Privacy Policy

1

Data controller

Company

PXI — IT Consulting, Training & Engineering

Contact

contact@pxigroup.com

Privacy contact

privacy@pxigroup.com

2

Data we collect

We only collect data you actively provide through our contact or booking forms:

Contact form — professional email address, optional service context
Booking form — full name, professional email, company (optional), message (optional), appointment date/time and timezone

We do not use tracking cookies, analytics scripts, advertising pixels, or behavioral profiling. The only local storage used is pxi_lang — your language preference — which contains no personal data and is never shared.

3

Legal basis (GDPR Article 6)

Processing activity	Legal basis
Responding to a contact request	Art. 6(1)(b) — pre-contractual steps
Booking and confirming an appointment	Art. 6(1)(b) — pre-contractual steps
Bot & spam prevention (Turnstile)	Art. 6(1)(f) — legitimate interest (security)

We do not rely on consent as a legal basis — all data collection is strictly limited to information you voluntarily submit when initiating contact.

4

Sub-processors

The following services process your data when you submit a form:

Sub-processor	Purpose	Country	Privacy policy
Formspree Inc.	Form submission & email routing	USA	View ↗
Cloudflare Inc.	Bot & spam prevention	USA	View ↗
Google LLC	Appointment calendar	USA	View ↗

5

International transfers

Our sub-processors are based in the United States. Transfers outside the EU/EEA are governed by Standard Contractual Clauses (SCCs) approved by the European Commission under Decision 2021/914, ensuring your data receives equivalent protection regardless of where it is processed.

6

Data retention

Contact form submissions — 12 months from receipt, then permanently deleted
Booking records — 24 months for service follow-up, then permanently deleted
Language preference (pxi_lang) — stored locally in your browser; cleared when you clear browser data
Sub-processors apply their own retention schedules per their privacy policies

7

Your rights (GDPR Chapter III)

Under GDPR you have the right to access, rectify, erase, port, and object to the processing of your personal data. To exercise any right, contact privacy@pxigroup.com — we respond within 30 days (GDPR Art. 12).

You may also lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu ↗

8

Security

HTTPS enforced with HSTS (max-age 2 years, preload)
Strict Content Security Policy — no unauthorized scripts or external resources
Self-hosted fonts and icons — zero third-party CDN requests on page load
Cloudflare Turnstile bot protection on all submission forms
All sub-processors hold ISO 27001 certification or equivalent

9

Changes to this policy

We may update this policy to reflect changes in law or our data practices. The "Last updated" date above will be revised accordingly. For material changes, we will make reasonable efforts to notify affected users at least 30 days in advance.