The controller as per the EU General Data Protection
Regulation (“GDPR”) is:
Director: Ayşe DAYI
Data Protection Officer:
Geschäftsführer: K. Hakan Hasşerbetçi
HRB 74806 Düsseldorf
Steuer Nr.: 147/5857/1411
Aim and Scope of our Policy
We take your privacy into our consideration since Your privacy is very important not only to our management but also all the company colleagues, and the third parties which we share your data such as credit card information when you use it to place an order. As a matter of fact, that We use your personal information only to manage your customer account / profile, to provide the services you order, to keep you informed about our services, in case you have consented. The protection, confidentiality and integrity of your personal information is very much important to each member of our organization.
We make a commitment to ensuring that personal data of our website visitors, including special categories of personal data is processed in line with GDPR and domestic laws and all visitors conduct themselves in line with this, and other related, policies. Where third parties process data on behalf of us, we will ensure that the third party takes such measures in order to maintain our commitment to protecting data. In line with GDPR, we understand that it will be accountable for the processing, management and regulation, and storage and retention of all personal data held in the form of manual records and on computers.
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This website is not designed or intended for use by children under the age of 16. We do not knowingly collect any Personal Data from anyone under the age of 16 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent’s or guardian’s permission prior to using or disclosing any Personal Data on this website or online resource.
Personal Data: Any kind of information can be personal data provided that it relates to an identified or identifiable person. Personal data covers information pertaining to the private life of a person, which also includes professional activities, as well as information about his or her public life. Under EU law, information contains data about a person if
- an individual is identified or identifiable by this information; or
- an individual, although not identified, can be singled out by this information in a way which makes it possible to find out who the data subject is by conducting further research.
Data Subject: Under EU law, natural persons are the only beneficiaries of data protection rules (Article 1) and only living beings are protected under European data protection law (Recital 27. See also Article 29 Working Party (2007), Opinion 4/2007 on the concept of personal data, WP 136, 20 June 2007, p. 22.) The General Data Protection Regulation (GDPR) defines personal data as any information relating to an identified or identifiable natural person.
Both types of information are protected in the same manner under European data protection law. Direct or indirect identifiability of individuals requires continuous assessment, “taking into consideration the available technology at the time of the processing and technology developments”. (General Data Protection Regulation, Recital 26.)
The GDPR stipulates that a natural person is identifiable when he or she “can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person” (General Data Protection Regulation, Art. 4 (1)
Data Subject Rights
Data Subject Rights in general: Every data subject has the right to information about processing of his or her personal data by a data controller, with limited exceptions.
Data subjects shall have the right to access their own data and obtain certain information about the processing. they have their data rectified by the controller processing their data. If the data are inaccurate, the controller erase their data, as appropriate, if the controller is processing their data illegally, they have the right to temporarily restrict processing, they have their data ported to another controller under certain conditions. Additionally, data subjects shall have the right to object to processing on: grounds relating to their particular situation he uses of their data for direct marketing purposes.
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal effects or that significantly affect them. Data subjects also have the right to obtain human intervention on the part of the controller express their point of view and contest a decision based on automated processing. If you have given us your consent, you can revoke it at any time with effect for the future.
You can contact your local supervisory authority at any time with a complaint. Your local supervisory authority depends on your state of residence, your work, or the alleged infringement. A list of supervisory authorities (for the non-public sector) and their addresses can be found. at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Data protection principles
All personal data obtained and held by us will:
- be processed fairly, lawfully and in a transparent manner
- be collected for specific, explicit, and legitimate purposes
- be adequate, relevant, and limited to what is necessary for the purposes of processing
- be kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay
- not be kept for longer than is necessary for its given purpose
- be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage by using appropriate technical or organisation measures
- comply with the relevant GDPR procedures for international transferring of personal data.
In addition, personal data will be processed in recognition of an individuals’ data protection rights, as follows:
- the right to be informed
- the right of access
- the right for any inaccuracies to be corrected (rectification)
- the right to have information deleted (erasure)
- the right to restrict the processing of the data
- the right to portability
- the right to object to the inclusion of any information
- the right to regulate any automated decision-making and profiling of personal data.
We process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
We use the personal information as collected during your visit to our websites to make using them as convenient as possible for you and to protect our IT systems against attacks and other unlawful activities.
In case you share additional information with us – for example, by filling out a registration form, contact form we will use that information for the designated purposes. we use personal data to the extent that we are legally obliged to do so.
Your personal data will not be passed to third parties for purposes other than those mentioned. We will only pass on your personal data to third parties if:
- you have given your express consent,
- the processing is necessary to process a contract with you,
- the processing is necessary to fulfil a legal obligation,
the processing is necessary to protect legitimate interests and there is no reason to believe that you have an overriding interest worthy of protection in not disclosing your data.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
Regarding Processing of data outside the EU / the EEA, your data will in part also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners (copy available on request), or we will ask for your explicit consent to such processing.
Regarding use of Data Marketing, we never sell or transfer your Personal Data to any non-affiliated entity for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent. If you would like more information about this practice and your choices to opt out of having this information, see our cookies policy.
We keep records of its processing activities including the purpose for the processing and retention periods in our HR Data Record. These records will be kept up to date so that they reflect current processing activities.
Access to data
Our visitors have a right to be informed whether we process personal data relating to them and to access the data that we hold about them. Requests for access to this data will be dealt very carefully and based on the GDPR.
Our visitors can inform us immediately if they believe that the data is inaccurate, either as a result of a subject access request or otherwise. We will take immediate steps to rectify the information.
We adopt procedures designed to maintain the security of data when it is stored and transported.
- All files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
- All files or written information of a confidential nature are not left where they can be read by unauthorised people
- We check regularly on the accuracy of data being entered into computers
- We always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them
- We use computer screen blanking to ensure that personal data is not left on screen when not in use.
Personal data relating to our visitors should not be kept or transported on laptops, USB sticks, or similar devices.
We store your IP address and the name of your Internet service provider for seven days. This is for security reasons; in particular, to prevent and detect attacks on our websites or attempts at fraud.
Deleting your personal data
IP address of our visitors, which we store for security purposes, will be deleted after seven days. We delete
your personal information as soon as the purpose that it was collected for and, processed has been fulfilled.
International data transfers
We do not transfer personal data to any recipients outside of the EU.
Personal Data Breach notification
Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the Information Commissioner within 72 hours of the Company becoming aware of it and may be reported in more than one instalment.
Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual.
If the breach is sufficient to warrant notification to the public, we will do so without undue delay.
Provision of the website and creation of log files When you visit our website
When you access our website, information of a general nature is automatically collected by means of a cookie. This information (in the form of server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person.
This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the internet. They are processed in particular for the following purposes:
- ensuring a trouble-free connection of the website,
- ensuring smooth use of our website,
- evaluating system security and stability as well as
- for other administrative purposes.
Whenever you visit our websites, we keep some information about the browser and operating system you are using; the date and time of your visit; the usage of features on the website; how often you visit individual websites; the names of the files you access; the amount of data transferred; the Web page from which you accessed our website; whether by clicking links on our websites or entering a domain directly into the input field of the same tab (or window) of the browser in which you have our websites open.
The processing of your personal data is based on our legitimate interest from the aforementioned purposes for data collection. We do not use your data to draw conclusions about you personally. The recipients of the data are only the Data Controller and, if applicable, the contract processor.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data pursuant to Art. 6 para. 1 lit. f DSGVO.
The data will be deleted when it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
Whenever you visit our websites, we store certain information about the browser and operating system you are using; the date and time of your visit; the status of the interaction (e.g. whether you were able to access the website or received an error message); the usage of features on the website; any search phrases you entered; how often you visit individual websites; the names of the files you access; the amount of data transferred; the Web page from which you accessed our website; and the Web page you visited after visiting our website, whether by clicking links on our websites or entering a domain directly into the input field of the same tab (or window) of the browser in which you have our websites open. In addition, we store your IP address and the name of your Internet service provider for seven days. This is for security reasons; in particular, to prevent and detect attacks on our websites or attempts at fraud.
Using the information contained in cookies enables us to make it easier for you to navigate our web pages and to display them correctly.
The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 para. 1 sentence 1 lit. f DSGVO required.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website.
We will never pass the data collected by us to third parties or make any connection with personal data without your permission.
What personal information do we collect?
We require certain personal information in order to provide you with this service. You enter some of this data in our websites and or directly by email, fax or by Post. If you become our partner or customer, then we will create an account in our files.
We receive some of your personal information indirectly from your devices by recording how you interact with our services (such as through cookies) and we also obtain your data as you share using the following omni channels:
Fax, email, Telephone, social network, Orca website,
As a matter of fact, that we process the following details you shared with us under your consent:
- Company/Personal names given if first and last name
- Salutation (Mr, Mrs, no salutation, title);
- E-mail address
- Telephone number
- IP address
- Payment and billing information, e.g. Bank account;
- Commercial number / registration number
- If applicable, VAT ID
Our website has a contact form available, which can be used as electronic contact. If you enter your Data, the data entered in the input mask will be transmitted to us and saved.
Below you can find the data available in our website:
(1) Name (required)
(2) E-Mail (required)
(3) Message (optional)
(4) Phone (optional)
(5) How did you hear about us (optional)
At the time of sending the message, the following data is also stored:
(1) Time to fill out the form
(2) User Agent of the sender
(3) Date and time
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
Opposition and removal possibility
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
All personal data stored in the course of contacting will be deleted in this case.
Questions and complaints
If you have any questions or concerns about the way we use your personal information, please contact customer service or contact our Data Privacy Controller: Ms. Ayşe DAYI
Last updated: May 20, 2021