Loxhelp

Privacy policy

Last updated: 6 May 2026

We take the protection of your personal data seriously. This policy explains what data we collect, how we use it, and what rights you have. It applies to www.loxhelp.com and all related services.

1. Who we are

Loxhelp is a trading name of Avanta Systems, an independent Loxone Config specialist based in Zwolle, Netherlands. Avanta Systems is the controller for all personal data processed via this website.

Company details:

  • Avanta Systems
  • Ceintuurbaan 15, 8022 AW Zwolle, Netherlands
  • Chamber of Commerce (KvK): 97761362
  • VAT: NL005287244B70

Privacy contact: email info@loxhelp.com — phone +31 85 333 2576.

We have not appointed a Data Protection Officer because this is not legally required for our organisation. For questions about your personal data, please contact us directly using the details above.

2. Data we process

We process only data that you provide to us yourself or that is automatically logged when you visit our website.

Data you actively provide via the contact form or email:

  • Name
  • Email address
  • Phone number (optional)
  • Content of your message or project description
  • Any attached documents (e.g. Loxone Config files)

2a. Automatically collected data

  • IP address
  • Browser type and version
  • Pages visited and timestamps
  • Referring website
  • Device information

Submitting the contact form is voluntary. Without the requested data we cannot meaningfully respond to your request.

3. Purposes and legal bases

We process your personal data only for the purposes listed below. For each purpose we identify the legal basis under Article 6 GDPR.

  • Responding to your request and preparing a quote Legal basis: performance of, or steps prior to, a contract (Article 6(1)(b) GDPR).
  • Carrying out a Loxone configuration or programming project Legal basis: performance of contract (Article 6(1)(b) GDPR).
  • Invoicing and accounting Legal basis: legal obligation (Article 6(1)(c) GDPR; Dutch tax retention requirement Article 52 AWR).
  • Website security and proper operation Legal basis: legitimate interests (Article 6(1)(f) GDPR).
  • Analytics cookies and usage analysis Legal basis: consent (Article 6(1)(a) GDPR; ePrivacy / PECR § 6 for non-essential cookies in UK). Collected only after explicit consent in the cookie banner.

4. Recipients / processors

We use external service providers who process personal data on our behalf. We have a Data Processing Agreement (DPA) with each.

ProcessorPurposeLocation
Vercel Inc.Website hosting, server logs, file uploads via the contact form (Vercel Blob, Frankfurt region)USA (DPF), EU storage (Frankfurt)
ResendSending and receiving contact-form emailsUSA (DPF)
Google WorkspaceBusiness email and archivingUSA (DPF), EU storage
Moneybird B.V.Invoicing and accountingNetherlands
Google Analytics 4 (only after consent)Website analyticsUSA (DPF)

We do not share your data with any other third parties except where legally required, or in the course of providing our service (e.g. a sub-contractor under DPA).

5. Transfers outside the EU / UK

Some of our processors are based in the USA. Transfers occur under the EU-US Data Privacy Framework (DPF), which the European Commission has determined provides adequate protection for transferred personal data (Adequacy Decision C(2023) 4745). For UK residents, transfers occur under the UK extension of the DPF. We periodically verify that our US processors maintain DPF certification.

Should the DPF be invalidated or a processor lose certification, we have additionally agreed Standard Contractual Clauses of the European Commission as a fallback.

6. Retention

We do not retain your data longer than necessary for the purposes for which it was collected or as legally required.

  • Contact requests without follow-up: up to 12 months
  • Files sent via the contact form (e.g. Loxone Config backups, PDFs, photos): up to 6 months in our secure Vercel Blob storage, then automatically deleted. Files needed for project execution are then archived under the project documentation period.
  • Customer data and project documentation: for the duration of the project plus warranty and service period (typically 5 years after delivery)
  • Financial documents (invoices, quotes, payment records): 7 years per Dutch tax retention requirement (Article 52 AWR)
  • Server logs: up to 30 days
  • Analytics data (after consent): up to 14 months

After the retention period, data is deleted or anonymised.

7. Cookies and analytics

Our website uses cookies. We distinguish three categories:

  • Functional cookies (always active): required for the site to work (e.g. remembering your cookie preferences). No consent required.
  • Analytics cookies (only after consent): website statistics via Google Analytics 4 with Google Consent Mode v2 and IP anonymisation.
  • Marketing cookies (only after consent): for ad effectiveness measurement and remarketing. Currently only set after explicit consent.

On first visit, a cookie banner allows you to grant consent per category. Non-functional cookies are loaded only after explicit consent. You can withdraw consent at any time via the "Cookie settings" link in the footer or by clearing your browser cookies. Legal basis for non-essential cookies: Article 6(1)(a) GDPR; PECR § 6 (UK).

8. Security

We take appropriate technical and organisational measures to protect your personal data against loss or unlawful processing, including:

  • Encrypted TLS connections (HTTPS) site-wide
  • Two-factor authentication on all business accounts
  • Limited access to personal data — only staff with a direct project role
  • Regular software updates and security monitoring
  • Secure backups with trusted EU-based providers

In the event of a data breach, we act in accordance with the breach-notification obligation (Articles 33, 34 GDPR).

9. No automated decision-making

We do not use automated decision-making or profiling that produces legal effects on you or significantly affects you in a similar way.

10. Your rights

Under GDPR / UK GDPR you have the following rights:

  • Right of access to data we process about you
  • Right of rectification of inaccurate or incomplete data
  • Right of erasure ("right to be forgotten") in certain circumstances
  • Right to restriction of processing
  • Right to object to processing, particularly on legitimate-interest grounds
  • Right to data portability to another organisation
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing

You can exercise these rights by emailing info@loxhelp.com. We respond within four weeks. To prevent misuse we may ask you to verify your identity.

You can lodge a complaint with a supervisory authority — in your EU member state, the UK ICO (ico.org.uk), or the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

11. Changes to this policy

We may update this privacy policy — for example, when our services change, when we engage new processors, or when laws change. The current version is always available on this page with the date last updated.