Skip to main content

Privacy Policy

Last updated: 6 July 2026

1. Introduction

Naxxar Energy Europe GmbH (“Naxxar Energy,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, disclose, and otherwise process personal data when you visit or interact with our website, communicate with us, or otherwise provide personal data to us in connection with our business activities.

We process personal data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”), and, where applicable, the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – “TDDDG”).

2. Data Controller

The controller responsible for the processing of personal data described in this Privacy Policy is:

Naxxar Energy Europe GmbH
Marienturm
Taunusanlage 9–10
D-60329 Frankfurt am Main
Germany

For privacy-related enquiries or requests concerning your personal data, please contact us using the contact details published on our website.

If Naxxar Energy Europe GmbH appoints a Data Protection Officer or designates a specific privacy contact, the relevant contact details will be published here as required by applicable law.

3. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed through this website and in connection with communications initiated through the website.

It does not necessarily apply to personal data processed under separate contractual arrangements, transaction-specific confidentiality arrangements, employment relationships, recruitment processes, due diligence processes, investment activities, acquisition processes, or other business relationships where a separate privacy notice or other legal framework may apply.

4. Personal Data We May Collect

Depending on how you interact with us, we may process the following categories of personal data:

4.1 Information You Provide Directly

You may provide personal data when you:

  • contact us through a website form;
  • send us an email;
  • request information;
  • make a business enquiry;
  • communicate with members of our team; or
  • otherwise interact with us.

This information may include:

  • name;
  • professional title or position;
  • company or organisation;
  • email address;
  • telephone number;
  • country or location;
  • the content of your enquiry or communication; and
  • any other information you voluntarily provide.

We ask that you do not submit sensitive personal data or special categories of personal data unless specifically requested and legally appropriate.

4.2 Technical and Usage Data

When you access our website, certain technical information may be processed automatically. Depending on the configuration of the website and our service providers, this may include:

  • IP address;
  • date and time of access;
  • requested page or resource;
  • referring website or URL;
  • browser type and version;
  • operating system;
  • device information;
  • language settings;
  • access status or HTTP status code;
  • amount of data transferred; and
  • server log information.

This information may be required to deliver the website, maintain security and stability, diagnose technical issues, and protect our systems against misuse or unauthorised access.

5. Purposes and Legal Bases for Processing

We process personal data only where there is an appropriate legal basis under applicable law.

5.1 Providing and Operating the Website

We may process technical and usage data to:

  • deliver website content;
  • ensure website functionality;
  • maintain system and network security;
  • prevent misuse;
  • diagnose technical problems; and
  • administer and improve website performance.

Where applicable, processing is based on our legitimate interests pursuant to Article 6(1)(f) GDPR. Our legitimate interests include maintaining a secure, reliable, functional, and professionally presented website and protecting our information technology systems.

5.2 Responding to Enquiries and Communications

If you contact us, we may process your personal data to:

  • respond to your enquiry;
  • communicate with you;
  • provide requested information;
  • assess potential business opportunities; and
  • manage prospective or existing business relationships.

Depending on the circumstances, the legal basis may be:

  • Article 6(1)(b) GDPR, where processing is necessary to take steps at your request before entering into a contract or to perform a contract;
  • Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests in managing professional communications and business relationships; or
  • Article 6(1)(a) GDPR, where we rely on your consent.

5.3 Business and Corporate Communications

We may process professional contact information in connection with legitimate business activities, including communications with:

  • business partners;
  • professional advisers;
  • service providers;
  • potential transaction counterparties;
  • project participants;
  • industry contacts;
  • investors;
  • financing parties;
  • acquisition counterparties; and
  • other relevant stakeholders.

Where applicable, such processing is based on Article 6(1)(f) GDPR and our legitimate interests in conducting, developing, managing, and protecting our business.

5.4 Compliance With Legal Obligations

We may process personal data where necessary to comply with legal or regulatory obligations to which we are subject.

The legal basis is Article 6(1)(c) GDPR.

5.5 Establishment, Exercise, or Defence of Legal Claims

Where necessary, we may process personal data for the establishment, exercise, or defence of legal claims or for the protection of our legal rights and interests.

Depending on the circumstances, processing may be based on Article 6(1)(f) GDPR or another applicable legal basis.

6. Cookies and Similar Technologies

Our website may use cookies and similar technologies.

Cookies are small data files that may be stored on or accessed from your device when you visit a website. Similar technologies may include local storage, pixels, tags, scripts, or other mechanisms capable of storing information on, or accessing information from, a user’s device.

6.1 Strictly Necessary Technologies

Certain technologies may be necessary to:

  • provide the website;
  • enable essential functionality;
  • maintain security;
  • remember privacy preferences; or
  • provide a digital service expressly requested by the user.

Where the storage of or access to information on a user’s device is strictly necessary for a service expressly requested by the user, consent may not be required under applicable law.

Any subsequent processing of personal data is assessed separately under the GDPR and other applicable data protection law.

6.2 Non-Essential Technologies

Where required by law, non-essential cookies or similar technologies will be used only after obtaining appropriate consent.

This may include technologies used for:

  • analytics;
  • audience measurement;
  • personalisation;
  • advertising;
  • third-party media; or
  • other non-essential purposes.

Where processing is based on consent, the legal basis for processing personal data is Article 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.

The specific technologies used on the website, their purposes, providers, and durations should be described through the applicable cookie settings or consent-management interface where required.

7. Contact Forms and Email Communications

If you contact us through a contact form or by email, we may process the information you provide for the purpose of handling and responding to your communication.

We may retain correspondence where reasonably necessary to:

  • manage the relevant enquiry;
  • maintain appropriate business records;
  • continue a business relationship;
  • comply with legal obligations; or
  • establish, exercise, or defend legal claims.

Please note that ordinary email communications may involve inherent security risks. You should avoid transmitting highly sensitive or confidential information through unsecured communication channels unless appropriate safeguards are in place.

8. Recipients of Personal Data

We may disclose personal data to recipients where necessary and legally permitted, including:

  • hosting and infrastructure providers;
  • information technology service providers;
  • website maintenance and development providers;
  • cybersecurity providers;
  • communications providers;
  • professional advisers, including lawyers, auditors, accountants, and consultants;
  • affiliated entities, where legally permissible and necessary;
  • public authorities, courts, regulators, or law-enforcement bodies where required by law; and
  • other recipients where disclosure is necessary for legitimate business purposes and supported by an appropriate legal basis.

Where service providers process personal data on our behalf, we seek to use appropriate contractual and organisational safeguards as required by applicable law.

9. International Transfers of Personal Data

Some service providers or recipients may be located outside the European Economic Area (“EEA”), or may process personal data in countries outside the EEA.

Where personal data is transferred to a country outside the EEA, we seek to ensure that an appropriate transfer mechanism is available as required by Chapter V of the GDPR.

Depending on the circumstances, this may include:

  • an adequacy decision adopted by the European Commission;
  • Standard Contractual Clauses approved by the European Commission;
  • another legally recognised transfer mechanism; or
  • an applicable derogation permitted by law.

Where required, supplementary safeguards may also be considered in light of the circumstances of the transfer.

10. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods may depend on factors including:

  • the nature and purpose of the processing;
  • the duration of a business or contractual relationship;
  • applicable statutory retention obligations;
  • limitation periods;
  • the need to establish, exercise, or defend legal claims;
  • security requirements; and
  • legitimate business record-keeping needs.

When personal data is no longer required, we may delete, anonymise, or otherwise securely dispose of it in accordance with applicable requirements.

11. Data Security

We take appropriate technical and organisational measures designed to protect personal data against risks including:

  • accidental or unlawful destruction;
  • loss;
  • alteration;
  • unauthorised disclosure;
  • unauthorised access; and
  • other unlawful forms of processing.

No method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure. Accordingly, while we take appropriate measures to protect personal data, absolute security cannot be guaranteed.

12. Your Rights Under the GDPR

Subject to the conditions and limitations established by applicable law, you may have the following rights:

12.1 Right of Access

You may request confirmation as to whether we process personal data concerning you and, where applicable, request access to that personal data and related information.

12.2 Right to Rectification

You may request correction of inaccurate personal data and completion of incomplete personal data.

12.3 Right to Erasure

You may request deletion of your personal data where the applicable legal requirements are satisfied.

12.4 Right to Restriction of Processing

You may request restriction of processing in circumstances provided by applicable law.

12.5 Right to Data Portability

Where applicable, you may have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

12.6 Right to Object

Where processing is based on Article 6(1)(e) or Article 6(1)(f) GDPR, you may have the right to object to processing on grounds relating to your particular situation.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including related profiling.

12.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

12.8 Rights Relating to Automated Decision-Making

Where applicable, you may have rights concerning decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data infringes applicable data protection law.

Without prejudice to your right to contact another competent supervisory authority where permitted by law, the authority relevant to a controller established in Hesse may include the competent data protection supervisory authority for the State of Hesse.

You may also contact us directly so that we have an opportunity to address your concerns.

14. No Obligation to Provide Personal Data

In many cases, you are not legally required to provide personal data to us.

However, certain information may be necessary for us to:

  • respond to an enquiry;
  • provide requested information;
  • enter into or perform a contract;
  • comply with legal requirements; or
  • provide particular services or functionality.

Where required information is not provided, we may be unable to respond fully or provide the relevant service.

15. Automated Decision-Making

Unless otherwise expressly disclosed, we do not use personal data collected through this website to make decisions based solely on automated processing that produce legal effects concerning individuals or similarly significantly affect them within the meaning of Article 22 GDPR.

16. Third-Party Websites

Our website may contain links to websites operated by third parties.

We do not control third-party websites and are not responsible for their privacy practices, content, security, or operation. We encourage users to review the privacy information provided by the relevant third party before providing personal data.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • changes to our website;
  • changes to our processing activities;
  • changes to service providers or technologies;
  • legal or regulatory developments; or
  • operational requirements.

The current version will be published on this website together with the applicable “Last updated” date.

18. Contact

For questions concerning this Privacy Policy or the processing of your personal data, or to exercise applicable data protection rights, please contact:

Naxxar Energy Europe GmbH
Marienturm
Taunusanlage 9–10
D-60329 Frankfurt am Main
Germany

Please use the current contact details published on our website for privacy-related communications.