Privacy Policy (GDPR)

1. Controller

Ramazan Kara, Bünte 38, 21029 Hamburg, Germany – Email: contact@fluentorbit.de

2. Overview of processing

We only process the minimum personal data required to deliver a secure, bilingual informational website.

3. Categories of data

  • Server access logs (IP address, date/time, URL, user agent, referrer)
  • Contact form submissions (name, company, email, message)
  • Language preference (localStorage)

4. Purposes & legal bases

  • Secure provision of website and defense of misuse (Art. 6(1)(f) GDPR)
  • Handling inquiries sent via contact form or email (Art. 6(1)(b) or (f) GDPR depending on context)
  • Providing remembered language setting (legitimate interest – Art. 6(1)(f) GDPR)

5. Storage duration

Server logs are automatically deleted after a short technical retention (e.g. 30 days). Contact submissions / emails are kept as long as required for correspondence and legal retention obligations.

6. Recipients

Hosting provider (in the EU) processes server log data under a data processing agreement. No analytics or advertising partners are used. Email transmission uses your configured SMTP provider. If CAPTCHA is enabled, minimal challenge metadata is processed by Cloudflare Turnstile (IP, user agent) for abuse prevention.

7. International transfers

No regular third-country transfers occur. Fonts and media are self-hosted.

8. Abuse prevention (rate limiting & CAPTCHA)

We apply server-side rate limiting (temporary counting of requests per IP) to prevent abuse (legitimate interest Art. 6(1)(f) GDPR). Optional Cloudflare Turnstile CAPTCHA verifies genuine usage; only minimal technical data is transmitted for this purpose.

9. Rights of data subjects

You may lodge a complaint with your local supervisory authority. In Hamburg: https://datenschutz-hamburg.de

  • Access, rectification, erasure (Art. 15–17 GDPR)
  • Restriction & portability (Art. 18, 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Complaint to supervisory authority

10. Cookies / local storage

No tracking or marketing cookies are set. Only an essential localStorage key stores the language preference.

11. Security

Server hardening, TLS encryption and least-privilege hosting are applied to reduce risk of unauthorized access.

12. Automated decision-making

No automated decision-making or profiling takes place.

13. Updates

We may update this policy to reflect changes in law or infrastructure.