Privacy Policy
The German version of this privacy policy is binding; this is a courtesy translation.
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data is any data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the GDPR is Utku Pul, Kullrichstr. 10, 44141 Dortmund, Germany, phone: +491738235070, email: drpul@utkupul.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 If you use our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the server (so-called “server log files”):
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (where applicable in anonymised form)
Processing takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used otherwise. We reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the “https://” string and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
Vercel
For the hosting of our website and the presentation of the page content, we use the system of the following provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (“session cookies”); others remain on your device longer and enable settings to be saved (“persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.
Insofar as personal data is also processed by individual cookies we use, processing takes place pursuant to Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the case of consent, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the visit.
You can set your browser to inform you about the setting of cookies and decide individually about their acceptance, or to exclude the acceptance of cookies in certain cases or generally.
Please note that the functionality of our website may be limited if cookies are not accepted.
5) Contacting us
5.1 WhatsApp Business
You have the option of contacting us via the messaging service WhatsApp provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “Business version” of WhatsApp.
If you contact us via WhatsApp regarding a specific matter, we store and use the mobile number you use with WhatsApp and – if provided – your first and last name pursuant to Art. 6(1)(b) GDPR to handle and answer your request. On the same legal basis, we may ask you via WhatsApp to provide further data to assign your request to a specific process.
If you use our WhatsApp contact for general enquiries (e.g. about our range of services, availability or our website), we store and use the mobile number you use with WhatsApp and – if provided – your first and last name pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing the requested information efficiently and promptly.
Your data is only ever used to answer your request via WhatsApp. It is not passed on to third parties.
Please note that WhatsApp Business has access to the address book of the mobile device used for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account we use a mobile device whose address book stores exclusively the WhatsApp contact details of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has already consented, upon first use of the app on their device by accepting the WhatsApp terms of use, to the transfer of their WhatsApp phone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR. A transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is thereby excluded.
For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your related rights and settings options to protect your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider that protects our visitors’ data and prohibits disclosure to third parties.
In the course of the processing mentioned above, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
5.2 When you contact us (e.g. via the contact form or email), personal data is collected. Which data is collected when using a contact form is apparent from the respective contact form. This data is stored and used exclusively for the purpose of answering your request and the associated technical administration.
The legal basis for processing this data is our legitimate interest in answering your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data is deleted after your request has been conclusively processed, where it is apparent from the circumstances that the matter has been conclusively clarified and provided that no statutory retention obligations apply.
6) Use of customer data for direct advertising
6.1 Subscribing to our email newsletter
If you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory detail for sending the newsletter is your email address. Providing further data is voluntary and is used to be able to address you personally. We use the double opt-in procedure: we only send you a newsletter once you have expressly confirmed, by clicking a corresponding link, that you wish to receive it.
By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. Upon registration we store the IP address assigned by your internet service provider as well as the date and time of registration in order to be able to trace any misuse of your email address at a later point in time. The data collected upon registration is used exclusively for advertising via the newsletter. You can unsubscribe at any time via the link provided in the newsletter or by message to the controller named at the outset; after unsubscribing, your email address is deleted from our newsletter list without delay, unless you have expressly consented to further use of your data.
6.2 Brevo
Our email newsletters and other promotional email communication are sent via the following provider: Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
On the basis of our legitimate interest in effective and user-friendly email marketing, we pass on the data you provide upon registration to this provider pursuant to Art. 6(1)(f) GDPR so that it can handle the mailing on our behalf.
We reserve the right, solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR, to additionally carry out a statistical evaluation of mail campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter content. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data.
You can withdraw your consent to mail tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider that protects our visitors’ data and prohibits disclosure to third parties.
7) Web analytics services
Plausible
This website uses “Plausible”, a web analytics tool by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.
Interactions of randomly selected individual visitors with the website are recorded and evaluated anonymously in order to obtain information about site usage (e.g. number of visitors, page views, bounce rates and time on site).
No personal data is processed at any time. Plausible collects exclusively non-personal data such as information about the browser and user agent. This is stored in a non-identifiable form and evaluated for statistical purposes. Deletion takes place as soon as the data is no longer required for our evaluation purposes.
Insofar as personal data is processed in individual cases, processing takes place on the basis of our legitimate interest in the statistical evaluation of usage behaviour for optimisation purposes pursuant to Art. 6(1)(f) GDPR.
8) Site functionalities
OpenStreetMap
This website uses an online map service of the following provider: OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK
The online map service is a tool for displaying interactive maps in order to present geographical information visually. This service shows you our location and makes geolocation easier.
When you access the subpages in which the provider’s map is embedded, information about your use of our website (such as your IP address) is transmitted to the provider’s servers and stored there.
The processing of your personal data takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the needs-based design of our website. If you do not agree to the future transfer of your data to the provider, you can completely deactivate the provider’s online map service by switching off JavaScript in your browser. The online map service on this website can then no longer be used.
Where legally required, we have obtained your consent to the processing of your data described above pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future. To exercise your withdrawal, please follow the option for objecting described above.
For a data transfer to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
9) Rights of the data subject
9.1 Applicable data protection law grants you the following data subject rights vis-à-vis the controller with regard to the processing of your personal data, with reference to the cited legal basis for the respective conditions of exercise:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
9.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
10) Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. commercial and tax retention periods).
For processing based on express consent pursuant to Art. 6(1)(a) GDPR, the data concerned is stored until you withdraw your consent.
Where statutory retention periods exist for data processed in the context of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the retention periods expire, provided it is no longer required for the performance or initiation of the contract and/or we no longer have a legitimate interest in continued storage.
For processing based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
For processing of personal data for direct advertising on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.