Information about the processing of personal data pursuant to Art. 13 and 14 GDPR. Effective: June 2026.
This website is operated jointly by two controllers within the meaning of Art. 26 GDPR (joint controllers):
A written joint-controller arrangement pursuant to Art. 26(1) GDPR governs the allocation of responsibilities. Essential content is available on request.
Since the production facility is established outside the EU, the German sales branch acts as the Representative in the Union pursuant to Art. 27 GDPR. Inquiries can be sent directly to [email protected].
Appointment of a DPO under Art. 37 GDPR is not mandatory, as the core activity does not involve large-scale processing of special categories of data or systematic monitoring. Editorial responsibility: Furkan Kayan.
The following table summarises the personal data processed via this website:
| Processing | Data collected | Purpose | Legal basis |
|---|---|---|---|
| Quote request / machine configurator | Name, company, email, phone, country, machine selection, request text | Handling your request, preparing individual offers | Art. 6(1)(b) GDPR (pre-contractual measures) |
| Distributor application | Company, country, contact, phone, email, business data, portfolio | Evaluation of your application as a sales partner | Art. 6(1)(b) GDPR |
| Admin login (internal users) | Username, password hash (bcrypt), session token (JWT) | Access to the internal administration system | Art. 6(1)(f) GDPR (legitimate interest: security) |
| Server log files | IP address (truncated), timestamp, requested resource, user-agent, referrer | Security, error analysis, protection against attacks | Art. 6(1)(f) GDPR (legitimate interest: operational security) |
Your data is not passed on to third parties, with the following exceptions:
Data is transferred to the production facility in Türkiye only to the extent necessary (e.g. manufacturing of an ordered machine). Türkiye is a third country without an EU adequacy decision. The transfer is based on the Standard Contractual Clauses (SCCs) of the European Commission pursuant to Art. 46(2)(c) GDPR. A copy of the SCCs can be requested at [email protected].
This website is hosted by DigitalOcean LLC, 101 Avenue of the Americas, New York, NY 10013, USA. Processing location: Frankfurt am Main, Germany (EU). A data processing agreement under Art. 28 GDPR is in place. DigitalOcean is certified under the EU-US Data Privacy Framework (DPF).
Personal data is stored in DigitalOcean Managed MongoDB, location: Frankfurt am Main, Germany (EU). The database is accessible only through internal, encrypted (TLS) connections.
This site loads fonts from Google Fonts (Archivo, IBM Plex Mono, Cairo, Noto Sans). Your IP address is briefly transmitted to Google LLC (USA). A self-hosted alternative is planned. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in uniform presentation). Google privacy policy: policies.google.com/privacy
We use exclusively technically necessary cookies (JWT session cookie for the admin area). No tracking, analytics or marketing. A consent banner is therefore not required. Details: see cookie notice. → cookies-ca.html
Under the GDPR you have the following rights vis-à-vis the controllers:
To exercise your rights, please contact: [email protected]
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for our Berlin sales branch is:
This site is served exclusively via HTTPS (TLS 1.2/1.3). The certificate is provided and renewed automatically by Let's Encrypt via DigitalOcean App Platform.
Effective: June 2026. We reserve the right to adapt this privacy policy when new functionality is introduced or the legal situation changes. The current version is always available on this page.