Lex Agentica ("Lex Agentica", "we", "us") is operated by Maria del Pilar Berrio Muñoz, based in Munich, Germany. We are committed to protecting your personal data and handling it in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection law.

Section 01

Data Controller

Lex Agentica

Maria del Pilar Berrio Muñoz
Dom Pedro Str. 9
80637 Munich, Germany

Email: [email protected]

Lex Agentica is the data controller within the meaning of Art. 4(7) GDPR.

Section 02

What Personal Data We Process

We only process data that is necessary for:

  • Responding to enquiries
  • Scheduling and conducting meetings
  • Delivering consulting services
  • Improving website performance (anonymised analytics)

2.1 Contact & Enquiry Data

When you submit the contact form or email us, we process:

Data collected

Full name, work email address, company name, role/title, message content

Purpose & Legal basis
To assess strategic fit and respond to your enquiry

Art. 6(1)(b) GDPR — pre-contractual measures
Art. 6(1)(f) GDPR — legitimate interest in business communication

2.2 Scheduling Data (Microsoft Bookings)

If you book an Intro Strategy Call, we process:

Data collected

Name, email, selected time slot, optional notes

Purpose & Legal basis
To schedule and conduct meetings

Bookings are managed through Microsoft 365 Bookings.
Art. 6(1)(b) GDPR

2.3 Email Communication (Microsoft 365)

Business emails are hosted via Microsoft 365 (Exchange Online). When you contact us, your email address and message content are processed and stored.

Microsoft may process data in EU data centres and, where applicable, under appropriate safeguards for international transfers.

Legal basis: Art. 6(1)(b) and (f) GDPR

2.4 Website Analytics (Plausible Analytics)

We use Plausible Analytics, a privacy-focused, cookie-free analytics provider based in the EU. Plausible collects anonymised, aggregated data only:

  • Page views and referral sources
  • Country-level location (not city or IP)
  • Browser and device type

No personal profiles are created. IP addresses are not stored.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in website optimisation

Because Plausible operates without cookies or personal tracking, no cookie consent banner is required.

2.5 Future: LinkedIn Insight Tag

We may implement the LinkedIn Insight Tag in the future to measure campaign effectiveness. If activated:

  • It will only operate after explicit user consent
  • A consent banner will be implemented
  • Data may be transferred to LinkedIn Ireland and potentially to the United States under appropriate safeguards

Until implemented, no LinkedIn tracking occurs.

Section 03

Data Transfers Outside the EU

Where service providers process data outside the EU/EEA (e.g. Microsoft), transfers occur only under:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • EU-US Data Privacy Framework (where applicable)

We do not transfer data without appropriate safeguards.

Section 04

Data Retention

We retain personal data only as long as necessary for the purpose it was collected:

Data type Retention period
Responding to enquiries Up to 6 months after last contact if no contract is formed
Active client data Duration of the engagement plus 3 years
Invoices and financial records 10 years (German commercial law requirement)
Booking and meeting records 12 months after the last meeting

After retention periods expire, data is securely deleted.

Section 05

Third-Party Service Providers

We do not sell or rent personal data. Data is shared only with:

Hosting provider
Framer

Website hosting and delivery

Email & scheduling
Microsoft 365

Email communication and Bookings

Analytics
Plausible Analytics

Anonymised, cookie-free website analytics

Future (not active)
LinkedIn

Campaign measurement (consent required before activation)

All providers act under data processing agreements compliant with Art. 28 GDPR.

Section 06

Your Rights Under GDPR

You have the right to:

Art. 15 GDPR

Access your data

Art. 16 GDPR

Rectify inaccurate data

Art. 17 GDPR

Erasure ("right to be forgotten")

Art. 18 GDPR

Restrict processing

Art. 20 GDPR

Data portability

Art. 21 GDPR

Object to processing based on legitimate interests

To exercise your rights, contact: [email protected]

You also have the right to lodge a complaint with a supervisory authority. In Bavaria: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

Section 07

Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption
  • Restricted system access
  • Secure Microsoft 365 configuration
  • Regular review of data handling practices

No transmission over the internet is completely secure. We take reasonable steps to protect your data but cannot guarantee absolute security.

Section 08

Cookies

This website does not use tracking cookies or advertising cookies. Plausible Analytics operates without any cookies. No cookie consent banner is required.

If the LinkedIn Insight Tag is activated in future, a consent mechanism will be implemented prior to activation.

Section 09

Changes to This Policy

We may update this Privacy Policy to reflect changes in services, tools, or legal requirements. The current version is always available on this website.

Contact

Questions About This Policy

If you have any questions, concerns, or requests regarding this Privacy Policy or how Lex Agentica handles your personal data, please contact us.

Get in touch

Lex Agentica
Operated by Maria del Pilar Berrio Muñoz
Munich, Germany

Email: [email protected]