Privacy policy

The following information is to be provided pursuant to Art. 13 et sqq. General Data Protection Regulation (GDPR) where personal data are collected from the data subject.



1. Identity and the contact details of the controller

Nayoki GmbH

Birkenleiten 41
D-81543 Munich

(hereinafter ” Nayoki“, „we“, „us“).



2. Contact details of the data protection officer

Holzhofer Consulting GmbH

Martin Holzhofer

Lochhamer Str. 31

82152 Planegg

Phone: +49 89 1 25 01 56 00




 3. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing

 3.1. Data processing for performing of a contract between you and us (Art. 6 para. 1 lit. b GDPR)

In order to fulfil the existing contractual relationship, provide the services owed and send you contractual documents, we and third parties or contract processors commissioned by us process the following data from you, provided that you have submitted it to us upon conclusion of the contract or in the course of the contractual relationship:

  • personal data (name, address, telephone, fax number, e-mail address, homepage if applicable)
  • Bank details (IBAN, bank, account holder) and payment information

When contacting us (e.g. via e-mail), the user’s details are stored for the purpose of processing the request and in the event that follow-up questions arise (pre-contractual measures).


3.2. Use of data on the basis of your consent (Art. 6 para. 1 lit. a GDPR)

In the case of an advertising contact, we will only communicate with you via the channels to which you have given your consent, except by post. We use your data for the following purposes:

  • Quality assurance: In order to continuously improve our services and products for you, we conduct surveys about your satisfaction, as well as your experiences from your contractual relationship.
  • General and personalised marketing.
  • If you have given us a corresponding SEPA direct debit mandate, we will also use your bank details. We collect outstanding amounts via the SEPA direct debit mandate in accordance with the contractual agreements.
  • If you apply for a job offer published on the website, the purpose of data processing is to execute the application procedure. The legal basis for this is Art. 88 GDPR, section 26 FDPA-new. 


3.3.Use of data on the basis of legitimate interests (Art. 6 para. 1 lit. f) GDPR) 

We may use your personal data to pursue our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. If data processing is based on a balance of interests and thus on legitimate interests, further information regarding the balance of interests is available on request.



4. Commitment to the provision of data

The provision of name and address is obligatory for a consulting contract. If you do not provide us with this information, no consulting contract will be concluded with us. All other data is voluntary.

If you are applying for a job offer from us, the provision of title, first name, surname, address is required for the application procedure. Non-provision would mean that an employment contract could not be concluded or could not be implemented.



5. Automated individual decision-making, including profiling

Nayoki does not carry out any profiling measures.



6. Data transfer to a third country

In principle, data is not transmitted to countries outside the EU and the European Economic Area (“third countries”). Data transfers to third countries may only occur within the scope of the administration, development and operation of IT systems. The transmission only takes place in the following cases:

  • The transfer is generally permissible because a legal basis for authorization has been fulfilled or you have given your consent to the transfer of data and
  • the special conditions for transfer to a third country are fulfilled.



7. Recipients of personal data and data sources

7.1. Categories of recipients of personal data

To the extent permitted by law, we pass on personal data to external service providers:

  • Credit institutions and providers of payment services for invoicing and settlement of payments.
  • IT service providers for the operation and maintenance of our IT infrastructure.
  • Telecommunications service providers for operating our telephone system.
  • Debt-collection service providers and lawyers to collect claims and enforce claims in court. If personal data (customer and contact data, payment and consumption point data and data on receivables) is transferred to a debt-collection service provider in the case of collection, we will inform you in advance of the intended transfer.


7.2. Data sources

We process personal data that we have received from you in the course of our business relationships. To the extent necessary for the provision of our services, we process personal data which we may obtain from publicly accessible sources (debtor registers, land registers, commercial and association registers, press, Internet) or which are legitimately transmitted by other third parties (an inquiry agency or an address service provider).



8. Storage period and criteria for determining that period

We store your data for the period of the existing contract and after termination of the contract for a period until the fiscal tax audit of the last calendar year in which you were our customer. If there are legal retention periods, we are obliged to store the data until the expiry of these periods. After expiration of the legal storage obligations, which result primarily from the commercial and tax law (in particular Sections 147 AO and 257 HGB), we delete this data.

We store your data for marketing activities until you object its use, you revoke your consent or an address is no longer permitted by law. We store your other data as long as we need it to fulfil the specific purpose (e.g. to fulfil or process the contract) and erase it after the purpose no longer applies.



9. Processing of personal data on our website


Cookies/Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site, and the information generated by the cookie about your use of the site (including your IP address) is transmitted to and stored by Google on servers in the United States. In addition, Google Analytics has been extended on this website to include the “gat._anonymizeIp();” code provided by Google in order to ensure anonymous collection of IP addresses. Before transmission, the last two digits of the IP address are shortened so that the user cannot be identified. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other data stored by Google. You can prevent the installation of cookies simply by setting your browser software accordingly. The collection and use of your IP address by Google Analytics may be revoked at any time with effect for the future. It is also possible to install a browser plug-in provided by Google. The plug-in and more information can be found on the Google website at //


Links to other websites

This data protection statement applies to the website of Nayoki. The websites on this site may contain links to other providers within and outside of to which this data protection declaration does not apply. When you leave Nayoki’s website, we recommend that you carefully read the privacy policy of any website that collects personal information.



 10. Information on your rights as data subject

Nayoki is responsible for the processing of your data, unless otherwise stated. You may at any time request information about the data stored about you and its correction in the event of errors. Furthermore, you may request the restriction of processing, the transferability of the data provided to us by you in a machine-readable format or the deletion of your data – insofar as they are no longer required.

In addition, you have the right to object at any time to the use of your data based on public or legitimate interests.

If we process your data on the basis of a consent given by you, you can withdraw this consent at any time with effect for the future. Upon receipt of your withdrawal, we will no longer process your data for the purposes stated in the consent. Please address your withdrawal or an advertising objection to:

Nayoki GmbH

Birkenleiten 41
D-81543 Munich



11.  Your right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority. The Bavarian Data Protection Authority, P.O. Box 606, D-91511 Ansbach, is responsible for us. Alternatively, you can contact your local supervisory authority.