle's air filter. It uses the piezoelectric effect to ionize intake air into H₂⁺ and OH⁻ ions, enabling more complete fuel combustion — resulting in up to 25% fuel savings and up to 35% fewer NOx emissions, with no engine modifications required. It is 100% natural, non-toxic, CE Certified, IMO Approved, ISO 9001 certified, and endorsed by UNIDO.

What reduces NOx emissions without engine changes?

nanoEFX ecoSpray reduces NOx emissions by 20–35% without any engine modifications. Applied directly to the existing air filter in minutes, the piezoelectric nano-spray ionizes intake air to support more complete combustion, reducing harmful NOx, CO2, and particulate emissions. No mechanical changes, no warranty implications, no additives required at every refueling.

How can I reduce fuel consumption in my fleet?

nanoEFX ecoSpray is a proven, non-invasive solution for fleet fuel reduction. Applied to the air filter of each vehicle, it delivers 15–25% fuel savings across diesel and petrol fleets — trucks, buses, taxis, vans, and ships. Real-world results: Chuo Taxi achieved 43.2% savings, Sagawa Express 22.5%, Tokyu Bus 12–16%. No engine modifications needed. Reapply every 5,000–10,000 km.

Best emission reduction solution for ships without retrofit

nanoEFX ecoSpray is one of the most cost-effective emission reduction solutions for maritime vessels that requires no engine retrofit. It is IMO approved and compatible with diesel and heavy fuel oil (HFO) engines used in container ships, bulk carriers, tankers, and cruise ships. It reduces NOx by 20–35% and fuel consumption by 15–25% — helping shipowners meet IMO 2030 emission targets without costly hardware installations.

UNIDO approved fuel saving technology

nanoEFX ecoSpray is officially listed on the UNIDO Environmental Technology Database — the United Nations Industrial Development Organization, a specialized UN agency with 173 member states focused on sustainable industrial development. UNIDO endorses nanoEFX for its commitment to nature and human well-being, its ability to enhance engine performance, improve fuel efficiency, and reduce emissions using 100% natural ingredients.

How does nanoEFX ecoSpray reduce fuel consumption?

When applied to the air filter, nanoEFX generates an electric field through the piezoelectric effect. This ionizes moisture in the intake air, creating charged hydrogen and hydroxide ions that support more complete combustion. The result is less wasted fuel, improved fuel efficiency of 15–25%, and reduced carbon deposits.

Does nanoEFX require engine modifications?

No. nanoEFX ecoSpray is applied directly to the existing air filter — no mechanical modifications, no engine disassembly, and no warranty implications. Application takes minutes and is repeated every 5,000 km for cars or every 6,000–10,000 km for trucks and buses.

What vehicles and engines is nanoEFX compatible with?

nanoEFX ecoSpray is compatible with all combustion engines running on fossil fuels, including petrol and diesel cars, motorcycles, trucks, buses, maritime vessels (diesel and heavy fuel oil), generators, industrial machinery, agricultural equipment, and trains.

Is nanoEFX certified and tested?

Yes. nanoEFX ecoSpray holds CE Certification (European compliance), IMO Approval (maritime), ISO 9001 quality management certification, and a registered patent. It has been independently tested by the Japan Automobile Transport Technology Association (JATA) and endorsed by UNIDO (United Nations Industrial Development Organization).

What emission reductions can I expect from nanoEFX?

Field tests and third-party studies show NOx emission reductions of 20–35%, particulate and CO2 reductions, and carbon deposit reductions of 40–60%. Real-world case studies include Tokyu Bus (12–16% fuel savings), Chuo Taxi (43.2%), and Sagawa Express (22.5%).

Privacy Policy | nanoEFX

Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about how ECO EFX Solutions GmbH processes personal data on this website and what rights you have as a data subject.

1. Controller and Data Protection Officer

Controller within the meaning of the GDPR

ECO EFX Solutions GmbH
Hamburger Straße 180
22083 Hamburg
Germany

Phone: +49-40-298 234 60
Fax: +49-40-298 234 61
Email: info@ecoefxsol.com

Managing Director: Sven-Oliver Robertson
Commercial Register: AG Hamburg HRB 185253
VAT ID: DE368007707

Data Protection Officer

Our Data Protection Officer is available to answer any questions about data protection:

Sven-Oliver Robertson
Data Protection Officer
ECO EFX Solutions GmbH
Hamburger Straße 180
22083 Hamburg
Germany

Email: cp@ecoefxsol.com

2. Principles of Data Processing

When processing personal data, we observe the following principles in accordance with Art. 5 GDPR:

Lawfulness, fairness and transparency: We only process your data on a lawful basis and inform you transparently about the processing.
Purpose limitation: We only collect your data for specified, explicit and legitimate purposes.
Data minimization: We only process data that is necessary for the respective purpose.
Accuracy: We ensure that your data is accurate and up to date.
Storage limitation: We only store your data for as long as necessary for the respective purpose.
Integrity and confidentiality: We protect your data through appropriate technical and organizational measures.

3. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under the GDPR:

Art. 6 (1) lit. a GDPR: Consent of the data subject
Art. 6 (1) lit. b GDPR: Processing for the performance of a contract or pre-contractual measures
Art. 6 (1) lit. c GDPR: Processing for compliance with a legal obligation
Art. 6 (1) lit. f GDPR: Processing for the purposes of legitimate interests

4. Data Collection When Visiting the Website

4.1 Server Log Files

When you visit our website, our web server automatically collects certain information in server log files. This data is technically necessary for the display of the website and to ensure stability and security.

Collected data includes:

IP address of the accessing computer (anonymized after 7 days)
Date and time of access
Name and URL of the retrieved file
Amount of data transferred
Notification of successful retrieval (HTTP response code)
Browser type and browser version
Operating system
Referrer URL (previously visited page)
Hostname of the accessing computer

Purpose of processing:

Ensuring smooth connection establishment
Ensuring comfortable use of our website
Evaluation of system security and stability
Detection and prevention of security threats
Technical administration and optimization

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the technical functionality and security of the website)

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, at the latest after 7 days. IP addresses are anonymized after this period.

4.2 SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. This protects your personal data during transmission.

5. Cookies and Similar Technologies

5.1 What are Cookies?

Our website uses cookies. Cookies are small text files that are stored on your device and that your browser stores. They are used to make our offer more user-friendly, effective and secure. Some cookies remain on your device until you delete them. They allow us to recognize your browser on your next visit.

5.2 Types of Cookies We Use

Technically Necessary Cookies (Session Cookies)

These cookies are required for the basic functions of the website and cannot be deactivated.

Purpose: Enabling navigation and basic functions, session management, security features
Legal basis: Art. 6 (1) lit. f GDPR (technical necessity)
Retention period: Session (deleted after closing the browser)
Examples: Login status, shopping cart, language preferences, security tokens

Functional Cookies

These cookies enable advanced functionalities and personalization.

Purpose: Storage of settings and preferences, improved user experience
Legal basis: Art. 6 (1) lit. a GDPR (consent via cookie banner)
Retention period: Up to 12 months
Examples: Font size settings, video player preferences, chat widget settings

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Purpose: Statistical evaluation of website usage, performance measurement, user behavior analysis
Legal basis: Art. 6 (1) lit. a GDPR (consent via cookie banner)
Retention period: Up to 24 months
Data collected: Page views, session duration, bounce rate, traffic sources, geographic location (country level)

Marketing Cookies

These cookies are used to display relevant advertising to visitors and track campaign effectiveness.

Purpose: Delivery of personalized advertising, retargeting, campaign measurement
Legal basis: Art. 6 (1) lit. a GDPR (consent via cookie banner)
Retention period: Up to 24 months
Third parties: May include cookies from advertising networks

5.3 Cookie Management and Your Choices

You have full control over cookies on our website:

Cookie Consent Banner: When you first visit our website, you will see a cookie consent banner where you can:

Accept all cookies
Reject all non-essential cookies
Customize your preferences by cookie category

Browser Settings: You can also configure your browser settings to:

Block all cookies
Accept only first-party cookies
Receive a notification before a cookie is stored
Delete cookies after each browser session

Important: If you block all cookies, some features of our website may not function properly. Technically necessary cookies are required for basic website functionality.

5.4 Tracking Technologies and Web Beacons

In addition to cookies, we may use other tracking technologies:

Web Beacons (Pixel Tags): Small, invisible images embedded in web pages or emails to track user behavior and email open rates
Local Storage: HTML5 local storage for storing preferences and session data
Fingerprinting Prevention: We do not use browser fingerprinting techniques

5.5 Wix-Specific Cookies

Since our website is hosted on the Wix platform, the website also uses Wix-specific cookies for:

Session management and security
Website analytics and performance monitoring
A/B testing and website optimization
Visitor authentication and preferences

For detailed information about Wix cookies, please see Wix's Privacy Policy and Wix Cookie Policy.

6. Contact Form and Email Contact

6.1 Contact Form

When you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.

Processed data:

Full name (required)
Email address (required)
Phone number (optional)
Company name (optional)
Message content (required)
Time of inquiry (automatically recorded)
IP address (for spam prevention, automatically deleted after 7 days)

Purpose: Processing your inquiry and communication with you, customer support, business correspondence

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in answering inquiries)

Data storage: Your inquiry data is stored in our customer relationship management (CRM) system

Retention period: Until your inquiry has been fully processed, then according to statutory retention periods (typically 3 years for business correspondence)

Data security: All form submissions are encrypted via SSL/TLS. We use CAPTCHA or similar anti-spam measures to prevent automated submissions.

6.2 Email Contact

If you contact us by email, the data you transmit will be stored by us for the purpose of processing your inquiry.

Processed data:

Email address
Email content
Attachments (if any)
Email metadata (timestamp, subject line)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in communication)

Retention period: Emails are stored until the matter is resolved, then according to statutory retention periods. Business-related emails may be stored for up to 10 years due to tax law requirements.

Please note: Email communication is not always secure. For sensitive information, please use our encrypted contact form or contact us by phone.

7. Newsletter

7.1 Newsletter Subscription

With your consent, you can subscribe to our newsletter, which informs you about our latest products, services, and company news.

Newsletter data:

Email address (required)
First name and last name (optional)
Company name (optional)
Industry/interests (optional)
Subscription date and time
IP address at time of subscription (for legal protection)

Double Opt-In Procedure: After registration, you will receive a confirmation email with a link to verify your email address. Your newsletter subscription only becomes active after clicking this confirmation link. This prevents misuse of your email address.

Legal basis: Art. 6 (1) lit. a GDPR (consent)

Purpose: Sending marketing communications, product updates, industry news, special offers

7.2 Newsletter Service Provider

We use the following service provider for sending newsletters:

Email service provider for newsletter distribution
Analytics for tracking open rates and click rates
Segmentation and personalization tools

We have concluded a data processing agreement with our newsletter service provider to ensure GDPR compliance.

7.3 Newsletter Analytics

Our newsletters contain tracking technologies to measure:

Open Rate: Whether and when you opened the newsletter (via invisible tracking pixel)
Click Rate: Which links you clicked in the newsletter
Device Information: Type of device used to open the newsletter
Geographic Location: Approximate location based on IP address

This data helps us improve our newsletter content and relevance.

7.4 Unsubscribe

You can unsubscribe from the newsletter at any time:

Click the "Unsubscribe" link at the bottom of any newsletter
Send an email to info@ecoefxsol.com with subject "Unsubscribe"
Contact our data protection officer at cp@ecoefxsol.com

After unsubscribing, your email address will be removed from our newsletter distribution list within 48 hours. We may retain your email address on a suppression list to prevent future newsletter subscriptions.

8. Social Media Plugins

Our website uses social media plugins from the following services. We use the "2-click solution" to protect your privacy - plugins are deactivated by default and only connect to the social network when you actively click on them.

8.1 LinkedIn

We use plugins from the professional network LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; European headquarters: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

Functions: Share button, LinkedIn profile display, company page integration

Data transmitted: IP address, browser information, page visited, LinkedIn user ID (if logged in)

LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy

8.2 Facebook

Plugins from the social network Facebook are integrated on this website (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland).

Functions: Like button, Share button, Facebook page plugin

Data transmitted: IP address, browser information, page visited, Facebook user ID (if logged in), cookies

Facebook Privacy Policy: https://www.facebook.com/privacy/explanation

8.3 Instagram

We use plugins from Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland).

Functions: Instagram feed display, Instagram stories, profile integration

Data transmitted: IP address, browser information, page visited, Instagram user ID (if logged in)

Instagram Privacy Policy: https://help.instagram.com/519522125107875

8.4 X (formerly Twitter)

Functions of the X service are integrated on this website (X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA).

Functions: Tweet button, timeline integration, X profile display

Data transmitted: IP address, browser information, page visited, X user ID (if logged in)

X Privacy Policy: https://twitter.com/en/privacy

8.5 TikTok

We use plugins from TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; TikTok Inc., 5800 Bristol Parkway, Suite 100, Culver City, CA 90230, USA).

Functions: TikTok video embed, TikTok profile integration

Data transmitted: IP address, browser information, page visited, TikTok user ID (if logged in), device information

TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy

8.6 Truth Social

We use plugins from Truth Social (T Media Tech LLC, 529 14th Street NW, Suite 1050, Washington, DC 20045, USA).

Functions: Truth Social sharing, profile integration, post embedding

Data transmitted: IP address, browser information, page visited, Truth Social user ID (if logged in)

Truth Social Privacy Policy: https://truthsocial.com/privacy-policy

8.7 Privacy Protection - 2-Click Solution

Important Privacy Feature: All social media plugins on our website are initially deactivated (2-click solution). This means:

First Visit: No data is transmitted to social networks when you visit our page
Activation: You must actively click on the plugin to activate it
After Activation: Data transfer occurs and the plugin functions normally

Legal basis: Art. 6 (1) lit. a GDPR (consent through activation)
Purpose: Integration of social media content, increasing the reach of our content, social proof

9. Google Maps

This website uses Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

9.1 Functionality and Purpose

Google Maps allows us to display interactive maps directly on our website and enables you to easily use the map function. This improves usability and helps visitors find our locations.

Features used:

Interactive map display of our office locations
Route planning and directions
Street view integration
Location markers and information windows

9.2 Data Processing

When you visit a page with an integrated Google Map, the following data is transmitted to Google:

IP address of your device
Date and time of your visit
URL of the visited page
Browser information and device type
Operating system information
Geographic location data (if you have enabled location services)
Map interactions (zoom, pan, clicks)

This data is processed by Google to provide the map service and may be transmitted to Google servers in the USA.

9.3 Legal Basis and Consent

Legal basis: Art. 6 (1) lit. a GDPR (consent via cookie banner) or Art. 6 (1) lit. f GDPR (legitimate interest in user-friendly presentation of our locations)

We use Google Maps with the "2-click solution" - the map is only loaded and data transmitted to Google after you actively consent by clicking.

9.4 Data Transfer to Third Countries

Google processes data partly in the USA. Data transfer to the USA is based on EU Standard Contractual Clauses. Google is also certified under the EU-US Data Privacy Framework.

Google Maps Privacy Policy: https://policies.google.com/privacy
Google Maps Terms of Service: https://www.google.com/intl/en_US/help/terms_maps/

9.5 Opt-Out

You can prevent Google Maps from loading by:

Not clicking on the map activation button on our website
Disabling JavaScript in your browser (this will affect website functionality)
Managing your Google account settings at https://adssettings.google.com

10. YouTube

Our website embeds videos from YouTube, a service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

10.1 Extended Privacy Mode

We use YouTube in "extended privacy mode" (youtube-nocookie.com). This means that YouTube does not store information about visitors to this website unless they actively play a video.

Before video playback: No cookies are set and no data is transmitted to YouTube

After clicking play: YouTube may set cookies and collect the following data:

IP address
Date and time of visit
URL of the page containing the video
Browser information and device type
Video playback behavior (pause, rewind, watch duration)
YouTube user ID (if logged into YouTube)

10.2 Purpose of Data Processing

YouTube uses this data to:

Provide video streaming functionality
Analyze video performance and viewer engagement
Display personalized video recommendations
Prevent fraud and abuse
Display advertising (if applicable)

10.3 Legal Basis

Legal basis: Art. 6 (1) lit. a GDPR (consent via activation) or Art. 6 (1) lit. f GDPR (legitimate interest in attractive presentation of content)

10.4 Data Transfer

YouTube may transfer data to Google LLC in the USA. This transfer is based on EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework.

YouTube Privacy Policy: https://policies.google.com/privacy
YouTube Terms of Service: https://www.youtube.com/t/terms

10.5 Your Choices

You can control YouTube data collection by:

Not playing embedded videos
Logging out of your YouTube/Google account before visiting our site
Managing your Google advertising settings at https://adssettings.google.com
Using browser extensions that block YouTube tracking

11. Web Analytics and Marketing

11.1 Wix Analytics

This website uses Wix Analytics, a web analytics service provided by Wix.com Ltd., 40 Hanamal Tel Aviv St., Tel Aviv 6350671, Israel.

Collected data:

Page views and unique visitors
Session duration and bounce rate
Traffic sources (direct, search, referral, social)
Geographic location (country, city level)
Device type, browser, and operating system
Screen resolution and viewport size
User flow and navigation paths
Form submissions and conversion tracking

Purpose: Understanding user behavior, improving website performance, optimizing user experience, measuring marketing effectiveness

Legal basis: Art. 6 (1) lit. a GDPR (consent via cookie banner)

Data processing: Wix Analytics uses cookies and may store data for up to 24 months

IP anonymization: IP addresses are anonymized before storage

11.2 Conversion Tracking

We track conversions to measure the effectiveness of our marketing campaigns:

Contact form submissions
Newsletter sign-ups
Download of product information
Specific page visits (e.g., pricing page)

This data is aggregated and anonymized for reporting purposes.

11.3 Opt-Out from Analytics

You can opt out of web analytics by:

Rejecting analytics cookies in our cookie banner
Using browser "Do Not Track" settings
Installing browser extensions that block analytics scripts

12. Hosting and Content Delivery

12.1 Wix.com Hosting

Our website is hosted on the Wix.com platform. The provider is Wix.com Ltd., 40 Hanamal Tel Aviv St., Tel Aviv 6350671, Israel.

Wix is a comprehensive tool for creating and hosting websites. When you visit our website, Wix collects various log files including your IP addresses for security and performance purposes.

Wix processes the following data:

Server log files (see section 4.1)
Website performance metrics
Security and abuse detection data
CDN (Content Delivery Network) data for fast content delivery

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient provision of our website)

Data Processing Agreement: We have concluded a comprehensive data processing agreement (DPA) with Wix that ensures:

Processing only according to our instructions
Compliance with GDPR requirements
Appropriate technical and organizational measures
Confidentiality obligations for Wix employees
Support for data subject rights

12.2 Content Delivery Network (CDN)

Wix uses a global CDN to deliver website content efficiently:

Faster loading times through geographically distributed servers
Improved reliability and uptime
DDoS protection and security features

CDN servers may temporarily cache your IP address and request data for performance optimization.

12.3 Data Security Measures

Wix implements comprehensive security measures:

SSL/TLS encryption for all data transmission
Regular security audits and penetration testing
24/7 security monitoring
Compliance with SOC 2, ISO 27001, and other security standards
Regular backups and disaster recovery procedures

12.4 Data Location and International Transfers

Wix's servers are located in multiple regions:

Primary data centers in the USA and Israel
European data centers for EU visitors (where possible)
Global CDN network for content delivery

Legal safeguards for international transfers:

EU Standard Contractual Clauses (SCCs)
Adequacy decision for Israel (Commission Implementing Decision 2011/61/EU)
Additional safeguards including encryption and access controls

Wix Privacy Policy: https://www.wix.com/about/privacy
Wix Security: https://www.wix.com/about/security

13. Data Security

We take the protection of your personal data very seriously and implement comprehensive technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

13.1 Technical Security Measures

Encryption: SSL/TLS encryption for all data transmission; AES-256 encryption for data at rest
Firewalls: Multiple layers of firewall protection
Intrusion Detection: 24/7 monitoring and intrusion detection systems
Access Control: Multi-factor authentication for administrative access
Regular Updates: Automatic security updates and patch management
Backups: Daily encrypted backups with offsite storage
DDoS Protection: Protection against distributed denial-of-service attacks
Vulnerability Scanning: Regular security scans and penetration testing

13.2 Organizational Security Measures

Access Management: Strict access controls based on need-to-know principle
Employee Training: Regular data protection and security training for all employees
Confidentiality Agreements: All employees sign confidentiality agreements
Incident Response: Documented incident response procedures
Data Protection Impact Assessments: Regular DPIAs for high-risk processing
Third-Party Management: Due diligence and monitoring of data processors
Physical Security: Secure server rooms with restricted access

13.3 Security Certifications and Compliance

Our hosting provider Wix maintains the following certifications:

ISO/IEC 27001 (Information Security Management)
ISO/IEC 27018 (Cloud Privacy)
SOC 2 Type II (Security, Availability, Confidentiality)
PCI DSS (Payment Card Industry Data Security Standard)

13.4 Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay if there is a high risk to their rights and freedoms
Provide information about the nature of the breach and measures taken
Offer advice on protective measures you can take

13.5 Continuous Improvement

Our security measures are continuously reviewed and improved in line with:

Technological developments
Emerging threats and vulnerabilities
Regulatory requirements and best practices
Results from security audits and assessments

14. Your Rights as a Data Subject

Under the GDPR, you have comprehensive rights regarding your personal data. You can exercise these rights at any time by contacting us.

14.1 Right of Access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether and what personal data we process about you. You can request information about:

The purposes of processing
The categories of personal data concerned
The recipients or categories of recipients to whom the data has been or will be disclosed
The envisaged period for which the data will be stored
The existence of the right to rectification, erasure, restriction, or objection
The right to lodge a complaint with a supervisory authority
Where the data was not collected from you, any available information as to its source
The existence of automated decision-making, including profiling

We will provide you with a copy of your personal data free of charge. For additional copies, we may charge a reasonable administrative fee.

14.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data or the completion of incomplete personal data stored by us without undue delay.

How to exercise: Contact us with the corrected information, and we will update your data within one month.

14.3 Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to request the erasure of your personal data without undue delay if one of the following grounds applies:

The data is no longer necessary for the purposes for which it was collected
You withdraw your consent and there is no other legal ground for processing
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is necessary to comply with a legal obligation
The data was collected in relation to information society services offered to children

Exceptions: We may not be able to erase your data if retention is necessary for:

Compliance with legal obligations
Establishment, exercise, or defense of legal claims
Archiving purposes in the public interest, scientific or historical research, or statistical purposes

14.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing if:

You contest the accuracy of the data (restriction during verification period)
The processing is unlawful, but you oppose erasure and request restriction instead
We no longer need the data, but you need it for legal claims
You have objected to processing pending verification of whether our legitimate grounds override yours

During restriction, we may only process your data with your consent or for legal claims, protection of others' rights, or important public interests.

14.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller where:

The processing is based on consent or contract
The processing is carried out by automated means

We will provide your data in common formats such as CSV, JSON, or XML.

14.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) lit. e (public interest) or f (legitimate interests) GDPR, including profiling based on those provisions.

We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Direct Marketing: If your data is processed for direct marketing purposes, you have the right to object at any time. If you object, we will immediately stop processing your data for direct marketing purposes.

14.7 Right to Withdraw Consent (Art. 7 (3) GDPR)

Where processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to withdraw consent:

For cookies: Adjust your cookie preferences via our cookie banner
For newsletter: Click unsubscribe link in any newsletter
For all other processing: Contact us at cp@ecoefxsol.com

14.8 Right to Lodge a Complaint (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Competent supervisory authority for our company:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
Germany

Phone: +49 40 428 54-4040
Fax: +49 40 428 54-4000
Email: mailbox@datenschutz.hamburg.de
Website: https://datenschutz-hamburg.de

You can also contact the supervisory authority in your own country. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

14.9 Automated Individual Decision-Making, Including Profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Our practice: We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any analytics or personalization on our website does not result in automated decisions that affect your rights.

14.10 How to Exercise Your Rights

To exercise any of your rights, please contact us:

ECO EFX Solutions GmbH
Data Protection Officer: Sven-Oliver Robertson
Hamburger Straße 180
22083 Hamburg
Germany

Email: cp@ecoefxsol.com
Phone: +49-40-298 234 60

We will respond to your request:

Without undue delay
Within one month of receipt of the request
Extended to two months if necessary due to complexity (we will inform you of the extension)
Free of charge (we may charge a reasonable fee for repetitive or excessive requests)

To protect your privacy, we may ask you to verify your identity before responding to requests concerning your personal data.

15. Data Sharing

We respect your privacy and only share your personal data with third parties in the following carefully controlled circumstances.

15.1 Data Processors (Art. 28 GDPR)

We share your data with carefully selected service providers who support us in operating this website and providing our services. These are data processors who process data only on our behalf and according to our instructions:

Categories of data processors:

Hosting and Infrastructure: Wix.com (website hosting, CDN, security)
Email Services: Email delivery and newsletter platforms
Analytics: Web analytics and marketing analytics tools
Communication: Email, chat, and customer support tools
IT Services: Technical support, maintenance, and security providers
Payment Processing: Payment service providers (if applicable)

Data Processing Agreements: We have concluded comprehensive data processing agreements (DPAs) with all data processors that ensure:

Processing only according to documented instructions
Confidentiality of processing personnel
Appropriate technical and organizational measures
Restrictions on engaging sub-processors
Assistance with data subject rights requests
Deletion or return of data after end of processing
Audit and inspection rights

15.2 Legal Obligations and Authorities

In certain cases, we are legally obliged to share your data with external authorities:

Law Enforcement: When required by law or court order
Tax Authorities: For tax compliance and reporting obligations
Regulatory Bodies: When required by applicable regulations
Legal Claims: For establishment, exercise, or defense of legal claims

Legal basis: Art. 6 (1) lit. c GDPR (legal obligation) or Art. 6 (1) lit. f GDPR (legitimate interests)

15.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

15.4 With Your Consent

We may share your data with third parties if you have given us explicit consent to do so. You can withdraw this consent at any time.

15.5 No Sale of Personal Data

Important: We do not sell your personal data to third parties under any circumstances. We do not share your data with third parties for their own marketing purposes without your explicit consent.

15.6 Social Media Sharing

If you choose to share content from our website on social media (using share buttons), data will be transmitted to the respective social media platform. This occurs only after you actively click the share button. See Section 8 for details on social media plugins.

16. Data Retention Period

We only store personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law.

16.1 Retention Periods Overview

16.2 Statutory Retention Obligations

German and European law requires us to retain certain business and tax documents for specified periods:

10 years: Books and records, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents (§ 147 AO, § 257 HGB)
6 years: Other business letters, sent and received commercial letters (§ 257 (4) HGB)

After expiration of the retention period, data is routinely deleted unless further storage is necessary for contract fulfillment or legal claims.

16.3 Deletion Procedures

We have implemented systematic deletion procedures:

Automatic Deletion: Data subject to fixed retention periods is automatically deleted when the period expires
Regular Review: Manual review of data every 6 months to identify data that should be deleted
Secure Deletion: All deleted data is securely erased and cannot be recovered
Backup Deletion: Deletion also applies to backup copies after backup retention period

16.4 Exceptions to Deletion

Data may be retained beyond normal retention periods if:

You have consented to longer retention
We have a legal obligation to retain the data
Retention is necessary for legal claims (statute of limitations: typically 3 years in Germany)
Retention is necessary for compliance with a court order or regulatory requirement

17. International Data Transfers

In the context of our business operations and use of service providers, your personal data may be transferred to or made accessible in countries outside the European Economic Area (EEA).

17.1 Third Countries We Transfer Data To

We transfer data to the following third countries:

United States: Through our hosting provider Wix and various service providers (Google, Meta, etc.)
Israel: Through our hosting provider Wix.com Ltd.

17.2 Legal Safeguards for Data Transfers

We ensure that all international data transfers are protected by appropriate safeguards as required by Art. 44-49 GDPR:

Adequacy Decisions

Israel: The European Commission has determined that Israel ensures an adequate level of data protection (Commission Implementing Decision 2011/61/EU of 31 January 2011). Therefore, data transfers to Israel are permitted without additional safeguards.

EU Standard Contractual Clauses (SCCs)

For transfers to countries without an adequacy decision (such as the USA), we rely on EU Standard Contractual Clauses:

Commission Implementing Decision (EU) 2021/914 of 4 June 2021
Legally binding agreements between us and data recipients
Ensures equivalent level of data protection as in the EU
Includes data subject rights and remedies

EU-US Data Privacy Framework

Some of our US-based service providers are certified under the EU-US Data Privacy Framework:

Google LLC
Meta Platforms, Inc.

The EU-US Data Privacy Framework has been recognized by the European Commission as providing adequate protection for personal data transferred from the EU to participating US organizations (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023).

17.3 Additional Safeguards

In addition to legal mechanisms, we implement additional technical and organizational measures:

Encryption: All data transfers are encrypted in transit (TLS 1.2 or higher)
Minimization: We transfer only the minimum necessary data
Access Controls: Strict limitations on who can access transferred data
Impact Assessments: Regular assessment of risks related to data transfers
Monitoring: Ongoing monitoring of service providers' compliance

17.4 Specific Service Providers and Transfer Mechanisms

17.5 Your Rights Regarding International Transfers
You have the right to:

Receive information about which countries your data is transferred to
Obtain a copy of the safeguards in place (e.g., Standard Contractual Clauses)
Object to specific transfers under certain circumstances

To obtain copies of the safeguards or for questions about international transfers, contact our Data Protection Officer at cp@ecoefxsol.com.
17.6 Monitoring and Compliance
We continuously monitor developments in international data transfer law and adjust our practices as necessary to ensure compliance with GDPR requirements. This includes:

Regular review of adequacy decisions and their validity
Monitoring of political and legal developments in third countries
Assessment of whether additional measures are necessary
Updates to data processing agreements as needed

18. Changes to the Privacy Policy

18.1 Right to Update

We reserve the right to update this privacy policy to reflect:

Changes in our data processing practices
New features or services on our website
Changes in applicable laws and regulations
Technological developments and security improvements
Changes in our service providers

18.2 Notification of Changes

Minor Changes: For minor updates that do not materially affect how we process your data, we will update this page and note the revision date at the top.

Material Changes: For significant changes that materially affect your rights or how we process your data, we will:

Display a prominent notice on our website for at least 30 days
Send an email notification to registered users and newsletter subscribers
Where required by law, obtain your consent for the new processing activities

18.3 Your Options

When we make material changes:

You can review the updated privacy policy before it takes effect
You can object to the changes by exercising your data protection rights
You can withdraw consent for data processing that requires consent
You can discontinue use of our services if you disagree with the changes

18.4 Version History

We maintain a version history of significant privacy policy updates. You can request previous versions by contacting our Data Protection Officer.

We recommend that you review this privacy policy periodically to stay informed about how we protect your personal data. The "Last Updated" date at the top of this page indicates when the privacy policy was last revised.

Contact for Data Protection Questions

If you have any questions about this privacy policy, our data processing practices, or wish to exercise your rights, please contact us:

General Inquiries:
ECO EFX Solutions GmbH
Hamburger Straße 180
22083 Hamburg
Germany
Email: info@ecoefxsol.com
Phone: +49-40-298 234 60
Fax: +49-40-298 234 61

Data Protection Officer:
Sven-Oliver Robertson
ECO EFX Solutions GmbH
Hamburger Straße 180
22083 Hamburg
Germany
Email: cp@ecoefxsol.com
Phone: +49-40-298 234 60

Response Time: We aim to respond to all privacy-related inquiries within one business day and will provide a substantive response within one month as required by GDPR.