Legal
Privacy Policy
We process personal data sparingly and transparently under the General Data Protection Regulation (GDPR).
The legally binding version is the German one.
1. Controller
The controller within the meaning of the GDPR is:
Hüseyin Kurtoglu Wolfsohn (Einzelunternehmen)
Alte Schulgasse 9, 64850 Schaafheim, Germany
Email: [email protected]
2. Principle
This website is designed for data minimisation. We use no tracking cookies, no marketing pixels and no third-party profiling services. Personal data is processed only where necessary to operate the website or to respond to your enquiry.
3. Server log files
When you access the website, our hosting provider processes technically necessary access data (e.g. IP address, date and time, page requested, user agent) to ensure delivery and security of the website.
Lawful basis: Art. 6 (1) (f) GDPR (legitimate interest in secure, error-free operation).
4. Contact form
If you write to us via the contact form, your details (e.g. name, email address and message) are transmitted to us solely by email via the mailbox of our hosting provider Hostinger (processing within the EU) so that we can respond to your enquiry. This data is not stored in a database of this website. Via our project form ('Start your project') you may additionally submit details such as a phone number, company name and optional file attachments you upload; these are likewise sent to us solely by email via this mailbox and are not stored in a database of this website.
Lawful basis: Art. 6 (1) (b) and (f) GDPR (handling your enquiry / legitimate interest in communication).
Project files and uploaded materials
If you upload files through our project form (for example logos or images), we process them only to review your project request and prepare a proposal. Please do not upload special categories of personal data unless strictly necessary. The files are transmitted to us by email and to our internal project system and are not stored in a website database. We delete them once the enquiry is completed, unless statutory retention obligations apply.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures and performance of a contract).
Chat assistant (Tina)
An AI-supported chat assistant (Tina) is available on the website. When you use the chat, your messages, a conversation ID and the page you are on are transmitted to our own system (tina.wolfsohn.ai) and answered automatically. Please do not enter sensitive data in the chat.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in answering enquiries).
5. Audience measurement (Google Analytics 4, with consent)
Only with your consent, this website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It sets _ga cookies to measure page usage; IP addresses are anonymized. Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw your consent at any time on the Cookies page; without consent no analytics cookies are set and the site remains fully usable.
Payment processing (Stripe)
For paid website plans, payments are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. When you buy, you are redirected to the Stripe checkout page; the payment data entered there (for example name, email address, payment method, billing address) is processed by Stripe. We ourselves do not receive or store full payment data. More information: https://stripe.com/privacy
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (statutory retention obligations).
Data processing in AI and software projects
In client projects we may process business data, contact data, CRM data, product data, communication data and other customer-provided information strictly for the agreed project purpose. Depending on the project setup, we act either as controller or as processor. Where we process personal data on behalf of a client, a separate data processing agreement under Art. 28 GDPR is concluded beforehand.
6. No third-party marketing pixels
We embed no third-party marketing or advertising pixels (e.g. from social networks or ad networks).
7. Recipients / processors
To operate this website we use carefully selected service providers as processors (Art. 28 GDPR):
- Hosting: Hostinger (Hostinger International Ltd, Lithuania/EU), serving the website; processing takes place in data centres within the EU.
- Content delivery network, DNS and protection/proxy: Cloudflare, Inc. (USA), secure and fast delivery of the website; in doing so it processes technical access data (incl. IP address).
- Email delivery of form submissions: Hostinger (Hostinger International Ltd, Lithuania/EU), delivering your contact and project enquiries to our mailbox; processing takes place within the EU.
Data-processing agreements pursuant to Art. 28 GDPR are in place with these providers.
8. Transfers to third countries
One of the above providers (Cloudflare, Inc.) is based in the USA or may process data there. Where personal data is transferred to a third country outside the EU/EEA, this is done on the basis of appropriate safeguards under Art. 44 et seq. GDPR, in particular the EU Commission's Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and, where the providers are certified, the EU-US Data Privacy Framework. As a European company we process your data primarily within the EU; any transfer beyond that occurs only to the extent described above.
9. Retention period
We store personal data only for as long as is necessary for the respective purpose or as required by statutory retention obligations. Server log files are kept for a short period for security reasons and then deleted. Details from contact and project enquiries are deleted once your enquiry has been conclusively handled and no statutory retention obligations apply.
10. Your rights
Under the GDPR you have the following rights vis-à-vis the controller:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).