PRIVACY POLICY

1. Data Controller

Esven Gülsen & Sakizli Furkan Red Tincture GbR

Leopoldstr 31, 80802 München, Germany

Email: furkan.sakizli@redtincture.de

Phone: +49 1590 194 386

Authorized Representatives: Partners Furkan Sakizli, Gülsen Esven

2. Overview of Data Processing

Types of Data Processed

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., text entries, photographs, videos)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)
  • Log data (e.g., log files concerning logins or data retrieval)

Categories of Data Subjects

  • Visitors and users of our online services
  • Communication partners
  • Business and contract partners
  • Customers and interested parties

Purposes of Processing

  • Provision of our online offer and user-friendliness
  • Security measures
  • Communication and contact management
  • Office and organizational procedures
  • Feedback and marketing (with consent)

3. Legal Bases

We process personal data in accordance with the following legal bases under GDPR:

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract Performance (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or for pre-contractual measures.
  • Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

4. Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

Measures include in particular securing confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, disclosure, ensuring availability, and separation.

TLS/SSL Encryption (HTTPS): We use TLS/SSL encryption technology to protect data transmitted via our online services from unauthorized access.

IP Address Shortening: Where IP addresses are processed by us or service providers and technologies used, and processing of a complete IP address is not necessary, the IP address is shortened (IP masking).

5. Data Storage and Deletion

We delete personal data we process in accordance with legal provisions as soon as underlying consents are revoked or no further legal bases for processing exist. This applies to cases where the original processing purpose ceases or data is no longer needed.

General retention periods under German law:

  • 10 years – Books and records, annual financial statements, inventories, management reports
  • 8 years – Booking documents such as invoices and cost vouchers
  • 6 years – Other business documents, received commercial or business letters
  • 3 years – Data required for potential warranty and damage claims (statute of limitations)

6. Rights of Data Subjects

As a data subject under GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR) – You have the right to request confirmation of whether personal data concerning you is being processed and to receive information about such data.
  • Right to Rectification (Art. 16 GDPR) – You have the right to request completion or correction of inaccurate personal data concerning you.
  • Right to Erasure (Art. 17 GDPR) – You have the right to request that personal data concerning you be deleted immediately.
  • Right to Restriction (Art. 18 GDPR) – You have the right to request restriction of processing of your data.
  • Right to Data Portability (Art. 20 GDPR) – You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format.
  • Right to Object (Art. 21 GDPR) – You have the right to object at any time to processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR.
  • Right to Withdraw Consent – You have the right to withdraw consent at any time.
  • Right to Lodge a Complaint (Art. 77 GDPR) – You have the right to lodge a complaint with a supervisory authority.

7. Provision of Online Offer and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver content and functions of our online services to the user's browser or device.

Collection of Access Data and Log Files: Access to our online offer is logged in the form of "server log files." Server log files may include the address and name of retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, user's operating system, referrer URL, and generally IP addresses and the requesting provider.

Hosting: Our website is hosted on Vercel. The hosting services serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services.

8. Use of Cookies

We use cookies in accordance with legal requirements. We obtain prior consent from users where required. Where consent is not necessary, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions.

Types of Cookies:

  • Temporary Cookies (Session Cookies): Deleted at the latest after the user leaves the online offer and closes their device.
  • Permanent Cookies: Remain stored even after the device is closed. Storage duration may be up to two years.

Users can revoke given consents at any time and object to processing in accordance with legal requirements, including through privacy settings of their browser.

9. Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and within existing user and business relationships, information of inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

10. AI Chat Assistant (Large Language Model)

Our website offers a chat function whose answers are generated by a large language model (LLM) — an artificial intelligence system. In accordance with the transparency obligations of Art. 50 of the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), we inform you that when using this chat you are interacting with an AI system, not with a human. This is also indicated directly at the chat input field.

Scope of Processing

When you send a message, its text content is transmitted via our server to an external AI provider (processor) solely to generate a reply. Requests are proxied through our server — your IP address and device identifiers are not shared with the AI providers. We do not store chat content on our servers, do not create user profiles from it, and do not use it to train AI models.

Providers and Models Used

  • Groq, Inc. (USA) — inference of open-weight models (e.g. Meta Llama 3.3 70B). Per its terms, Groq does not use customer inputs to train models. Terms: groq.com/terms-of-use · Privacy: groq.com/privacy-policy
  • Mistral AI SAS (Paris, France — EU) — e.g. Mistral Small. Terms: mistral.ai/terms · Privacy: mistral.ai/privacy-policy
  • Google (Gemini API, e.g. Gemini Flash) — used for users outside the EU/EEA/UK. Terms: ai.google.dev/gemini-api/terms · Privacy: policies.google.com/privacy

Where data is transferred to providers in the USA, the transfer is safeguarded under Art. 46 GDPR by the EU-U.S. Data Privacy Framework and/or standard contractual clauses. Providers may retain requests for a short period for abuse prevention in accordance with their policies; details can be found in the linked provider documents.

Legal Basis and Retention

Processing is based on Art. 6(1)(b) GDPR (provision of the chat function you request) and Art. 6(1)(f) GDPR (legitimate interest in operating an efficient, secure AI assistant). Chat content is processed transiently and is not retained by us after the reply is delivered.

Important Notes

  • AI-generated answers may be incorrect or incomplete ("hallucinations") and do not constitute professional advice.
  • Please do not enter personal data, confidential information, or special categories of data (Art. 9 GDPR) into the chat.
  • The chat does not make automated decisions with legal or similarly significant effect (Art. 22 GDPR).

11. Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in data processing we carry out make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notification.

Last updated: July 2026