top of page

Privacy Policy

Status: March 6, 2025

Table of Contents

  • Responsible party

  • Overview of data processing

  • Applicable legal bases

  • Security measures

  • General information on data storage and deletion

  • Rights of the data subjects

  • Rights of the data subjects

  • Use of cookies

  • Contact and inquiry management

  • Presence in social networks (social media)

  • Plugins and embedded functions and content

 

Responsible party

Eylem Çetinöz

eylem.cetinoez@gmail.com

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.

Types of Processed Data

  • Master data

  • Payment data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta, communication, and procedural data

 

 

Categories of Affected Persons

  • Service recipients and clients

  • Interested parties

  • Communication partners

  • Users

  • Business and contractual partners

 

 

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations

  • Communication

  • Office and organizational procedures

  • Organizational and administrative procedures

  • Feedback

  • Provision of our online offer and user-friendliness

  • Public relations

  • Business processes and economic procedures

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may also apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

 

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Contract performance and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

 

 

National Data Protection Regulations in Germany:

In addition to the GDPR regulations, national data protection laws in Germany also apply. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

 

 
Note on the applicability of GDPR and Swiss Data Protection Act (DSG):

This privacy notice serves to provide information under both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader territorial application and clarity, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG such as “processing” of “personal data”, “overriding interest”, and “particularly sensitive personal data”, the GDPR terms “processing” of “personal data”, “legitimate interest”, and “special categories of data” are used. However, the legal meaning of the terms continues to be determined under Swiss law within the scope of the Swiss DSG.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing as well as the varying likelihood of occurrence and severity of threats to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures particularly include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, availability assurance, and separation concerning the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and responses to data threats. Moreover, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.

 
General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no other legal basis for processing exists. This applies in cases where the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require a longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that specifically applies to certain processing procedures.

If multiple retention periods or deletion deadlines are specified, the longest period always applies.

If a period does not explicitly begin on a certain date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships within which data is stored, the triggering event is the time of effectiveness of the termination or other end of the legal relationship.

Data that is no longer processed for the originally intended purpose but is retained due to legal requirements or other reasons is processed exclusively for the reasons justifying its retention.

Further Information on Processing Procedures, Methods, and Services:

Retention and Deletion of Data: The following general retention and archiving periods apply according to German law:

 

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balances as well as work instructions and other organizational documents necessary for their understanding (§ 147 Abs. 1 Nr. 1 in conjunction with Abs. 3 AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 in conjunction with Abs. 4 HGB).

  • 8 years – Accounting records, such as invoices and expense receipts (§ 147 Abs. 1 Nr. 4 and 4a in conjunction with Abs. 3 Sentence 1 AO as well as § 257 Abs. 1 Nr. 4 in conjunction with Abs. 4 HGB).

  • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g., hourly wage slips, cost accounting sheets, calculation documents, price markings, but also payroll accounting documents insofar as they are not already accounting records, and cash register receipts (§ 147 Abs. 1 Nr. 2, 3, 5 in conjunction with Abs. 3 AO, § 257 Abs. 1 Nr. 2 and 3 in conjunction with Abs. 4 HGB).

  • 3 years – Data required to consider potential warranty and damage claims or similar contractual claims and rights as well as to process related inquiries, based on previous business experience and common industry practice, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

 
Rights of the Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly derived from Articles 15 to 21 GDPR:

 

  • Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw any given consent at any time.

  • Right of access: You have the right to request confirmation as to whether personal data concerning you are being processed and to obtain access to those data along with further information and a copy of the data according to legal requirements.

  • Right to rectification: You have the right, according to legal provisions, to request the completion of incomplete data or correction of inaccurate data concerning you.

  • Right to erasure and restriction of processing: You have the right, according to legal requirements, to demand the immediate deletion of your personal data or alternatively to demand the restriction of processing of your data.

  • Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to request their transmission to another controller, according to legal provisions.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as “contract partners”), within the scope of contractual and comparable legal relationships as well as related measures and in regard to communication with the contract partners (including pre-contractual communication), for example, to respond to inquiries.

 

We use this data to fulfill our contractual obligations. This especially includes duties to provide the agreed services, any update obligations, and remedies in case of warranty or other performance issues. Furthermore, we use the data to protect our rights and for administrative tasks associated with these duties as well as for corporate organization. In addition, we process data based on our legitimate interests in proper and economically sound business management as well as security measures to protect our contract partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the applicable law, we only disclose contract partners’ data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contract partners are informed about other types of processing, such as marketing purposes, within this privacy policy.

 

Which data is necessary for the above purposes is communicated to contract partners prior to or during data collection, for example, in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

 

We delete the data after the expiration of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account, e.g., as long as they must be kept for legal reasons such as archival (usually ten years for tax purposes). Data disclosed to us within the scope of an order by the contract partner will be deleted according to the instructions and generally after the end of the order.

 

Types of data processed: Master data (e.g., full name, residential address, contact details, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses, telephone numbers); Contract data (e.g., subject of the contract, duration, customer category).

 

Affected persons: Service recipients and clients; prospects; business and contract partners.

 

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures.

 

Storage and deletion: Deletion according to the information in the section “General information on data storage and deletion.”

 

Legal basis: Contract performance and pre-contractual requests (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

 

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies can be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations. If required, we obtain users’ consent in advance. If consent is not necessary, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. This includes storing settings as well as ensuring the functionality and security of our online offerings. Consent can be revoked at any time. We provide clear information about its scope and which cookies are used.

 

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained in this section above and in the context of the respective services and procedures.

 

Storage duration: Regarding storage duration, the following types of cookies are distinguished:

 

  • Temporary cookies (also called session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved and preferred content displayed directly when the user revisits a website. Cookies may also be used to collect user data for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these are permanent cookies with a storage duration of up to two years.

  •  

Further information on processing activities, procedures, and services:​

Contact form:

When contacting us via our contact form, by e-mail, or other communication channels, we process the personal data provided to us to respond to and handle the respective request. This usually includes information such as name, contact details, and, if applicable, other information shared with us that is necessary for proper processing. We use these data exclusively for the stated purpose of contact and communication.

Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

 

 

Presence on social networks (social media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the territory of the European Union. This may entail risks for users, for example, making it harder to enforce their rights.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For instance, usage profiles may be created based on user behavior and resulting interests. These profiles may be used to display advertisements inside and outside the networks that presumably correspond to user interests. Therefore, cookies are usually stored on users’ devices that record usage behavior and interests. Also, user profiles may contain data independent of the devices used by users (especially if they are members of the respective platforms and logged in).

For detailed descriptions of the processing methods and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In case of requests for information or exercising data subject rights, we point out that these can be most effectively asserted directly with the providers. Only they have access to the user data and can take appropriate measures or provide information. If you still need assistance, you can contact us.

 

  • Processed data types: Contact data (e.g., postal and e-mail addresses or telephone numbers); content data (e.g., textual or visual messages and posts including authorship or creation time information); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

  • Data subjects: Users (e.g., website visitors, online service users).

  • Purposes of processing: Communication; feedback (e.g., collecting feedback via online forms); public relations.

  • Storage and deletion: Deletion according to the section “General information on data storage and deletion.”

  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

 

 

Further information on processing activities, procedures, and services:

Instagram: Social network that enables sharing photos and videos, commenting and liking posts, sending messages, subscribing to profiles and pages; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal basis: legitimate interests (Art. 6(1)(f) GDPR); website: https://www.instagram.com; privacy policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).

 

 

 

Plugins and embedded functions and content

We integrate functional and content elements into our online offering, which are retrieved from the servers of their respective providers (hereinafter referred to as “third parties”). These can be graphics, videos, or maps (hereinafter collectively referred to as “content”).

Embedding always requires that the third-party providers process the users’ IP addresses, since without the IP address they could not send the content to the users’ browsers. The IP address is thus necessary for displaying this content or functionality. We strive to use only content whose providers apply the IP address solely for delivering the content.

Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through pixel tags, information such as visitor traffic on this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and can include technical details about the browser and operating system, referring websites, visit times, and further information about the use of our online offering, and may be linked with information from other sources.

 

  • Legal bases: If we ask users for their consent for the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data are processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

  • Data subjects: Users (e.g., website visitors, online service users).

  • Purposes of processing: Provision of our online offering and user-friendliness.

  • Storage and deletion: Deletion according to the section “General information on data storage and deletion.” Cookies can be stored for up to 2 years (unless otherwise indicated).

  • Legal bases: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

 
Further information on processing activities, procedures, and services:​

Google Fonts (retrieval from Google server):

Retrieval of fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons regarding up-to-dateness and loading times, their uniform display, and consideration of possible licensing restrictions. The provider of the fonts receives the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) necessary for providing the fonts depending on the devices used and the technical environment are transmitted. These data may be processed on a server of the font provider in the USA.

 

When visiting our online offer, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and subsequently the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of the website visitors, as well as the referer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed.

 

The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referer URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load fonts for. This data is logged so that Google can determine how often a specific font family is requested.

 

For the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts.

 

Finally, the referer URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations based on the number of font requests can be generated. According to Google’s own statements, none of the information collected by Google Fonts is used to create profiles of end users or to serve targeted advertising.

 

 

 

 

Created with the free privacy policy generator by Dr. Thomas Schwenke (Datenschutz-Generator.de)

bottom of page