1. Controller
Controller within the meaning of the General Data Protection Regulation (GDPR):
Kahraman Atalay
Deisterstr. 54
31785 Hameln
Email: kahraman@jadem.de
Phone: 0152 0261 0936
2. Data Protection Officer
We have not appointed a data protection officer, as the requirements under Art. 37 GDPR do not apply. If you have any questions about data protection, please contact the controller named above.
3. General information and mandatory disclosures
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
Information about the responsible party
The party responsible for data processing on this website is the controller named above.
Legal bases
We process your personal data on the basis of the following legal bases:
- Consent (Art. 6(1)(a) GDPR) – You have given your consent for a specific processing purpose.
- Performance of a contract (Art. 6(1)(b) GDPR) – The processing is necessary for the performance of a contract.
- Legal obligation (Art. 6(1)(c) GDPR) – The processing is necessary to comply with a legal obligation.
- Legitimate interest (Art. 6(1)(f) GDPR) – The processing is necessary to protect our legitimate interests.
4. Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time (Art. 7(3) GDPR). The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
Withdrawal of cookie consent: You can withdraw or adjust your consent to cookies at any time via the cookie banner on our website. To do so, click the cookie settings link in the footer of our website.
General withdrawal: For the withdrawal of other consents, an informal notification is sufficient to: kahraman@jadem.de
5. SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser address line changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
6. Hosting
This website is hosted by STRATO AG, Pascalstraße 10, 10587 Berlin. The servers are located in Germany.
The hosting provider collects the following data, which your browser transmits, in what are known as log files:
- IP address
- The address of the previously visited website (referrer URL)
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request
- HTTP status code
- Amount of data transferred
- Browser, language and version of the browser software
- Operating system
This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.
A data processing agreement (DPA) is in place with STRATO AG to ensure that your data is handled in compliance with data protection law.
Further information on the hosting provider's data protection: https://www.strato.de/datenschutz/
8. Contact form
If you send us enquiries via the contact form, the details from your enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.
This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6(1)(f) GDPR).
The data you enter in the contact form remains with us until you ask us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
9. Technically necessary cookies
We use technically necessary cookies to enable basic functions of our website. These cookies are required for the operation of the website and cannot be deactivated. They are generally only set in response to actions you take (e.g. login, shopping cart, language selection). The legal basis is § 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR (legitimate interest in operating the website).
The following services use technically necessary cookies: KaaTai Consent Manager, WordPress, Other. The storage period of these cookies is limited to the duration of the session or is a maximum of 365 days for persistent functional cookies.
10. Analytics tools and tracking
We use the following analytics tools on our website. The analytics tools are only activated with your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the cookie banner.
Google Analytics 4
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
IP anonymisation is activated on this website. For more information on how Google Analytics handles user data, please see Google's privacy policy: https://policies.google.com/privacy
Google Tag Manager
We use Google Tag Manager provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not set any cookies and does not collect any personal data. It enables the management of website tags via an interface. However, the tags triggered by Google Tag Manager can collect data.
Google Ads Conversion tracking
We use Google Ads Conversion tracking, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the analysis of website usage. Legal basis: Art. 6(1)(a) GDPR (consent).
For more information: https://business.safety.google/privacy/
Google Site Kit
We use Google Site Kit, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the analysis of website usage. Legal basis: Art. 6(1)(a) GDPR (consent).
For more information: https://business.safety.google/privacy/
12. Recipients of personal data
As part of our business activities and to provide our website, we disclose personal data to the following categories of recipients (Art. 13(1)(e) GDPR):
Categories of recipients
- Hosting provider – for the operation and provision of our website (processor pursuant to Art. 28 GDPR).
- Analytics service providers – for evaluating website usage (depending on the service, processor or independent controller).
- IT service providers – for maintenance and technical support (processor pursuant to Art. 28 GDPR, insofar as access to personal data is possible).
Specific recipients (third-party services)
| Service | Provider | Purpose |
|---|---|---|
| WordPress | Website Owner | Technically necessary |
| Google Analytics 4 | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Analytics |
| Google Tag Manager | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Analytics |
| Google Ads Conversion tracking | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Marketing |
| YouTube | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Functional |
| Google Maps | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Functional |
| OpenStreetMap | OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JY, United Kingdom | Functional |
| Google Fonts | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Functional |
| Gravatar | Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA | Functional |
| Other | Website operator | Technically necessary |
| Google Site Kit | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Analytics |
We have concluded data processing agreements (DPAs) pursuant to Art. 28 GDPR with all processors.
13. Data transfer to third countries
Some of the services we use are based outside the European Union or the European Economic Area (Art. 13(1)(f) GDPR). Personal data is only transferred to third countries if the special requirements of Art. 44–49 GDPR are met. Specifically, we base the transfer on the following safeguards:
EU-US Data Privacy Framework (DPF)
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-US Data Privacy Framework (DPF) (Commission Implementing Decision (EU) 2023/1795, based on Art. 45 GDPR). US companies certified under the DPF provide an adequate level of data protection. The following services we use are DPF-certified:
- Google Analytics 4 (Google Ireland Limited)
- Google Tag Manager (Google Ireland Limited)
- Google Ads Conversion tracking (Google Ireland Limited)
- YouTube (Google Ireland Limited)
- Google Maps (Google Ireland Limited)
- Google Fonts (Google Ireland Limited)
- Google Site Kit (Google Ireland Limited)
You can check the DPF certification status of the respective companies at: https://www.dataprivacyframework.gov/list
In addition to the DPF, we have agreed EU standard contractual clauses (Art. 46(2)(c) GDPR) with the named service providers, which serve as an additional safeguard.
Standard contractual clauses (SCCs)
For the following services, data is transferred on the basis of EU standard contractual clauses pursuant to Art. 46(2)(c) GDPR (Commission Implementing Decision (EU) 2021/914):
- OpenStreetMap (OpenStreetMap Foundation – UK, Netherlands)
- Gravatar (Automattic Inc. – USA)
The standard contractual clauses oblige the recipient to comply with the European level of data protection. Where necessary, additional technical and organisational measures are agreed (e.g. encryption, pseudonymisation) to ensure a level of protection comparable to the EU standard.
Your rights regarding third-country transfers
You have the right to receive a copy of the suitable or appropriate safeguards on the basis of which the transfer takes place. To do so, please contact the controller named above.
14. Storage period
The storage period of personal data depends on the respective processing purpose and the statutory retention period (Art. 13(2)(a) GDPR). After the period has expired, the data is routinely deleted, unless it is still required for the initiation or performance of a contract.
General deletion periods by processing purpose
| Processing purpose | Storage period / deletion period | Legal basis |
|---|---|---|
| Server log files | 7–30 days | Art. 6(1)(f) GDPR |
| Contact enquiries | Until the enquiry has been finally processed, then deletion after 6 months | Art. 6(1)(b)/(f) GDPR |
| Consent data | 3 years (proof obligation pursuant to Art. 7(1) GDPR, limitation period §§ 195, 199 BGB) | Art. 6(1)(c)/(f) GDPR |
Cookie storage period by service
| Service | Max. cookie storage period |
|---|---|
| KaaTai Consent Manager | 1 year (kccm_consent) |
| WordPress | 1 year (wp-settings-*) |
| Google Analytics 4 | 2 years (_ga) |
| Google Tag Manager | 3 months (_gcl_au) |
| Google Ads Conversion tracking | 1 year (IDE) |
| YouTube | 1.1 years (__Secure-YEC) |
| Google Maps | 6 months (NID) |
| OpenStreetMap | 10 years (_osm_location) |
| Google Fonts | Session |
| Gravatar | Session |
| Google Site Kit | Session |
15. Automated decision-making including profiling
In accordance with Art. 13(2)(f) GDPR, we inform you whether automated decision-making, including profiling, takes place in accordance with Art. 22(1) and (4) GDPR.
No automated decision-making or profiling takes place that produces legal effects concerning you or similarly significantly affects you.
Note on analytics tools: The analytics tools we use serve exclusively for the statistical evaluation of website usage. No automated individual decisions within the meaning of Art. 22 GDPR are derived from this.
16. Necessity of providing personal data
In accordance with Art. 13(2)(e) GDPR, we inform you whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, and what the consequences of non-provision would be:
Website use (no contract)
For the mere use of our website, you are not obliged to provide personal data. Technically necessary data (IP address, browser information) is transmitted automatically; this is technically required and not a contractual obligation.
Contact enquiries
Providing your email address and, where applicable, your name in the contact form is voluntary, but necessary for us to process your enquiry. Without this information, we cannot reply to you.
Cookies and consent
Cookies that are not technically necessary are only set with your express consent. Consent is voluntary; the website can also be used without these cookies. You can withdraw your consent at any time via the cookie banner.
17. Your rights as a data subject
You have the following rights with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR): You can request information about your personal data processed by us.
- Right to rectification (Art. 16 GDPR): You can request the correction of incorrect data or the completion of your personal data stored by us.
- Right to erasure (Art. 17 GDPR): You can request the erasure of your personal data stored by us, provided that no statutory retention obligations prevent this.
- Right to restriction (Art. 18 GDPR): You can request the restriction of the processing of your personal data.
- Right to data portability (Art. 20 GDPR): You can request that we transfer the personal data you have provided to us in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your personal data at any time if the processing is based on Art. 6(1)(e) or (f) GDPR.
To exercise your rights, please contact: kahraman@jadem.de
18. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR).
You can find a list of the data protection supervisory authorities in Germany and their contact details at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html