Baya Software Logo

Privacy Policy

Stand: 02.04.2025

1. General Information and Mandatory Notices

Responsible Entity

The entity responsible for data processing under the General Data Protection Regulation (GDPR), other data protection laws in the member states of the European Union, and other provisions relating to data protection is:

Yavuz Selim Deveci Small Business

Drosselweg 12

89231 Neu-Ulm

Phone: +49 176 34541858

Email: [email protected]

The responsible entity is the natural person who alone determines the purposes and means of processing personal data.

2. Data Collection on this Website

Server Log Files

When you visit this website, information is automatically captured and stored in server log files by the hosting provider. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data cannot be attributed to specific individuals and is not combined with other data sources. The collection is based on Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in:

Retention period: The log files are typically automatically deleted after 7 days, unless there are security-relevant incidents that require longer retention.

To enhance security, additional protective measures are employed, including Cloudflare protection mechanisms, a server-side firewall, and manual review of server logs. The website is also protected against abusive requests through rate limiting.

Cloudflare Services

This website uses services from Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

Cloudflare Turnstile:

We use Cloudflare Turnstile, a privacy-friendly bot protection for our contact form. Turnstile analyzes browser behavior to distinguish real users from automated bots, without requiring you to solve a captcha. Certain technical information from your device (e.g., screen resolution, browser settings, device information) and your IP address are transmitted to Cloudflare. This data is processed by Cloudflare solely for the purpose of bot detection and is not linked to other data.

Additional Cloudflare Protection Mechanisms:

We also use additional Cloudflare protection features such as DDoS protection and Web Application Firewall (WAF). These services route all traffic to our website through Cloudflare's servers to protect our website from malicious access. Certain information such as your IP address, browser type, and visited page is transmitted to Cloudflare and temporarily stored there.

Legal Basis and Retention Period:

The use of Cloudflare services is based on Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in:

  • Protecting the website and its users from malicious bots, spam, and cyber attacks
  • Ensuring the availability and integrity of the website
  • Improving overall website security

The data processed by Cloudflare is stored only for as long as necessary to provide the services, according to their privacy policy.

For more information about data protection at Cloudflare, please visit: https://www.cloudflare.com/privacypolicy/

Cookies

This website uses only technically necessary cookies, specifically the "NEXT_LOCALE" cookie, which stores the language setting chosen by the user (e.g., German or English). This cookie is set by the next-intl internationalization tool and is required to ensure the functionality and user-friendliness of the site. The cookie has a validity period of 30 days.

No cookies are used for analysis, tracking, or marketing purposes.

Legal basis: The use of technically necessary cookies is based on Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in a user-friendly presentation of the website and enabling display in the user's preferred language.

3. Contact Form

When you contact us through the contact form, your information (name, email address, possibly phone number and message) is processed to handle your inquiry and for any follow-up questions.

The submitted information is not stored in a database but is transmitted directly to us via email through a secure SMTP service (Google Workspace). The connection is encrypted using TLS (Transport Layer Security).

Legal basis: Processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR for the implementation of pre-contractual measures (for inquiries about our services) and in accordance with Art. 6 Para. 1 lit. f GDPR due to our legitimate interest in efficient communication and handling your request.

Retention period: Your information will be deleted once your inquiry has been fully processed and no legal retention obligations exist, typically after 3 months. If further communication is expected (e.g., as part of an offer or project start), the data will be retained until the completion of the process and then deleted.

The transmission of data to Google Workspace for email processing is based on a data processing agreement according to Art. 28 GDPR. For more information about data protection at Google, please visit: https://policies.google.com/privacy

4. Hosting

The website is hosted by the following provider:

netcup GmbH

Daimlerstraße 25

D-76185 Karlsruhe

Phone: +49 721 / 7540755 - 0

Email: [email protected]

Web: www.netcup.com

We have concluded a data processing agreement with netcup GmbH in accordance with Article 28 GDPR to ensure the lawful and secure processing of personal data on our behalf.

As our hosting provider, netcup GmbH may process personal data on our behalf, particularly the server log data mentioned above. We do not share your personal data with third parties for their own independent purposes, with the exception of Cloudflare (as described above).

5. SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as inquiries via the contact form. The SSL/TLS encryption ensures that the data you enter on our website cannot be intercepted or read by unauthorized third parties during transmission.

You can recognize an encrypted connection by the fact that the address line of the browser begins with "https://" and a lock icon is displayed.

6. Your Rights as a Data Subject

You have the right at any time to:

  • Information in accordance with Art. 15 GDPR: You can request information about your personal data processed by us.
  • Rectification in accordance with Art. 16 GDPR: You can request the correction of inaccurate or the completion of your personal data stored by us.
  • Erasure in accordance with Art. 17 GDPR ("right to be forgotten"): You can request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
  • Restriction of processing in accordance with Art. 18 GDPR: You can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose the erasure, if we no longer need the data but you need it for the establishment, exercise or defense of legal claims, or if you have objected to processing pursuant to Art. 21 GDPR.
  • Object to processing in accordance with Art. 21 GDPR: You can object at any time to the processing of your personal data which is based on Art. 6 Para. 1 lit. f GDPR (legitimate interest).
  • Data portability in accordance with Art. 20 GDPR: You can request that we provide you with your personal data that you have provided to us in a structured, commonly used and machine-readable format, or that we transfer the data to another controller.

If you have given consent to data processing, you can revoke it at any time with effect for the future.

Right to complaint: You have the right to complain to a data protection supervisory authority. The competent authority is usually the supervisory authority of the federal state in which you live or in which the controller is based. For Bavaria, this is: Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18 91522 Ansbach Phone: +49 (0) 981 180093-0 Email: [email protected] Web: https://www.lda.bayern.de

How to exercise your rights: To exercise your rights, you can contact us via the contact form, by email at [email protected]. Please note that we may request suitable proof of identity to protect your data.

7. Changes to this Privacy Policy

I reserve the right to adapt this privacy policy in the event of changes to the website, the technologies used, or legal requirements. The current version on this page applies.