Privacy

Information about the nature, scope, and purpose of the processing of personal data when visiting this website pursuant to the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG).

Private Executive is a brand of exigo capital GmbH.

1. Controller

Controller within the meaning of the GDPR and other national data protection laws:

exigo capital GmbH Knobelsdorffstr. 21 14059 Berlin Germany Represented by managing directors Michael von Roeder and Anne El Mikati. Email: kontakt@private-executive.com Phone: +49 174 17 33 457

The appointment of a data protection officer is not required, as the conditions of Art. 37 GDPR in conjunction with § 38 BDSG are not met.

2. General information on data processing

This website is a statically generated corporate presence. It uses no cookies, no cross-device tracking, no advertising pixels, no retargeting, no newsletter function, and no login. Third-party content is not embedded on page load. Links to external platforms are provided exclusively as plain hyperlinks and are only activated by deliberate user click.

The website provides a contact form (see section 6). Any personal data processing otherwise occurs only to the technically unavoidable extent described below, in particular during delivery of the site via the hosting provider, during privacy-friendly reach measurement, and upon direct contact.

3. Hosting and server logfiles

This website is hosted on the platform of Netlify, Inc., 512 2nd Street, Fl 2, San Francisco, CA 94107, USA (hereinafter: “Netlify”). Netlify operates a globally distributed edge network and ensures the delivery and technical stability of this website.

On every page request, Netlify automatically stores the following technical access data in logfiles:

  • IP address of the requesting device
  • Date and time of the request
  • Requested URL and HTTP status code
  • Volume of data transferred
  • Referring URL (referrer)
  • Browser used, browser version, operating system

These data are processed exclusively to ensure error-free operation, to improve network and content performance, and to defend against abusive requests. No consolidation with other data sources or evaluation for marketing or profiling purposes takes place. The full IP address is automatically deleted by Netlify after 30 days according to their published policy.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision of the website).

Data processing agreement: A data processing agreement (Data Processing Addendum) pursuant to Art. 28 GDPR is in place with Netlify. Content is delivered preferentially via edge nodes within the European Union; transfer to the United States occurs only to the extent technically required for CDN operation. Netlify, Inc. is an active participant in the EU-U.S. Data Privacy Framework; EU Standard Contractual Clauses are used additionally.

Netlify privacy policy · Netlify GDPR/CCPA information

4. Cookies, local storage, and tracking

This website sets no cookies and uses neither localStorage nor sessionStorage to store personal data. No advertising or cross-device tracking technologies are used (no Google Analytics, no Meta Pixel, no Matomo, no Hotjar, no A/B testing tool). The reach measurement solution used (see section 8) operates cookieless. Consent under § 25 TDDDG is therefore not required; a cookie banner is intentionally omitted.

5. Fonts and static assets

The typeface used on this website (Inter) is loaded exclusively from our own server (self-hosted via @fontsource package). The Google Fonts API and other external font providers are not called; accordingly, no IP addresses or browser information are transmitted to Google or third parties. All images, logos, and documents are likewise delivered directly from this site. No external image CDNs, avatar services, or Gravatar endpoints are contacted.

6. Contact form and contact by email

The contact form on this website allows you to request a conversation without obligation. The following data you enter are processed: name and email address (required fields), and optionally the content of your message. We use these details exclusively to handle your enquiry and for any subsequent correspondence.

The submission and storage of form entries is handled technically via Netlify Forms operated by Netlify, Inc. (address: see section 3). Entries are transmitted to Netlify’s infrastructure, stored there, and made accessible to us or forwarded by email notification. The data processing agreement mentioned in section 3 (Art. 28 GDPR) and the guarantees described there for any third-country transfer (EU-U.S. Data Privacy Framework, EU Standard Contractual Clauses) apply. To defend against automated spam entries, the form uses a hidden honeypot field; no further analysis of your behaviour takes place.

When you contact us by email (for example via the address shown in the footer), the personal data transmitted are likewise used exclusively to handle the enquiry.

Legal basis: Art. 6(1)(b) GDPR where the enquiry aims at the initiation or performance of a contract; otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to legitimate enquiries).

Retention: Data are retained for as long as required for the processing purpose and otherwise for as long as statutory retention obligations apply (in particular commercial and tax law obligations, e.g. § 257 HGB, § 147 AO). They are then deleted.

This website contains links to external third-party sites, in particular to presences of affiliated companies and professional profiles. By clicking such a link you leave this site. We have no influence on how the respective third party processes your personal data; the privacy notice of the respective provider applies exclusively. We recommend consulting it before using the respective service.

8. Reach measurement with Plausible Analytics (self-hosted)

This website uses the open-source service Plausible Analytics (Community Edition, AGPL-3.0) for the statistical evaluation of visitor behaviour. The measured domain is private-executive.com. Plausible runs on a self-operated server instance (analytics.michaelvonroeder.com) within the European Union (data centre: Frankfurt am Main, Germany); no data are transferred to Plausible Insights OÜ or other third parties. This is therefore not data processing on behalf of a third party within the meaning of Art. 28 GDPR, but exclusively our own processing as controller.

Plausible uses no cookies and no cross-site or cross-device tracking. No information is stored on or read from end-user devices within the meaning of § 25 TDDDG; accordingly, no consent is required.

Only aggregated, non-personal metrics are processed:

  • Requested URL and timestamp of the request
  • Referring URL (referrer)
  • Browser family and operating system family
  • Screen size class (e.g. “Mobile”, “Tablet”, “Desktop”)
  • Country derived from the IP address (e.g. “DE”)

The IP address of users is never stored. To distinguish recurring visits within a day, Plausible generates a daily-rotating, non-reversible hash from IP address, user agent, hostname, and a daily salt. This hash is automatically discarded after 24 hours; re-identification beyond the following day is technically impossible.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly reach and usage measurement of our own site without the use of cookies or third-party trackers).

Further information on the Plausible data model: plausible.io/data-policy. The source code is publicly available at github.com/plausible/community-edition.

9. Rights of the data subject

You have the right at any time to:

  • Access (Art. 15 GDPR).
  • Rectification (Art. 16 GDPR).
  • Erasure (Art. 17 GDPR, “right to be forgotten”).
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Objection (Art. 21 GDPR).
  • Withdrawal of consent (Art. 7(3) GDPR).

An informal message to the email address given in section 1 is sufficient to assert these rights.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstraße 219 10969 Berlin Email: mailbox@datenschutz-berlin.de Web: www.datenschutz-berlin.de

11. Data security

This website is delivered exclusively over encrypted HTTPS (TLS 1.2 / 1.3). The TLS certificate is provided automatically by Let’s Encrypt via Netlify’s CDN and renewed regularly. Transmission of personal data therefore uses transport encryption in line with the current state of the art.

12. No automated decision-making

No automated decision-making within the meaning of Art. 22 GDPR takes place; in particular, no profiling is carried out.

13. Currency and changes to this privacy policy

This privacy policy reflects the current status (see date below). As this website evolves or due to changed legal or regulatory requirements, it may become necessary to adjust the privacy policy. The most recent version is available on this page at any time.

Last updated: June 2026