Legal
Privacy Policy
How this website handles your personal data, under the EU General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for data processing on this website is:
Nurten Karya Aktas
Westendstraße 57, 80339 Munich, Germany
Email: hello@karyaaktas.com
2. Hosting & server log data
This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When you visit the site, your browser automatically transmits technical data that the hosting provider stores in server log files — including your IP address, the date and time of the request, the page requested, the referring page, and your browser and operating system. This data is processed to deliver the website reliably and securely. The legal basis is our legitimate interest in a stable, secure website (Art. 6 (1)(f) GDPR). A data processing agreement is in place with the hosting provider; where data is processed outside the EU, it is safeguarded by Standard Contractual Clauses and/or the EU–U.S. Data Privacy Framework.
3. Cookies
This website does not use any tracking, analytics or marketing cookies. The only cookie that may be set is a strictly necessary session cookie used for the site operator's own login to the private admin area — it is not set for ordinary visitors. Because no non-essential cookies are used, no cookie consent banner is required.
4. Fonts
All fonts are hosted directly on our own server. No connection is made to third-party font providers (such as Google Fonts), so no data about your visit is shared with them.
5. Contact form & email
If you use the contact form, the details you enter (your name, email address, project type and message) are processed so we can respond to your enquiry. These submissions are stored in a database operated by our processor Supabase, Inc. (USA), in the hosting region selected for the project. If email notifications are enabled, a copy may also be delivered by our email provider. The legal basis is the handling of your request and steps prior to a possible contract (Art. 6 (1)(b) GDPR) and our legitimate interest in responding to enquiries (Art. 6 (1)(f) GDPR). If you contact us by email directly, your message and the details it contains are processed for the same purpose.
We keep enquiry data only for as long as needed to handle your request and any resulting correspondence, after which it is deleted — unless statutory retention periods require otherwise.
6. Recipients & processors
We use the following service providers, who process data only on our instructions under data processing agreements: Vercel (website hosting), Supabase (database for contact submissions), and, where enabled, an email delivery provider for notifications. Where these providers process data outside the EU, appropriate safeguards (Standard Contractual Clauses and/or the EU–U.S. Data Privacy Framework) are in place. We do not sell your data or share it for advertising.
7. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased (Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing based on legitimate interests (Art. 21); and
- withdraw any consent at any time, with future effect (Art. 7 (3)).
To exercise any of these, just email us at hello@karyaaktas.com. You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Ansbach.
8. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
9. Data security
This site is served over an encrypted HTTPS/TLS connection to protect data in transit.
10. Changes to this policy
We may update this policy as the website or legal requirements change. The current version always applies.
Last updated: June 2026