Privacy policy

This privacy policy informs about the nature, scope, and purpose of the processing of personal data when visiting this website pursuant to the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG).

1. Controller

Controller within the meaning of the GDPR and other national data protection laws:

exigo capital GmbH
Knobelsdorffstr. 21
14059 Berlin
Germany
Represented by the Managing Directors Michael von Roeder and Anne El Mikati.
Email: aem@exigocapital.de
Phone: +49 174 17 33 457

A data protection officer is not required, as the prerequisites of Art. 37 GDPR in conjunction with § 38 BDSG are not met.

2. General notes on data processing

This website is a statically generated corporate site. It does not use cookies, cross-device tracking, advertising pixels, retargeting, newsletter functions, contact forms, or login mechanisms. No third-party content is embedded on page load. Links to external platforms are pure hyperlinks and are only opened through an active click.

Processing of personal data therefore only takes place to the technically unavoidable extent described below, in particular when the page is delivered via the hosting provider, during privacy-friendly audience measurement, and when contacting us directly by e-mail.

3. Hosting and server logfiles

This website is hosted on the platform of Netlify, Inc., 512 2nd Street, Fl 2, San Francisco, CA 94107, USA (hereinafter: "Netlify"). Netlify operates a globally distributed edge network and ensures the delivery and technical stability of this website.

With every page request, Netlify automatically stores the following technical access data in logfiles:

  • IP address of the requesting device
  • Date and time of access
  • Requested URL and HTTP status code
  • Volume of data transferred
  • Referring URL (referrer)
  • Browser used, browser version, operating system

These data are processed exclusively to ensure error-free operation, to improve network and content performance, and to defend against abusive requests. They are not combined with other data sources or evaluated for marketing or profiling purposes.

According to Netlify, the full IP address is automatically deleted after 30 days; subsequently, aggregated and non-personally-identifiable statistics may be retained for longer.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision of the website).

Data processing agreement: A data processing agreement (Data Processing Addendum) pursuant to Art. 28 GDPR is in place with Netlify. Delivery of content takes place primarily via edge nodes within the European Union; transfers to the United States only occur to the extent technically required to operate the CDN. Netlify, Inc. is an active participant in the EU-U.S. Data Privacy Framework; additionally, EU Standard Contractual Clauses are used.

Netlify privacy policy ↗ · Netlify GDPR/CCPA notes ↗

4. Cookies, local storage, and tracking

This website does not set any cookies and uses neither localStorage nor sessionStorage to store personal data. No advertising or cross-device tracking technologies are deployed (no Google Analytics, no Meta Pixel, no Matomo, no Hotjar, no A/B-testing tool). The audience-measurement solution used (see section 8) operates without cookies. Consent under § 25 TDDDG is therefore not required; a cookie banner is intentionally omitted for this reason.

5. Fonts and static assets

The fonts used on this website (Source Serif 4, Inter, JetBrains Mono) are loaded exclusively from our own server (self-hosted via @fontsource packages). No request is made to the Google Fonts API or other external font providers; accordingly, no IP addresses or browser information are transmitted to Google or third parties.

Likewise, all images, logos, and documents are served directly from this site. No external image CDNs, avatar services, or Gravatar endpoints are queried.

6. Contact by email

When you contact us by email (e.g. via the mailto link in the footer or on the contact page), the personal data transmitted (at minimum email address, optionally name, content of the message) are used exclusively to handle the enquiry and for any subsequent correspondence.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to legitimate enquiries) and, insofar as the enquiry aims at a contractual relationship, Art. 6(1)(b) GDPR.

Retention: Email correspondence is retained for as long as required for the processing purpose and otherwise for as long as statutory retention obligations (in particular under commercial and tax law, e.g. § 257 HGB, § 147 AO) require. The data are deleted thereafter.

7. External links

This website contains links to external third-party sites, in particular to the sites of associated companies, investments, and professional profiles (e.g. LinkedIn). By clicking such a link you leave this site. We have no influence on how the respective third-party processes your personal data; the privacy notice of the respective provider applies exclusively. We recommend consulting these before use.

8. Audience measurement with Plausible Analytics (self-hosted)

For statistical analysis of visitor behaviour this website uses the open-source service Plausible Analytics (Community Edition, AGPL-3.0). The measured domain is exigocapital.de. Plausible runs on a self-operated server instance (analytics.michaelvonroeder.com) within the European Union (data centre Frankfurt am Main, Germany); no data is transmitted to Plausible Insights OÜ or any other third party. This is therefore not data processing on behalf within the meaning of Art. 28 GDPR but processing carried out solely by the controller.

Plausible does not use cookies, cross-site, or cross-device tracking. No information is stored on or read from the user's device within the meaning of § 25 TDDDG; consent is therefore not required.

Only aggregated, non-personally-identifiable metrics are processed:

  • Requested URL and timestamp
  • Referring URL (referrer)
  • Browser family and operating-system family
  • Screen size class (e.g. "Mobile", "Tablet", "Desktop")
  • Country, derived from the IP address (e.g. "DE")

The user's IP address is never stored. To distinguish recurring visits within a single day, Plausible generates a daily-rotating, non-reversible hash from IP address, user agent, hostname, and a daily-changing salt. This hash is automatically discarded after 24 hours; recognition beyond that day is technically impossible.

Legal basis: Art. 6(1)(f) GDPR, legitimate interest in a privacy-friendly measurement of reach and usage on the controller's own website without cookies or third-party trackers.

Further information on the Plausible data model: plausible.io/data-policy ↗. The source code is publicly available at github.com/plausible/community-edition ↗.

9. Rights of the data subject

You have the right at any time to:

  • Access (Art. 15 GDPR), information about the data processed about you.
  • Rectification (Art. 16 GDPR), rectification of inaccurate or completion of incomplete data.
  • Erasure (Art. 17 GDPR), erasure of your data ("right to be forgotten").
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR), receipt of your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21 GDPR), objection to processing on grounds arising from your particular situation.
  • Withdrawal of consent (Art. 7(3) GDPR), withdrawal takes effect for the future and does not affect the lawfulness of processing carried out beforehand.

An informal message to the e-mail address listed under section 1 is sufficient to assert these rights.

10. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Email: mailbox@datenschutz-berlin.de
Web: www.datenschutz-berlin.de

11. Data security

This website is delivered exclusively in encrypted form via HTTPS (TLS 1.2 / 1.3). The TLS certificate is automatically provided by Let's Encrypt through Netlify's CDN and is renewed regularly. Personal data are therefore transmitted using transport encryption that reflects the current state of the art.

12. No automated decision-making

No automated decision-making within the meaning of Art. 22 GDPR takes place; in particular, no profiling is carried out.

13. Currency and changes to this privacy policy

This privacy policy reflects the current status (see date below). It may become necessary to adjust the privacy policy as this website evolves or as legal or regulatory requirements change. The most recent version is available on this page at any time.

As of: June 2026