Privacy policy

Last updated: May 2026

This Privacy Policy informs you about how we process personal data when you visit our website, contact us, or use the Splexit Companion App.

Personal data means any information that can identify you personally or that relates to an identifiable person.

1. Controller

The controller responsible for the processing of personal data is:

Kasperek & Petto GbR
Allersberger Str. 185 L1a
90461 Nuremberg
Germany

Represented by the partners René Kasperek and Art Petto
Email: support@splexit.de

2. General information on data processing

We process personal data only to the extent necessary to provide our website, communicate with you, provide our services, or enable the use of the Splexit Companion App, or where you have given your consent to such processing.

The processing is carried out in particular on the basis of the General Data Protection Regulation (GDPR) and the applicable national data protection laws.

Depending on the specific processing activity, the following legal bases may apply in particular:

Where we require your consent to access information on your device or to store information on your device, this is done in accordance with the applicable legal requirements, in particular Section 25 TDDDG.

3. Data security

We treat your personal data confidentially and use appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, alteration, or disclosure.

Our website uses SSL/TLS encryption for security reasons. You can recognise an encrypted connection by the fact that the browser address bar begins with “https://” and displays a lock symbol.

However, complete security of data transmission over the internet cannot be guaranteed.

4. Data processing when visiting our website

4.1 Automatically collected data and server log files

When you visit our website, our IT systems automatically process technical data that is required for the operation, security, and stability of the website.

This may include in particular:

This processing is carried out in order to technically deliver the website, ensure system security, analyse errors, and prevent misuse.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional operation of our website.

Server log files are stored only for as long as necessary for the purposes stated above and are then deleted or anonymised, unless longer storage is required in individual cases to investigate security incidents.

4.2 Cookies and similar technologies

Our website may use cookies or similar technologies. Cookies are small text files that are stored on your device.

Technically necessary cookies and similar technologies are used where they are required for the operation of the website, the provision of certain functions, or the storage of your privacy settings.

Where we use non-essential cookies, external content, or services, this is done only after you have given your consent. You may change or withdraw your consent at any time via the privacy settings on the website.

The legal basis for technically necessary processing is Art. 6(1)(f) GDPR. Where consent is obtained, processing is based on Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

4.3 Consent management

We use a consent management solution on our website in order to obtain, document, and manage your consent for certain services and data processing activities.

Technical information may be processed for this purpose, in particular your selection, the time of consent or refusal, and technical information about your browser and device.

The processing is carried out in order to document legally required consents and to respect your privacy settings.

The legal basis is Art. 6(1)(c) GDPR where the processing is necessary to comply with legal documentation obligations, and Art. 6(1)(f) GDPR for the proper operation of the consent management system.

5. Contacting us

If you contact us by email, contact form, or any other means, we process the information you provide in order to handle your request.

This may include in particular:

Depending on the content of your request, processing is carried out on the basis of Art. 6(1)(b) GDPR if your request relates to a contract or pre-contractual measures, or on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in handling and responding to your request.

The data will be deleted once your request has been fully processed and no statutory retention obligations or legitimate interests in further storage apply.

6. External services on the website

External services on our website are generally loaded only after you have given your consent, where such consent is legally required. Without your consent, no personal data will be transferred to the respective providers in these cases.

6.1 Google reCAPTCHA

We may use Google reCAPTCHA on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to protect our forms from spam, automated submissions, and misuse. The service helps distinguish whether an input was made by a human or by automated means.

When reCAPTCHA is used, the following data may be processed in particular:

reCAPTCHA is used only after you have given your consent. The legal basis is Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

In connection with Google services, a transfer of personal data to Google LLC in the United States cannot be excluded. Where data is transferred to a third country, this is done in accordance with the data protection safeguards provided for by law.

Further information can be found in Google’s privacy information and terms of service.

6.2 Font Awesome

We use Font Awesome to display symbols and icons on our website.

Font Awesome is integrated locally on our server. As a result, no connection to servers of Fonticons, Inc. or other external providers is established due to the Font Awesome integration.

6.3 Calendly

We may embed or link to Calendly on our website for optional appointment booking. The provider is Calendly LLC, USA.

Calendly is loaded or used only if you actively use the appointment booking function or, where required, have given your prior consent.

When using Calendly, the following data may be processed in particular:

The processing is carried out for the purpose of scheduling and conducting appointments. The legal basis is Art. 6(1)(b) GDPR where the appointment booking relates to pre-contractual or contractual measures. Where Calendly is loaded only after consent has been given, or where non-essential cookies or similar technologies are used, the legal basis is Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

Since Calendly is a provider based in the United States, personal data may be transferred to the United States. According to Calendly, appropriate data protection safeguards are provided for this purpose, in particular a Data Processing Addendum and standard contractual clauses.

Further information can be found in Calendly’s privacy information.

6.4 CleverReach Newsletter

We use CleverReach to send and manage our newsletter. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.

If you subscribe to our newsletter, we process the data required for this purpose. This includes in particular:

Newsletter registration is carried out using the double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. Your email address will only be added to the newsletter mailing list after this confirmation.

The data collected during registration is processed in order to send the newsletter, document your registration, and prevent misuse of your email address.

The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) GDPR. The documentation of the registration is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in being able to prove a proper registration and prevent misuse.

You may withdraw your consent to receive the newsletter at any time with effect for the future. You can do this by using the unsubscribe link at the end of each newsletter or by contacting us directly. After unsubscribing from the newsletter, your email address will be deleted from the newsletter mailing list, unless statutory retention obligations or legitimate interests in further storage apply.

CleverReach processes newsletter data on our behalf. We have concluded a data processing agreement with CleverReach pursuant to Art. 28 GDPR.

CleverReach may process technical data in connection with newsletter delivery that is required for sending, delivering, and securing the service.

For the purpose of measuring success and improving our newsletter offering, we may use CleverReach to analyse whether newsletters were opened and which links in a newsletter were clicked. For this purpose, opening data, click data, time of access, technical information about the device or email program used, and the assignment to the respective email address may be processed.

The opening of a newsletter may be recorded via a so-called tracking pixel. Clicks on links in the newsletter may be recorded via tracking links. These analyses are used to measure the reach of our newsletters, improve content, and further develop our information offering in a user-oriented manner.

The processing of this data is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, in particular by using the unsubscribe link at the end of each newsletter or by contacting us directly.

7. Data processing when using the Splexit Companion App

7.1 Description of the app

The Splexit Companion App is a tablet application for managing and controlling spatial 3D presentations on XR headsets. The app serves as a control centre for presentations and enables users to manage, upload, and synchronise content with connected XR headsets during a presentation.

The app is intended in particular for educational institutions, media centres, teachers, organisations, and professional users who wish to present immersive content.

7.2 Account and login data

For the creation and use of a user account, we process the following data:

This data is used to provide user accounts, authenticate users, assign content to an account, and enable the use of the app.

The processing is carried out on the basis of Art. 6(1)(b) GDPR, insofar as it is necessary for the provision of the app and the performance of the user relationship.

7.3 Content uploaded by the user

Users may voluntarily upload their own content to the app. This may include in particular:

This content is processed exclusively in order to provide it within the Splexit Companion App and the related presentation functions.

The processing is carried out on the basis of Art. 6(1)(b) GDPR, insofar as the processing is necessary to provide the requested app functions.

7.4 Newsletter registration in the app

As part of account creation or use of the app, users may voluntarily consent to being added to our newsletter mailing list.

Newsletter registration is voluntary and is not required in order to create a user account or use the app. Consent is given via a separate selection option in the app and is not pre-selected.

If users consent to receiving the newsletter, in particular the email address, the time of consent, and technical information for documenting the consent may be processed. If the name is used to personalise the newsletter, it may also be processed.

We use CleverReach for sending, managing, and analysing the newsletter. Further information on the processing of newsletter data, the double opt-in procedure, opening and click tracking, and withdrawal of consent can be found in the “CleverReach Newsletter” section of this Privacy Policy.

7.5 Local Wi-Fi communication with XR headsets

The Splexit Companion App may connect to XR headsets via a local Wi-Fi network in order to control presentations and synchronise content output.

Only data required for presentation control is transmitted. This includes in particular content data, scene information, and control commands.

Account data such as email address, name, password, or user identifier is not transmitted to the connected XR headsets. The headsets do not receive access to the user account or account management.

Local communication is used exclusively for presentation control within the respective network.

7.6 Storage and hosting of app data

The data of the Splexit Companion App is processed on self-hosted Supabase instances. The servers are operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

The data is stored on servers in Germany or within the European Union.

We have concluded a data processing agreement with our hosting provider Hetzner Online GmbH pursuant to Art. 28 GDPR. Hetzner processes personal data exclusively on our instructions and only to the extent necessary for the operation of the technical infrastructure.

7.7 Security of app data

We use technical and organisational measures to protect the data processed in the app against unauthorised access, loss, alteration, or disclosure.

These measures include in particular:

7.8 Recipients of app data

Personal app data is transferred to third parties for advertising or analysis purposes only where users have expressly consented to receiving the newsletter.

A transfer to CleverReach takes place only if users have expressly consented to receiving the newsletter as part of app use. In this case, the data required for sending, managing, and analysing newsletter openings and clicks is transmitted to CleverReach.

Recipients of personal data may include:

Any further disclosure takes place only where there is a legal basis for doing so, where there is a legal obligation, or where the user has expressly consented.

7.9 Storage period and deletion of app data

Personal data is stored only for as long as necessary to provide the app, manage the user account, and fulfil the respective purposes.

Account data and uploaded content are generally stored for the duration of active use.

Users can delete their account in the app under “Settings → Delete account”. When the account is deleted, the personal data associated with the account is deleted. This includes in particular:

Once deleted, the account and its content cannot be restored.

Deleting the app account does not automatically unsubscribe the user from the newsletter if the newsletter subscription is managed separately via CleverReach. Users can unsubscribe from the newsletter at any time using the unsubscribe link in the newsletter or by contacting us directly.

If an account has not been used for a period of 12 months, the data associated with that account may be automatically deleted.

Where data is contained in technical backups, it will be overwritten or deleted as part of the regular backup cycles.

7.10 App Store privacy information

For the publication of the Splexit Companion App in the Apple App Store, the required privacy information is provided.

The data processed in the app is used for app functionality. Where users voluntarily consent to receiving the newsletter, the email address may also be used for our own marketing communication. No tracking within the meaning of the App Store privacy information takes place.

8. Processing on behalf of others

8.1 Processors used by us

Where we use service providers that process personal data on our behalf, we conclude data processing agreements with these providers pursuant to Art. 28 GDPR.

This applies in particular to our hosting provider Hetzner Online GmbH for the operation of our website and app infrastructure, as well as CleverReach GmbH & Co. KG for sending and managing our newsletter.

8.2 Processing on behalf of our customers

Where we process personal data on behalf of our customers, in particular for educational institutions, media centres, organisations, or other contractual partners, we act as a processor within the meaning of Art. 28 GDPR.

In such cases, the respective customer is responsible for the relevant data processing. The processing is carried out exclusively in accordance with the relevant contract, a data processing agreement, and the customer’s instructions.

This may be the case in particular where customers manage their own content, presentations, media, or other data via Splexit or use such data in the context of presentations.

9. Storage period

Unless a more specific storage period is stated within this Privacy Policy, personal data will remain with us until the purpose of the respective data processing no longer applies.

If you assert a justified request for deletion or withdraw your consent to data processing, the affected personal data will be deleted unless there are other legally permissible reasons for further storage. Such reasons may include, in particular, statutory retention obligations, such as retention periods under tax or commercial law, or the establishment, exercise, or defence of legal claims.

In the case of statutory retention obligations, deletion takes place after the expiry of the respective retention period.

10. Your rights

Subject to the statutory requirements, you have the following rights:

You may contact us at any time to exercise your rights:

Email: support@splexit.de

11. Withdrawal of consent

If you have given us consent to process personal data, you may withdraw this consent at any time with effect for the future.

The lawfulness of processing carried out before the withdrawal remains unaffected.

Consents for external services on the website can be changed or withdrawn at any time via the privacy settings on the website.

12. Right to object pursuant to Art. 21 GDPR

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defence of legal claims.

13. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority.

You may contact, in particular, the data protection supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.

14. Objection to advertising emails

We object to the use of contact data published in the context of legal notice obligations or comparable legal information obligations for the purpose of sending unsolicited advertising and information materials.

We reserve the right to take legal action in the event of unsolicited advertising information being sent, in particular spam emails.

15. Changes to this privacy policy

We reserve the right to amend this Privacy Policy if legal requirements, technical functions of our website or app, or our data processing procedures change.

The current version published on our website applies.