Privacy Policy

The responsible entity within the meaning of data protection laws, particularly the EU General Data Protection Regulation (GDPR), is:

Melis Çolak (Data Protection Officer)

Email: Contact Form

Overview of Data Processing
The following overview summarizes the types of data processed and the purposes of their processing, as well as referencing the affected individuals.

Types of Data Processed

Inventory data, Payment data, Location data, Contact data, Content data, Contract data,Usage data, Meta, communication, and procedural data

Categories of Affected Individuals

Customers, Prospective customers, Communication partners, Users, Business and contractual partners

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations, Handling contact requests and communication, Security measures, Direct marketing, Reach measurement, Tracking, Office and organizational procedures, Conversion measurement, Affiliate tracking, Management and response to inquiries, Firewall, Feedback, Marketing, User-related profiles, Provision of our online services and user experience, Information technology infrastructure

Relevant Legal Bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may also apply. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.

Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.

National Data Protection Regulations in Germany
In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany also apply. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which aims to protect against the misuse of personal data during data processing. The BDSG contains specific regulations regarding the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, data transmission, and automated individual decision-making, including profiling. Furthermore, the data protection laws of individual federal states (Bundesländer) may also apply.

Reference to the Applicability of the GDPR and the Swiss FADP
These data protection notices are intended to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that the terms used in this policy are those from the GDPR, due to its broader geographic scope and clarity. Specifically, terms such as “processing” of “personal data,” “legitimate interest,” and “special categories of data” from the GDPR are used instead of the corresponding terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data” from the Swiss FADP. However, the legal interpretation of these terms will still be determined according to the Swiss FADP when applicable.

Security Measures
In accordance with legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihoods and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, entry, transmission, availability safeguarding, and separation of data. Additionally, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data risks. Furthermore, we consider the protection of personal data from the outset in the development or selection of hardware, software, and processes, in line with the principle of data protection by design and privacy-friendly default settings.

Transmission of Personal Data
In the course of processing personal data, it may happen that data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of this data may include service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

International Data Transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place through the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this is done solely in accordance with legal requirements. If the data protection level in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers will only occur if the data protection level is secured through other means, particularly through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 para. 1 GDPR). We will inform you of the specific basis for third-country transfers with individual providers from third countries, with adequacy decisions being the primary basis. Further information about third-country transfers and existing adequacy decisions can be found in the information provided by the European Commission: EU Commission Information.

EU-US Trans-Atlantic Data Privacy Framework: Under the so-called “Data Privacy Framework” (DPF), the EU Commission also recognized the data protection level as secure for certain companies in the USA within the framework of the adequacy decision dated July 10, 2023. The list of certified companies and additional information about the DPF can be found on the U.S. Department of Commerce website at Data Privacy Framework (in English). We will inform you in our privacy notices which service providers we use are certified under the Data Privacy Framework.

Rights of Data Subjects
Data subjects have several rights under the GDPR, particularly those derived from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling related to such direct marketing.

  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.

  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data along with further information and a copy of the data, in accordance with legal requirements.

  • Right to Rectification: You have the right, in accordance with legal requirements, to request the completion or correction of inaccurate personal data concerning you.

  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request the immediate erasure of data concerning you, or alternatively, to request restriction of processing, in line with legal requirements.

  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.

  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Use of Cookies
Cookies are small text files or other types of storage markers that store information on end devices and retrieve information from them. For example, they can store login status in a user account, the contents of a shopping cart in an online store, or the accessed content or functions used in an online service. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic.

Consent Notice: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless consent is not legally required. Consent is particularly not necessary when storing and retrieving information, including cookies, is strictly necessary to provide a telemedia service explicitly requested by the users (i.e., our online service). Cookies that are considered strictly necessary typically include those with functions related to the display and functionality of the online service, load balancing, security, storage of user preferences and selections, or similar purposes related to providing the primary and secondary functions of the online service requested by the users. The revocable consent is clearly communicated to users and includes information about the specific cookie usage.

Information on Legal Basis under Data Protection Law: The legal basis on which we process users’ personal data using cookies depends on whether we request consent from the users. If users provide their consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed through cookies is based on our legitimate interests (e.g., in the efficient operation of our online service and improving its usability) or processed when it is necessary to fulfill our contractual obligations if the use of cookies is required for fulfilling those obligations. The purposes for which we process cookies are explained further in this privacy policy or within our consent and processing procedures.

Storage Duration: The following types of cookies are distinguished based on their storage duration:

Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits the website again. The data collected with the help of cookies can also be used for reach measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Information on Withdrawal and Objection (so-called “Opt-Out”):
Users can withdraw their consent at any time and object to the processing in accordance with legal requirements. Users can, for example, limit the use of cookies in their browser settings (although this may limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and Inquiry Management
When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.

Types of Data Processed:

  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., entries in online forms)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

Affected Individuals:

  • Communication partners

Purposes of Processing:

  • Handling contact inquiries and communication
  • Management and response to inquiries
  • Feedback (e.g., collecting feedback via online form)
  • Provision of our online services and user-friendliness

Legal Bases:

  • Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
  • Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR)

Further Information on Processing, Procedures, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication methods, we process the data provided in this context to handle the inquiry.
    Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presence on Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context to communicate with active users or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may pose risks to users, such as making it more difficult to enforce their rights.

Furthermore, user data is typically processed within social networks for market research and advertising purposes. For example, user behavior and the resulting interests can be used to create usage profiles. These profiles can be used to display advertisements both within and outside the networks that are presumably aligned with the user’s interests. For this purpose, cookies are generally stored on the user’s devices to record their usage behavior and interests. Additionally, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective forms of processing and the options for opting out, we refer to the privacy policies and notices of the operators of the respective networks.

In the case of information requests and the assertion of data subject rights, we also note that these are most effectively enforced with the providers themselves. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. However, if you need assistance, you can contact us.

Types of Data Processed:

  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., entries in online forms)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

Affected Individuals:

  • Users (e.g., website visitors, users of online services)

Purposes of Processing:

  • Handling contact inquiries and communication
  • Feedback (e.g., collecting feedback via online forms)
  • Marketing

Legal Bases:

  • Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing, Procedures, and Services:

Plugins and Embedded Functions and Content
We integrate function and content elements into our online offerings that are sourced from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or maps (hereinafter uniformly referred to as “content”).

The integration of such content always requires that the third-party providers process the IP address of the users, as they cannot deliver the content to the users’ browsers without it. The IP address is therefore necessary for the display of these contents or functions. We strive to use only content whose respective providers use the IP address solely for delivering the content. Additionally, third-party providers may use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and may include technical information about the browser and operating system, referring websites, visit times, as well as other information regarding the use of our online offerings, and may be linked with such information from other sources.

Types of Data Processed:

  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)
  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., entries in online forms)
  • Location data (e.g., information on the geographical position of a device or person)

Affected Individuals:

  • Users (e.g., website visitors, users of online services)

Purposes of Processing:

  • Provision of our online offerings and user-friendliness

Legal Basis:

  • Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing, Procedures, and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from the servers of other providers (e.g., function libraries that we use for the display or user-friendliness of our online offering). In this process, the respective providers collect the IP address of the users and may process this for the purpose of transmitting the software to the users’ browsers, as well as for security purposes and for evaluating and optimizing their offering.
    Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

  • Google Maps: We integrate the maps from the “Google Maps” service provided by Google. The processed data may include IP addresses and location data of the users.
    Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
    Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR
    Website: https://mapsplatform.google.com/
    Privacy Policy: https://policies.google.com/privacy
    Basis for Third-Country Transfers: EU-US Data Privacy Framework (DPF)

  • YouTube Videos: Video content;
    Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR
    Website: https://www.youtube.com
    Privacy Policy: https://policies.google.com/privacy
    Basis for Third-Country Transfers: EU-US Data Privacy Framework (DPF)
    Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for Displaying Ads: https://adssettings.google.com/authenticated

  • YouTube Videos in Enhanced Privacy Mode: YouTube videos are embedded via a special domain (identifiable by the “youtube-nocookie” element) in “Enhanced Privacy Mode,” which means that no cookies related to user activities are collected to personalize video playback. However, data about user interaction with the video (e.g., remembering the last playback position) may still be stored.
    Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR
    Website: https://www.youtube.com
    Privacy Policy: https://policies.google.com/privacy
    Basis for Third-Country Transfers: EU-US Data Privacy Framework (DPF)

Management and Organization
We use services, platforms, and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, management, planning, and the provision of our services. When selecting third-party providers and their services, we adhere to legal requirements.

In this context, personal data may be processed and stored on the servers of third-party providers. This may involve various types of data that we process in accordance with this privacy policy. These may include, in particular, the users’ master data and contact details, as well as data related to transactions, contracts, and other processes and their content.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security, service optimization, or marketing purposes. We therefore ask you to refer to the privacy notices of the respective third-party providers.

Types of Data Processed:

  • Content data (e.g., entries in online forms)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

Affected Individuals:

  • Communication partners
  • Users (e.g., website visitors, users of online services)

Purposes of Processing:

  • Provision of contractual services and fulfillment of contractual obligations
  • Office and organizational procedures
 
 

 

© 2024 All Rights Reserved.

Scroll to Top