Privacy Policy

1. Data Controller

The data controller within the meaning of the GDPR and other data protection laws of the Member States and other data protection regulations is:

Davut Altindag (GFlow)
Goethestr. 39
71034 Böblingen
Deutschland

Phone: +49 1525 4140089
Email: contact@gflow-solutions.com

2. General Data Processing

2.1 Scope of Personal Data Processing

We process personal data only to the extent necessary to provide this website, handle inquiries, maintain technical security, or comply with legal obligations.

2.2 Legal Basis

Where we obtain the consent of the data subject for processing, Article 6(1)(a) GDPR serves as the legal basis. For processing personal data necessary to fulfill a contract, Article 6(1)(b) GDPR serves as the legal basis. For processing to meet legal obligations, Article 6(1)(c) GDPR applies. Where processing is based on legitimate interests, Article 6(1)(f) GDPR serves as the legal basis.

2.3 Data Deletion and Storage Duration

Personal data will be deleted or blocked once the purpose of storage no longer applies. Storage may continue if required by EU or national legislation. Data will be deleted when any legally required retention period expires, unless further storage is necessary for contract performance.

3. Website Provision, Hosting, and Technical Logs

3.1 Description and Scope of Data Processing

When this website is accessed, technically required access data is processed so that the site can be delivered, operated reliably, and protected against misuse. This may include in particular:

• The user's IP address
• Date and time of access
• Requested URL and requested files
• Referrer URL, if transmitted by the browser
• Browser type, browser version, operating system, and device
• HTTP status codes, transferred data volume, and security-relevant events

The website is provided via Cloudflare Workers and Cloudflare Assets. Cloudflare processes access data as a technical service provider, including for delivery, load balancing, error analysis, and attack mitigation.

3.2 Legal Basis

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the secure, fast, and reliable provision of the website.

3.3 Purpose of Data Processing

The processing is necessary to deliver content to the browser, detect technical errors, prevent misuse, and ensure infrastructure security.

3.4 Storage Duration

Technical access data is deleted or anonymized once it is no longer required for the purposes stated above. Longer storage may occur where necessary to investigate security incidents or comply with legal obligations.

4. Contact Form and Contact Requests

4.1 Description and Scope of Data Processing

If you use the contact form or contact us by email, we process the information you provide to handle your inquiry. The contact form processes the following data:

• Name
• Email address
• Message
• Phone number, if provided
• Company, if provided
• Language of the request and time of receipt

4.2 Legal Basis

The legal basis is Article 6(1)(b) GDPR where your request relates to pre-contractual steps or contract performance. In all other cases, the legal basis is Article 6(1)(f) GDPR; our legitimate interest is responding to your inquiry.

4.3 Purpose of Data Processing

The data is used to answer your request, ask follow-up questions, and prepare a possible cooperation. Contact form messages are transmitted to us via the email service Resend.

4.4 Storage Duration

Inquiry data is deleted once the request has been fully handled and no statutory retention obligations or legitimate interests require further storage. Communication relevant under commercial or tax law may be retained for the applicable statutory periods.

5. Service Providers and International Transfers

We use Cloudflare, Inc. as a hosting, security, and infrastructure provider for this website. We use Plus Five Five, Inc. (Resend) as an email service provider for delivering contact form messages.

Data processing agreements are in place with the providers where they process personal data on our behalf. Data may be transferred to the United States. For participating US companies, the European Commission's adequacy decision for the EU-US Data Privacy Framework may serve as a transfer basis; standard contractual clauses and additional safeguards may also be used.

The providers may use further subprocessors where necessary to provide their respective services and where covered by data protection safeguards.

6. Local Storage, Cookies, and Analytics

This website does not use analytics, marketing, or tracking cookies. No external fonts, social media plugins, or embedded tracking services are loaded.

If you switch the theme, your choice is stored locally in the browser under the key "theme". This information is not actively transmitted to us and is used only to restore your selected display mode on your next visit.

The legal basis is Article 6(1)(f) GDPR. Access to this local information is permitted without consent under Section 25(2) TDDDG because it serves to provide the display mode selected by the user. You can delete the stored information at any time through your browser settings.

7. Rights of Data Subjects

As a data subject, you have the following rights. Please contact the address provided above:

• Right to Information (Art. 15 GDPR): You have the right to request confirmation of whether personal data concerning you is being processed.
• Right to Rectification (Art. 16 GDPR): You have the right to request immediate correction of inaccurate personal data.
• Right to Erasure (Art. 17 GDPR): You have the right to request deletion of personal data concerning you ("right to be forgotten").
• Right to Restrict Processing (Art. 18 GDPR): You have the right to request restriction of processing.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object to processing at any time for reasons arising from your particular situation.
• Right to Withdraw Consent (Art. 7(3) GDPR): You have the right to withdraw your data protection consent at any time.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection authority. In most cases, this is the authority of the federal state where you reside or work.

8. Data Security

We implement technical and organizational security measures to protect the data we manage against manipulation, loss, destruction, and unauthorized access. Data transmission between your browser and our servers is exclusively via encrypted HTTPS connection (TLS/SSL). Our security measures are continuously improved according to technological developments.

9. Updates to This Privacy Policy

This Privacy Policy is currently valid and dated May 2026. Due to further development of our website and services or changes in legal or regulatory requirements, it may become necessary to modify this Privacy Policy. The current version can always be accessed on our website at /en/privacy.