Projects

Technologies

Services

About

Blog

Projects

Technologies

Services

About

Blog

Phoenix R&D Privacy Notice


Last updated: Oct 13, 2025

Phoenix R&D Privacy Notice


Last updated: Oct 13, 2025

Phoenix R&D Privacy Notice


Last updated: Oct 13, 2025

Phoenix R&D Privacy Notice


Last updated: Oct 13, 2025

1. Why this document matters


Thank you for taking the time to read our Privacy Notice. This document explains how Phoenix R&D (“we”, “us”) handles your personal data. 


Phoenix R&D is the organization behind the messenger Air. If you are only looking for how Air is handling personal data, please head over to section 4 ("Using Air").


To make this document more digestible, we describe how we handle your personal data when you:


Whenever you share personal data in these contexts, we are committed to protecting it in accordance with privacy laws like the General Data Protection Regulation (GDPR). Phoenix R&D does not rent or sell your data. We make it our mission to minimize metadata collection by design.
We will not collect and/or use your personal data without letting you know or without reason.


In this Notice, we explain:

  • what data we process and why,

  • how long we keep it,

  • with whom we share it,

  • what rights you have with regards to your personal data.


Note: We update this Notice from time to time. The latest version will always be available here. In case of material changes to this Privacy Notice, we will take additional steps to make sure you are made aware of them.

2. Who handles your personal data?


When you share your personal data in the contexts described above in Section 1 the data controller responsible for your personal data is:


Phoenix R&D GmbH
Pappelallee 78/79
10437 Berlin
Germany


privacy@phnx.im

3. When and why we process your personal data


3.1 When you apply for a job with us


Why we process your data
To manage the recruitment process — from reviewing applications to conducting interviews and making hiring decisions.


Types of data we use

  • Identification data & contact details (e.g. name, email, phone, address)

  • Application materials (e.g. CV, cover letter, links to social media profiles)

  • Qualifications & experience (e.g. education, certifications, employment history)


Legal bases

  • Art. 6(1)(b) GDPR – to assess and respond to your job application

  • Art. 6(1)(f) GDPR – our legitimate interest in hiring


How long we keep it
Only for the duration of the recruitment process, unless you give us consent to keep your application for future opportunities.

3.2 When you agree to join our talent pool


Why we process your data
To contact you if a relevant job opportunity comes up, after you've agreed to join our talent pool.


Types of data we use

  • Identification data & contact details (e.g. name, email, phone, address)

  • Application materials (e.g. CV, cover letter, links to social media profiles)

  • Qualifications & experience (e.g. education, certifications, employment history)

  • Consent status


Legal basis

  • Art. 6(1)(a) GDPR – your consent


How long we keep it
As long as there is potential relevance and your consent is valid, but no longer than for 3 years. We review and clean up this data regularly.

3.3 When we provide you our services (e.g. consulting, software development)


Why we process your data
To manage client relationships, deliver services, handle communications, and manage project logistics and invoicing.


Types of data we use

  • Business contact details (name, email, phone, organization)

  • Project content (messages, documents, tasks)

  • Financial data (invoice details, company address)


Legal bases

  • Art. 6(1)(b) GDPR – to deliver the services you requested

  • Art. 6(1)(f) GDPR – our legitimate interest in operating our business


How long we keep it
We retain this data for up to 10 years (as required by the tax law).


Do we transfer your data outside the EU/EEA?
Some of our service providers are located outside the European Economic Area (EEA). When this happens, we use appropriate safeguards approved by the law, such as Standard Contractual Clauses (SCCs), to protect your data.


Here is a list of such providers, what we use them for, and how your data is protected:

  • Google Workspace (USA). We use Google Workspace to host organizational emails (only @phnx.im emails), cloud storage, and document collaboration. Personal data in this case is safeguarded by Standard Contractual Clauses (SCCs): Google SCCs & data protection terms

  • Notion (USA). We use Notion to organize and manage internal project documentation and client projects. Personal data in this case is safeguarded by Standard Contractual Clauses (SCCs): Notion Data Processing Addendum.

3.4 When you subscribe to our blog and newsletter


Why we process your data
To send you updates when we publish new articles on our blog and to maintain an engaged audience via our newsletter.


Types of data we use

  • Email address

  • Your chosen name

  • Subscription status


Legal basis

  • Art. 6(1)(a) GDPR – your consent


How long we keep it
Until you unsubscribe or remain inactive for more than 2 years. You can unsubscribe at any time.

3.5 When you contact us through through hello@air.ms


Why we process your data
To answer your contact requests.


Types of data we use

  • Email address

  • Subscription status


Legal basis

  • Art. 6(1)(b) GDPR – to deliver the services you requested

  • Art. 6(1)(f) GDPR – our legitimate interest in operating our business


How long we keep it
As long as there is potential relevance, but no longer than for 1 year. We review and clean up this data regularly.

4. Using Air, and processing of non-personal data


Although the following activities do not involve personal data and are therefore not subject to the GDPR, we are including them in this privacy notice to ensure full transparency about how we work.


4.1 Using Air

Using the Air messenger doesn’t involve any personal data and protects the communication of its users.


Air is hosted on UpCloud, a European cloud infrastructure provider. You can read more about it on the UpCloud website.

4.2 Website hosting and traffic insights

We use Framer, a European website design tool, to host our website. Within Framer we created a website that processes as little personal data as possible. You can read more about it on the Framer website


We use Plausible, a European and privacy-focused analytics tool, to understand general trends on our website — such as how many people visit, which pages are viewed most, and when the traffic peaks.

Plausible does not collect or store any personal data of our website visitors. There are no cookies, no device-persistent identifier tracking, and no user profiling involved. You can read more about it on the Plausible website.

5. Is providing your data mandatory?


Most of the time, sharing your personal data is voluntary. However, if you choose not to provide certain information (e.g., in a job application), we may not be able to proceed with your request. 


If we rely on your consent, you are always free to withdraw it at any time, without any negative impact.

6. Where do we get your data from?


We typically collect data directly from you — when you apply for a job, subscribe to the newsletter, or contact us.

7. Who we share your data with


We share your personal data with third parties only when it is necessary for the purposes described above in Section 3. This includes working with trusted European service providers who support us in areas like communication, cloud infrastructure, recruitment, and administration. Our trusted third parties include:

  • Providers in the area of recruiting, business operations, project management and communication (e.g. hiring platform providers, email infrastructure providers, project management tools providers).

  • State institutions (e.g., tax), regulatory, and other government authorities (as and when required by law).

  • Authorized consultants (e.g. accounting or legal advisors).

8. Your rights under data protection law


When it comes to your personal data, you have the rights to:

  • request access your data, 

  • request its correction or completion,

  • ask us to delete it,

  • limit how we use it,

  • object to certain uses,

  • receive a copy (data portability),

  • withdraw your consent at any time,

  • file a complaint with a data protection authority.


To exercise any of these rights, email us at privacy@phnx.im.

9. Questions?


If you have a question, concern, or request about your personal data, contact us at privacy@phnx.im.

© 2025 Phoenix R&D GmbH

Jobs

Legal

© 2025 Phoenix R&D GmbH

Jobs

Legal

© 2025 Phoenix R&D GmbH

Jobs

Legal

© 2025 Phoenix R&D GmbH

Jobs

Legal