Privacy Policy
Last updated: 29 August 2025
We at Céora Creative Studio (www.ceorastudio.com) take the protection of your personal data very seriously. This Privacy Policy informs you about how we process personal data when you visit our website, contact us, or use our services, in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telemedia Act (TMG).
1. Data Controller
Céora Creative Studio
Owner: Secil Özdemir
Website: www.ceorastudio.com
Email: hello@ceorastudio.com
2. Data Collection and Processing
- Contact form: name, email, phone number, message (Art. 6(1)(a) GDPR – consent, Art. 6(1)(b) GDPR – pre-contractual steps).
- Website access: server logs (IP address, browser, time of access, pages visited) for security and technical purposes (Art. 6(1)(f) GDPR).
- Cookies & analytics: where applicable, only after consent via cookie banner (Art. 6(1)(a) GDPR).
3. Purpose of Processing
- Responding to inquiries and client communication
- Preparation and execution of contracts
- Ensuring website functionality and security
- Marketing activities only with explicit consent
4. Data Retention
We store your personal data only as long as required for the purpose of processing or as required by German statutory retention obligations (e.g., tax law: 6–10 years). Data collected via the contact form will be deleted after your request has been fully processed, unless a contractual relationship results.
5. Data Sharing
We do not share your personal data with third parties unless:
- it is required for contract performance (e.g., shipping partners, accountants),
- we are legally obliged (Art. 6(1)(c) GDPR), or
- you have given your explicit consent (Art. 6(1)(a) GDPR).
6. Your Rights under the GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, please contact: hello@ceorastudio.com.
You also have the right to lodge a complaint with the competent German data protection authority (e.g., Landesbeauftragte für Datenschutz NRW).
7. Security of Your Data
We use SSL encryption and appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, or misuse.
8. Cookies & Tracking
Our website may use cookies to enhance user experience. Non-essential cookies (e.g., Google Analytics, social media plugins) are only set after explicit consent via our cookie banner. You can revoke consent at any time in your browser settings.
9. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal changes or adjustments to our services. The latest version will always be published on this page.
10. Legal Bases
We process personal data on the following legal bases according to Art. 6 GDPR:
- Art. 6(1)(a) GDPR – Consent
- Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
- Art. 6(1)(c) GDPR – Legal obligations
- Art. 6(1)(f) GDPR – Legitimate interests (e.g., IT security, fraud prevention)
11. Data Processors
We may engage external service providers (data processors) for hosting, email communication, and other services necessary to operate our business. These service providers process data only on our instructions and in accordance with Art. 28 GDPR.
12. International Data Transfers
If we use services provided by companies located outside the European Economic Area (e.g., Google, Meta, Mailchimp), your personal data may be transferred to these third countries. In such cases, we ensure that appropriate safeguards (e.g., Standard Contractual Clauses) are in place to protect your data in accordance with Art. 44 et seq. GDPR.
