Privacy Policy

Last updated: 2026-05-26

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website and our proxy services. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Adriaan van Veen – Mobile Proxy Germany Am Brabrinke 14 30519 Hannover Germany Email: [email protected]

The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Data Collection When You Visit Our Website

2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

• Visited page on our website
• Date and time of access
• Amount of data sent in bytes
• Source/referrer from which you came to the page
• Browser used
• Operating system used
• IP address used (anonymized where applicable)

Data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

3. Connection Metadata Generated by the Proxy Service

3.1 The provision of the GermanProxy.io routing service inherently involves the processing of technical connection metadata generated when end users route traffic through our mobile-proxy infrastructure. This is the single most significant data-processing operation in connection with our service and is described in this Section in detail.

3.2 Categories of data processed in connection with the proxy service:

• Customer identifier (account-internal)
• Source IP address used by the customer to access the proxy
• Destination domain accessed via the proxy
• Timestamps of session start, session end, and individual requests
• Volume of data transmitted (incoming and outgoing bytes)
• Mobile-device identifier and model providing the proxy IP
• Information about the mobile network operator and SIM identifier
• Session identifiers and rotation events

We do not perform deep packet inspection. We do not log the content of transmitted communications. Where technically separable, we limit storage to the metadata listed above.

3.3 Purpose and legal basis of processing:

• Performance of the contract between the User and the Provider (Art. 6(1)(b) GDPR)
• Compliance with statutory retention and disclosure obligations, including § 174 TKG (subscriber-data information) and §§ 100g, 100j StPO (criminal-procedure data disclosure orders) (Art. 6(1)(c) GDPR)
• Legitimate interest in operating a secure, abuse-resistant routing infrastructure, including anti-fraud and anti-money-laundering measures as described in the Provider’s restricted-platforms policy at https://germanproxy.io/restricted-platforms (Art. 6(1)(f) GDPR)

3.4 Processor: iProxy Online Solutions LLC

The technical processing and storage of the connection metadata listed in Section 3.2 is carried out on our behalf by:

iProxy Online Solutions LLC, United States, operating the iProxy Online platform at https://iproxy.online and the iProxy Android application.

iProxy Online Solutions LLC acts as our processor within the meaning of Art. 28 GDPR pursuant to a Data Processing Agreement concluded between us. iProxy operates servers located within the European Union for the storage of connection metadata. Where iProxy transfers data outside the European Economic Area in the course of its operations, it relies on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. iProxy has appointed an EU representative within the meaning of Art. 27 GDPR.

The retention period applied by the processor is five (5) years from the time of generation of the connection metadata, after which the data is securely deleted or anonymized. This retention period serves the purpose of enabling cooperation with law-enforcement requests regarding suspected criminal activity routed through the infrastructure. Where statutory obligations require shorter or longer retention in individual cases (e.g., legal-hold orders), the longer applicable period governs.

The full iProxy Data Processor Privacy Policy is available at https://iproxy.online/data-processor-privacy-policy.

3.5 Disclosure to law enforcement: connection metadata may be disclosed to competent German and EU law-enforcement authorities upon lawful request pursuant to §§ 100g, 100j StPO, § 174 TKG, the Digital Services Act (Regulation (EU) 2022/2065), and equivalent provisions, subject to the legal requirements applicable to such requests, including judicial authorization where required. Requests are handled by our legal contact at [email protected].

4. Hosting and Content Delivery Network

We use a content delivery network operated by: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a Data Processing Agreement with the provider, ensuring the protection of our site visitors’ data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

5. Cookies and Consent Management

5.1 Use of Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (“session cookies”); in other cases, cookies remain on your end device for longer to allow page settings to be saved (“persistent cookies”).

If personal data is processed by cookies set by us, the processing is carried out either pursuant to Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the functionality of the website. Cookies that are not strictly necessary are only set after consent is given pursuant to § 25(1) TDDDG.

You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that the functionality of our website may be limited if cookies are not accepted.

Our website is built on WordPress. WordPress core and the WP Consent API plugin set strictly necessary cookies (prefixed wp_consent_* and wpEmojiSettingsSupports) to store your consent preferences locally on your device and to enable basic site functionality. These cookies are stored locally and not transmitted to third parties. Their use is based on § 25(2) No. 2 TDDDG (strictly necessary) and does not require consent.

5.2 Consent Management Platform (CookieYes)

To obtain, document, and manage your consent for cookies and similar technologies in accordance with Art. 7 GDPR and § 25(1) TDDDG, we use the consent management platform of:

CookieYes Limited Company No. 13074037 United Kingdom

CookieYes displays the cookie consent banner on our website, records your consent decisions (granted, refused, or withdrawn), and stores the consent record for the legally required documentation period. To provide this service, CookieYes processes a randomly generated consent ID, the consent status and preferences, timestamp of consent, browser and device information, anonymized IP address, and the URL on which consent was given.

The processing of this consent record is necessary for compliance with our legal obligation to document consent (Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR). The setting of the strictly necessary consent cookie itself is based on § 25(2) No. 2 TDDDG and does not require consent.

CookieYes Limited is established in the United Kingdom. The European Commission has issued an adequacy decision for the United Kingdom under Art. 45 GDPR, ensuring an adequate level of data protection for transfers to the UK. CookieYes operates EU-based data centers for European customers and offers a Data Processing Agreement under Art. 28 GDPR, which we have concluded.

You can change or withdraw your consent at any time by reopening the cookie banner through the consent management link provided on our website.

Further information: https://www.cookieyes.com/privacy-policy/

6. Contacting Us

When you contact us (e.g. via email or contact form), personal data is collected. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.

The legal basis for processing data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

Your data will be deleted after final processing of your enquiry, provided there are no legal storage obligations to the contrary.

7. Data Processing When Opening a Customer Account and for Contract Processing

Pursuant to Art. 6(1)(b) GDPR, personal data will be collected and processed to the extent required if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time by sending a message to the controller named above. After deletion, your data will be deleted, provided that all contracts concluded via the account have been fully processed, no legal retention periods are opposed, and no legitimate interest on our part in the continued storage exists.

8. Processing of Data for the Purpose of Order Handling

Insofar as necessary for processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned payment institution in accordance with Art. 6(1)(b) GDPR.

8.1 Apple Pay

If you choose the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the “Apple Pay” function of your terminal device by debiting a payment card stored with Apple Pay. For the purpose of payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. The processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR. For more information about Apple Pay privacy, please visit https://support.apple.com/en-gb/HT203027.

8.2 Cryptomus (Cryptocurrency Payments)

If you choose the payment method “Cryptocurrencies”, the payment is processed through the payment service provider:

Xeltox Enterprises Ltd. (operating as Cryptomus) Suite 170, 422 Richards Street Vancouver, British Columbia V6B 2Z4 Canada

For the payment, you will be redirected to a Cryptomus checkout page where you complete the transaction with the wallet software of your choice. In accordance with Regulation (EU) 2023/1113 (Transfer of Funds Regulation, “Travel Rule”), Cryptomus may require the User to provide identifying information (originator name, wallet type, and where applicable, date of birth and city of birth) before a transfer can be executed.

The processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR. Payment data provided during the ordering process and the resulting transaction record are transmitted to Cryptomus for processing.

International data transfer: Cryptomus processes payment data in Canada. The European Commission has issued an adequacy decision for Canada under Art. 45 GDPR for data transferred to recipients subject to the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to Xeltox Enterprises Ltd.

Cryptomus’s Terms of Service and Privacy Policy are available at https://cryptomus.com/tos and https://cryptomus.com/privacy.

8.3 Mollie

Online payment methods from the following provider are available on this website: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands

If you select a payment method of the provider, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.

8.4 PayPal

Online payment methods from the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method of the provider, your payment data provided during the ordering process is passed on to the provider in accordance with Art. 6(1)(b) GDPR. For payment methods where the provider makes advance payments, you will also be asked to provide additional personal data, which may be used by the provider for a credit check pursuant to Art. 6(1)(f) GDPR.

9. Tag Management and Web Analytics

9.1 Google Tag Manager

This website uses the “Google Tag Manager”, a service of: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”)

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling, and attaching conditions to them via a uniform user interface. Google Tag Manager itself does not store any information on user end devices or read them. The service also does not perform any independent data analyses. However, Google Tag Manager transmits your IP address to Google when you visit a page and may store it there. A transmission to servers of Google LLC in the USA is possible.

All processing described above, in particular the reading or saving of information on the end device used, is only carried out if you have given us your express consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. You can revoke your consent at any time with effect for the future by deactivating this service in the cookie consent tool provided on the website.

We have concluded a Data Processing Agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further information on Google’s privacy standards: https://business.safety.google/privacy/

9.2 Google Analytics

This website uses Google Analytics, a web analytics service of: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”)

Google Analytics uses cookies and similar technologies to enable an analysis of your use of the website. The information generated about your use of this website is generally transferred to a Google server in the USA and stored there. We use Google Analytics with the IP anonymization function activated, so that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with further services associated with website and internet use.

The processing of this data is carried out exclusively on the basis of your express consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG, obtained via our cookie consent tool. You can revoke your consent at any time with effect for the future by deactivating this service in the cookie consent tool.

We have concluded a Data Processing Agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

Further information on Google’s privacy standards: https://business.safety.google/privacy/

9.3 Sourcebuster (Traffic Source Attribution)

To attribute incoming website traffic to its source (e.g., search engine, referring website, marketing campaign), our WooCommerce shop uses Sourcebuster, an open-source JavaScript library that runs locally in the visitor’s browser. Sourcebuster sets cookies prefixed sbjs_* (e.g. sbjs_first, sbjs_current, sbjs_session, sbjs_udata, sbjs_migrations) to store information about the visitor’s first and current traffic source for the duration of the session and up to six months.

No personal data is transmitted to third parties through Sourcebuster — the information is stored locally in the browser and read only by our own shop system to attribute order conversions to the originating marketing channel.

The processing of this data is carried out on the basis of your express consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG, obtained via our cookie consent tool. You can revoke your consent at any time with effect for the future by deactivating the “Analytics” category in the cookie consent tool.

9.4 Google Ads (Conversion Tracking and Remarketing)

This website uses Google Ads, an online advertising service of: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”)

Google Ads enables us to display advertisements (Google Ads) on external websites and to measure the success of our advertising campaigns. We use Google Ads for the following purposes:

Conversion Tracking: When you reach our website by clicking on an advertisement placed via Google, a cookie is stored on your device. The cookie loses its validity after 30 days and is not used for personal identification. If you visit certain pages on our website while the cookie has not yet expired, Google and we can recognise that you clicked on the advertisement and were redirected to this page. The information obtained through the conversion cookie is used to compile conversion statistics. We learn the total number of users who clicked on one of our advertisements and were redirected to a page provided with a conversion-tracking tag. However, we do not receive any information that personally identifies you.

Remarketing: Google Ads remarketing enables us to display targeted advertisements to users who have previously visited our website when they subsequently visit other websites that are part of the Google advertising network. To this end, Google stores a cookie on the user’s end device, which enables Google to recognise the user when they visit websites that are members of the Google advertising network.

The processing of this data is carried out exclusively on the basis of your express consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG, obtained via our cookie consent tool. You can revoke your consent at any time with effect for the future by deactivating this service in the cookie consent tool.

We have concluded a Data Processing Agreement with the provider. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

You can permanently deactivate the setting of cookies for advertising preferences by downloading and installing the browser plug-in available at https://www.google.com/settings/ads/onweb/. Alternatively, you can object to the use of cookies by third-party providers via the deactivation page of the Network Advertising Initiative at https://optout.networkadvertising.org/.

Further information on Google’s privacy standards: https://business.safety.google/privacy/

10. Security Tools

10.1 Cloudflare (Security)

For security purposes, this website uses the service of: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks, viruses, and malware. The provider collects the IP addresses of users and, if necessary, further data on their behaviour on our website (in particular URLs accessed and header information) in order to detect and defend against illegitimate page accesses and dangers.

The described data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.

We have concluded a Data Processing Agreement with the provider. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework.

10.2 Wordfence

For security purposes, this website uses the service of: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA

The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks, viruses, and malware. The provider collects the IP addresses of users and, if necessary, further data on their behaviour on our website to detect and defend against illegitimate page accesses and dangers.

The described data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interests in protecting the website. We have concluded a Data Processing Agreement with the provider. For the transfer of data to the USA, the provider invokes Standard Contractual Clauses of the European Commission.

11. Direct Marketing — Existing Customers

If you have provided us with your email address when purchasing products, we reserve the right to regularly send you offers for products similar to those already purchased by email, pursuant to § 7(3) UWG. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR.

You are entitled to object to the future use of your email address for this advertising purpose at any time by notifying the controller named above. Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.

12. Rights of the Data Subject

12.1 The applicable data protection law grants you the following comprehensive rights with regard to the processing of your personal data:

• Right of access by the data subject pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to be informed pursuant to Art. 19 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to withdraw a given consent pursuant to Art. 7(3) GDPR
• Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

12.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING. UPON OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

13. Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and — if relevant — on the respective legal retention period (e.g. commercial and tax retention periods under § 257 HGB, § 147 AO).

• Data processed on the basis of consent (Art. 6(1)(a) GDPR) is stored until the data subject revokes consent.
• Data processed for the performance of a contract (Art. 6(1)(b) GDPR) is deleted after expiry of any applicable statutory retention period, provided it is no longer necessary for contract fulfilment and no overriding legitimate interest opposes deletion.
• Data processed on the basis of legitimate interest (Art. 6(1)(f) GDPR) is stored until the data subject exercises the right of objection pursuant to Art. 21(1) GDPR, unless overriding legitimate grounds for processing exist.
• Connection metadata processed in connection with the proxy service is stored by our processor (iProxy Online Solutions LLC) for five (5) years, as described in Section 3.4 above.

14. Contact Addresses

• General questions and data-subject requests: [email protected]
• Restricted-platforms unblock requests: [email protected]
• Law-enforcement requests: [email protected]

15. Updates to this Privacy Policy

This Privacy Policy is updated as required to reflect changes in our processing operations, the use of new services, or changes in legal requirements. The current version is identified by the “Last updated” date at the top of this document.