CHIFU

Privacy Policy

Status: October 22, 2025

1. General Information

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (especially the GDPR) and this privacy policy.

2. Data Controller

The responsible party (data controller) for data processing on this website is:

Yusuf Albayrak
CHIFU (Einzelunternehmen / Sole Proprietorship)
Kammelweg 6
86381 Krumbach
Germany
Email: kontakt@chifu.studio

3. Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

4. Your Rights as a Data Subject

Within the framework of the applicable legal provisions (GDPR), you have the right to free information about your stored personal data, its origin and recipients, and the purpose of the data processing. You also have a right to rectification, restriction of processing, or erasure of this data. Furthermore, you have the right to data portability. You can revoke any consent you have given at any time. You also have the right to lodge a complaint with a supervisory authority.

5. Data Collection on This Website

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This can include, but is not limited to, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access, and other data generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR).

We have concluded a Data Processing Agreement (DPA) with our host. This is a contract required by data protection law, which ensures that the host only processes the data of our website visitors in accordance with our instructions and in compliance with the GDPR.

We use the following host:
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown, Dublin 18
Ireland
(Hosting via Microsoft Azure)
The server location is Germany (Region: Germany West Central).

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies

Our website uses "cookies". Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. We only use technically necessary cookies. The storage of these necessary cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.

Server Log Files

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us. These are: browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request, and IP address. This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this, the server log files must be collected.

Contact Form & Offer Form

If you send us inquiries via a form, your details from the form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) (b) GDPR, if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR).

Processing of Customer and Contract Data

We collect, process, and use personal data only to the extent necessary for the establishment, content, or modification of the legal relationship (inventory data). When you place an order on our website, we collect the data necessary to fulfill your order, including your name, email address, and shipping and billing addresses. This data is processed on the legal basis of fulfilling our contract with you (Art. 6 (1) (b) GDPR).

Data Transmission for Payment Processing (Stripe)

For payment processing, we use the payment service provider Stripe (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA). Your payment data is transmitted to Stripe for the purpose of processing the payment on the basis of Art. 6 (1) (b) GDPR (processing for the performance of a contract). For more information on how Stripe handles your data, please see Stripe's privacy policy: https://stripe.com/privacy.

Google Fonts

This site uses Google Fonts for a uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, your browser must connect to Google's servers, which informs Google that our website was accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.