Privacy Policy
1. Privacy at a Glance
General Information
The following information provides you with an overview of what happens to your personal data when you use our website. Personal data refers to all information that enables identification of you as an individual. Detailed information on data protection can be found in this privacy policy.
Data Collection on This Website
Who is responsible for data processing on this website?
Data processing on this website is the responsibility of the website operator. Their contact information can be found under "Controller" in this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you actively provide it to us, for example via a contact form or when registering for our newsletter.
On the other hand, our IT systems automatically collect certain data, or with your consent, when you visit the website. This primarily includes technical information such as your internet browser, the operating system used, or the time you access the site. This collection occurs automatically upon entering the website.
What do we use your data for?
Part of the collected data serves to ensure the error-free provision of the website. Other data is used to analyze user behavior or for communication with you.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have consented to data processing, you can revoke this consent at any time with effect for the future. Furthermore, under certain circumstances, you have the right to request restriction of the processing of your personal data. Additionally, you can file a complaint with the competent supervisory authority.
If you have any questions about data protection, you can contact us at any time.
2. Hosting
The hosting of this website is provided by Framer. The provider is Framer B.V., Herengracht 132, 1015 BV Amsterdam, Netherlands.
When accessing this website, technically necessary data (e.g., IP addresses, browser information, timestamps) is transmitted to the hosting provider's servers. The provider anonymizes this data in accordance with its privacy policy. Additionally, when using contact forms or other functions, further data such as contact requests, names, and email addresses may be processed.
We use Framer to fulfill our contractual obligations to potential and existing customers (Art. 6(1)(b) GDPR) and to provide our online offering securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR).
The hosting provider processes your data only to the extent necessary to fulfill its performance obligations and follows our instructions regarding this data.
Data Processing Agreement
The hosting provider has provided a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR: https://www.framer.com/legal/data-processing-addendum/
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us, this site uses SSL/TLS encryption by IONOS. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in the browser line.
When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
3. General Information and Mandatory Disclosures
Data Protection
The protection of your personal data is an important concern for the operators of these pages. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When using this website, various personal data is collected. Personal data is information by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We point out that data transmission over the internet (e.g., via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Notice Regarding the Controller
The controller for data processing on this website is:
Veluma UG (haftungsbeschränkt)
Cosimastraße 121
81925 Munich
Germany
Represented by:
Enes Özdek (Managing Director)
Phone: +49 15679761807
Email: privacy@veluma.me
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have legally permissible reasons for continued storage (e.g., tax or commercial law retention obligations). In this case, deletion will occur after these reasons cease to apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, your personal data is processed on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. In case of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time. If your data is necessary for contract performance or for implementing pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if necessary to fulfill a legal obligation, based on Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are specified in the following sections of this privacy policy.
Recipients of Personal Data
As part of our business activities, we cooperate with various external partners. It may be necessary to transmit personal data to these partners. We only share personal data if necessary for contract fulfillment, if we are legally obligated to do so (e.g., disclosure to tax authorities), if we have a legitimate interest according to Art. 6(1)(f) GDPR in the disclosure, or if another legal basis permits disclosure. When working with data processors, we only share personal data based on a valid data processing agreement. In case of joint processing, a corresponding agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent already given at any time. The lawfulness of processing carried out until revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. FOLLOWING YOUR OBJECTION, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of GDPR violations, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged violation. The right to lodge a complaint exists independently of other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to third parties in a common, machine-readable format. If you request the direct transfer of data to another controller, this will only be done to the extent technically feasible.
Information, Correction, and Deletion
Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of processing, and if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions about personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we normally need time to verify this. During this verification, you have the right to request restriction of processing.
If the processing of your personal data was or is unlawful, you can request restriction of processing instead of deletion.
If we no longer need your personal data but you require it for the exercise, defense, or assertion of legal claims, you have the right to request restriction of processing instead of deletion.
If you have filed an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of processing.
If you have restricted the processing of your personal data, this data may—apart from its storage—only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
4. Data Collection on This Website
Server Log Files
The page provider automatically collects and stores information in server log files that your browser automatically transmits to us. This includes:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address
This data is not merged with other data sources.
Collection is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website—for this purpose, server log files must be collected.
Contact Form
If you send us inquiries via the contact form, your information from the form, including the contact data you provided, will be stored by us for processing the inquiry and for possible follow-up questions. We do not share this data without your consent.
Processing is based on Art. 6(1)(b) GDPR if your inquiry is related to contract fulfillment or necessary for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested. Consent can be revoked at any time.
The data entered in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing your inquiry). Mandatory statutory provisions—particularly retention periods—remain unaffected.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for handling your request. We do not share this data without your consent.
Processing is based on Art. 6(1)(b) GDPR if your inquiry is related to contract fulfillment or necessary for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested. Consent can be revoked at any time.
Data transmitted to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing). Mandatory statutory provisions—particularly statutory retention periods—remain unaffected.
5. Newsletter
Newsletter Data
If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and consent to receiving the newsletter. We do not collect additional data or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.
Processing of data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of data, the email address, and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by revocation.
Data stored by us for the purpose of receiving the newsletter will be retained until you unsubscribe from the newsletter and deleted after cancellation of the newsletter or after the purpose no longer applies from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest according to Art. 6(1)(f) GDPR.
Data stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. Data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.
Kit (ConvertKit)
This website uses Kit (formerly ConvertKit) for newsletter delivery. The provider is Kit Inc., 2701 Ocean Park Blvd Suite 123, Santa Monica, CA 90405, USA.
Kit is a service with which, among other things, newsletter delivery can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Kit's servers in the USA.
Data Analysis by Kit
With the help of Kit, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were possibly clicked. In this way, we can determine, among other things, which links were clicked particularly frequently.
We can also recognize whether certain predefined actions were performed after opening or clicking (conversion rate). For example, we can recognize whether you made a purchase after clicking on the newsletter.
Kit also enables us to divide newsletter recipients into different categories ("segmentation"). Newsletter recipients can, for example, be divided by age, gender, or place of residence. This allows newsletters to be better adapted to the respective target groups.
If you do not want analysis by Kit, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
Detailed information on Kit's features can be found at: https://kit.com/features.
Kit's privacy policy can be found at: https://kit.com/privacy.
Legal Basis
Processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by revocation.
Storage Duration
Data stored by us for the purpose of receiving the newsletter will be retained until you unsubscribe from the newsletter and deleted after cancellation from the newsletter distribution list. Data stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. Data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data protection law that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
6. Analytics Tools
Framer Analytics
This website uses the anonymized analytics function of Framer. The provider is Framer B.V., Herengracht 132, 1015 BV Amsterdam, Netherlands.
Framer Analytics collects anonymized usage data to analyze website usage and optimize the website. The data is processed in such a way that no conclusions about individual persons are possible. No personal data is stored.
Collection is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior to optimize their web offering and advertising.
Further information can be found in Framer's privacy policy: https://www.framer.com/privacy/.
7. Plugins and Tools
Google Fonts (Local Hosting)
This site uses Google Fonts provided by Google for uniform font display. The Google Fonts are installed locally. No connection to Google servers takes place.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en.
8. Marketing and Advertising
Google Ads
We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertising in the Google search engine or on third-party websites when you enter certain search terms on Google (keyword targeting). Additionally, targeted advertising campaigns can be displayed based on existing data (e.g., location data and interests) (audience targeting). As a website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our ads and how many ads led to corresponding clicks.
The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in marketing their services as effectively as possible.
If corresponding consent was requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
We use the 'Enhanced Conversions' feature of Google Ads. When you successfully book an appointment, personal data you provide (such as your email address or phone number) is transmitted to Google in an encrypted (hashed) format. This allows Google to match your conversion data with existing Google accounts to improve the accuracy of our conversion tracking. This processing only occurs if you have provided your explicit consent.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Google Analytics 4 (GA4)
This website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited. GA4 uses cookies and similar technologies to analyze how users interact with our website. We track specific events, such as successful appointment bookings ('generate_lead'). IP addresses are automatically anonymized by Google before being stored or processed in the United States. The legal basis for this processing is your consent according to Art. 6 (1) (a) GDPR.
Cal.com Booking Tool
For scheduling appointments, we use the services of Cal.com (Cal.com, Inc.). When you book an appointment, the data you enter is processed on Cal.com's servers. To optimize our marketing efforts, we retrieve this data via an API and partially forward it to our analysis tools (Google Ads/Analytics). For more information on how Cal.com handles your data, please refer to their privacy policy at: https://cal.com/privacy.
9. Social Media
Social Media Links
Our website contains links to our social media profiles. These are implemented as simple links and do not transmit data to social media platforms unless you actively click on them. Only when you click on one of these links and visit the corresponding social media platform can data about you be transmitted to the respective providers.
We have no influence on what data the social media platforms collect after clicking and how they use it. Information on this can be found in the respective privacy policies of the providers.
10. Other Information
External Links
Our online offering contains links to external third-party websites over whose content we have no control. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking.
However, permanent content control of the linked pages is not reasonable without concrete evidence of a legal violation. Upon becoming aware of legal violations, we will remove such links immediately.
Changes to the Privacy Policy
We reserve the right to occasionally adjust this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will apply to your next visit.
Minors
Our offering is generally directed at adults. Persons under 18 years of age should not transmit personal data to us without the consent of their parents or legal guardians.