Privacy Policy

Last updated: 15 January 2026

1. Introduction

This Privacy Policy describes how Xirion GmbH ("we," "us," or "our") collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and Austrian data protection laws.

2. Data Controller

Xirion GmbH is the data controller for the personal information we collect. Our contact details are:

  • Company: Xirion GmbH
  • Address: Praterstraße 184, 9081 Klagenfurt, Carinthia, Austria
  • Registration Number: FN509832d
  • VAT Number: ATU69823451
  • Email: privacy@xirion.world
  • Phone: +43 463 374 5398

3. Data Collection

We collect personal data that you provide to us directly and information that is automatically collected when you use our website. The data we collect includes:

Information You Provide Directly:

  • Contact information (name, email address, phone number, company details)
  • Communication preferences and enquiry details
  • Information submitted through contact forms or email communications
  • Professional information relevant to our services

Information Collected Automatically:

  • Website usage data and analytics information
  • Device information (IP address, browser type, operating system)
  • Cookies and similar tracking technologies
  • Page views, time spent on site, and navigation patterns

4. How We Use Your Information

We use the personal data we collect for the following purposes, based on legitimate business interests and your consent where required:

  • To provide and improve our corporate finance services
  • To respond to your enquiries and communicate with you about our services
  • To send you relevant business information and updates about our services
  • To comply with legal obligations and regulatory requirements
  • To analyse website usage and improve user experience
  • For marketing purposes, including targeted advertising (with your consent)
  • To protect our legitimate business interests and legal rights

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific processing activities
  • Contract: When processing is necessary for the performance of a contract with you
  • Legal Obligation: When we must process your data to comply with legal requirements
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights are not overridden

6. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

  • With trusted service providers who assist us in operating our business (subject to confidentiality agreements)
  • When required by law or to comply with legal processes
  • To protect our rights, property, or safety, or that of our clients or others
  • In connection with a business transaction (merger, acquisition, or sale)
  • With your explicit consent for specific sharing purposes

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Contact information: Until you request deletion or withdraw consent
  • Service-related data: For the duration of our business relationship plus applicable legal retention periods
  • Marketing data: Until you unsubscribe or withdraw consent
  • Website analytics: Typically 26 months for Google Analytics data
  • Legal compliance: As required by Austrian and EU law (typically 7-10 years for financial records)

10. Your Rights

Under GDPR and Austrian data protection law, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing activities that require it

To exercise any of these rights, please contact us at privacy@xirion.world or +43 463 374 5398. We will respond to your request within one month.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure data storage and backup procedures
  • Incident response and breach notification procedures

12. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

13. Third-Party Services

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to these external sites. We encourage you to read the privacy policies of any third-party services you use.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Austria, the competent authority is the Austrian Data Protection Authority (Datenschutzbehörde).

16. Contact Information

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

We are committed to addressing your privacy concerns and will respond to your enquiries promptly.