Close

Privacy Policy

1. Data Controller

The controller responsible for the processing of personal data on this website is:

XEYAL UG (haftungsbeschränkt) Leopoldstraße 2-8 Gebäude P - Block H - Nr. 576 32051 Herford Germany Email: contact@xeyal.studio

Represented by the Managing Director Abdullah Yildiz. Further details can be found in our Imprint.

2. Principle

This website is deliberately designed to minimize data collection. We do not use our own analytics or advertising cookies, tracking tools, analytics services, advertising services, or fonts from external servers. All fonts are served locally.

The imprint pages temporarily include a contact form as an additional fast contact option. For this form, we use Forminit as the form backend and hCaptcha as bot protection. When the security check is loaded and when the form is submitted, the external scripts required for this purpose are loaded. Details are described below.

3. Hosting and Server Log Files

This website is hosted on Cloudflare Pages. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Its European branch is Cloudflare Germany GmbH, c/o Design Offices München Atlas, Rosenheimer Straße 143C - 8th floor, 81671 Munich, Germany.

When you visit this website, Cloudflare automatically processes technical connection data transmitted by your browser. This typically includes:

Processing takes place for the purpose of securely and stably delivering this website and defending against technical attacks. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in operating a functional, secure, and abuse-resistant website.

Cloudflare processes personal data as our processor within the meaning of Article 28 GDPR. The basis for this is the Cloudflare Data Processing Addendum. Data transfers to the USA may occur in the course of providing this service. According to Cloudflare, such transfers are supported, among other mechanisms, by the EU Standard Contractual Clauses and Cloudflare's certification under the EU-U.S. Data Privacy Framework. Information about the relevant safeguards is available from us upon request.

Technical connection data is processed only for as long as necessary for website delivery, security, error analysis, and abuse prevention. We do not maintain additional proprietary web server log files.

4. Contact by Email and Contact Form

When you contact us by email, we process the information you provide in your email, including the contact details you include, in order to respond to your inquiry. The legal basis is Article 6(1)(f) GDPR; our legitimate interest lies in responding to your inquiry. For pre-contractual or contractual inquiries, Article 6(1)(b) GDPR additionally applies.

If you use the contact form on an imprint page, we process the information you enter. This includes your email address, your message, and, if provided voluntarily, your name. In addition, technically required metadata such as IP address, time of request, browser and device information, referrer URL, and the result of the hCaptcha check may be processed. The purpose of processing is to receive and respond to your inquiry and to protect the form against spam and abuse. The legal basis is Article 6(1)(f) GDPR; for pre-contractual or contractual inquiries, Article 6(1)(b) GDPR additionally applies.

Providing an email address and message is necessary so that we can receive and respond to your inquiry through the form. Providing your name is voluntary. Without the required information, the form cannot be submitted.

We use Forminit, operated by UXPLUS LTD, 86-90 Paul Street, 3rd Floor, London, England, EC2A 4NE, United Kingdom, Company Number 11357429, for the technical operation of the contact form. Forminit processes form contents and technical metadata on our behalf. According to Forminit, form data is processed in AWS regions within the EU and is encrypted in transit and at rest. Forminit may use sub-processors, in particular for hosting, storage, spam protection, security functions, and technical operations.

To protect the form against automated submissions, we use hCaptcha. The provider is Intuition Machines, Inc., 1065 SW 8th St #704, Miami, FL 33130, USA. hCaptcha processes technical data to determine whether a form submission is made by a human or automated. This may include, in particular, IP address, browser and device information, interaction data, time of request, and technical security characteristics. hCaptcha may use cookies or comparable technologies where this is necessary for the security check. The legal basis is Article 6(1)(f) GDPR; our legitimate interest lies in protecting the form against abuse. To the extent information is stored on or read from the user's device, this is based on Section 25(2) TDDDG where strictly necessary to provide the expressly requested form function and security check.

A transfer of personal data to hCaptcha in the USA is possible. According to hCaptcha, such transfers are supported, among other mechanisms, by Standard Contractual Clauses and the provider's certification under the EU-U.S. Data Privacy Framework. Information about the relevant safeguards is available from us upon request.

Email inquiries and contact form notifications are processed via our email service providers. Recipients of personal data may also include the technical service providers mentioned above where this is necessary for hosting, security, form operation, and email delivery.

We retain inquiries only as long as necessary to respond to them. Business correspondence may be retained for up to six years due to statutory retention obligations.

5. External Links and Social Media

This website may contain links to external platforms, such as social media profiles. These links lead to external sites whose operators have their own privacy policies. Data is transferred to these providers only when you actively click the respective link. We have no influence over the data processing by these third-party providers.

6. Online Presences on Social Networks

Where we operate online presences on social networks, in particular on YouTube, Twitch, and Instagram, we use them to provide information about our projects and to communicate with users.

If you visit our profiles on these platforms, interact with them, comment on posts, share content, or send us messages, personal data may be processed. Depending on the platform and your use, this may include your username, publicly visible profile information, comments, messages, reactions, shared content, and statistical information made available to us by the respective platform.

We process this data where necessary to communicate with you, maintain our online presences, and present our studio publicly. The legal basis is Article 6(1)(f) GDPR. For contract-related inquiries, Article 6(1)(b) GDPR may additionally apply.

The platform operators also process personal data under their own responsibility. We have only limited influence over the nature, scope, and purposes of this processing. Personal data may also be processed outside the European Union. You may exercise your data subject rights both against us and against the respective platform operator. For processing carried out by the platform itself, the respective platform operator is generally the more appropriate contact.

7. Your Rights

You have the following rights regarding your personal data:

Where processing is based on Article 6(1)(f) GDPR, you may object to the processing on grounds relating to your particular situation.

To exercise your rights, a simple email to contact@xeyal.studio is sufficient.

8. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). The authority responsible for XEYAL UG (haftungsbeschränkt) is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Kavalleriestraße 2-4 40213 Düsseldorf, Germany

9. No Automated Decision-Making

We do not use automated decision-making within the meaning of Article 22 GDPR. The hCaptcha security check is used solely to make automated abuse of the contact form more difficult.

10. Changes to this Privacy Policy

This Privacy Policy may be updated due to technical or legal changes. The current version is always available on this page.

← Back to home