Privacy Policy

1. Data controller

The controller for the processing of personal data on this website is:

Möbel Montage Dienst
Owner: Justyna Pelczarska
Rekumer Str. 160, 28777 Bremen, Germany
Phone: +49 1575 7958211
Email: moebelmitmontageunddienst@gmail.com

Inquiries from the contact form are routed to the appropriate mailbox based on the language you used: German, English and Turkish inquiries reach moebelmitmontageunddienst@gmail.com, Polish inquiries reach our additional Polish-language address justynapelczarskaa@gmail.com. In both cases the controller within the meaning of the GDPR is solely Möbel Montage Dienst, Bremen. For any data-protection request under Articles 12–22 GDPR you may contact us at either address.

2. General information

We process personal data of our users only to the extent necessary to provide a functional website and our services. Processing usually takes place only with the user's consent or where another legal basis under the GDPR applies as described below. Exceptionally we may process data without prior consent if obtaining consent is not factually possible and the law permits processing.

3. Hosting (Cloudflare)

This website is delivered via Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). When you visit the site, technical data (IP address, date, time, requested file, user agent, referrer) is processed to ensure operation and security. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure and efficient delivery of the website). Cloudflare is certified under the EU-US Data Privacy Framework; the transfer to the USA is additionally based on Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR. Details: cloudflare.com/privacypolicy.

4. Server log files

With each request to this website, Cloudflare as our processor records standard log data (IP address, date and time, requested URL, HTTP status code, amount of data transferred, browser, operating system, referrer URL). We have no direct access to these logs; they are subject to Cloudflare's retention policy (typically a few days, up to six months for aggregated data). On our side, this data is not combined with other sources.

5. Cookies and local storage

We do not use tracking cookies and we do not run any analytics services. Only the following values are stored in your browser's localStorage:

• preferred-language: the language you selected (de/en/pl/tr). Legal basis: Art. 6 (1) (f) GDPR / § 25 (2) No. 2 TDDDG, strictly necessary as a direct consequence of your active language choice.
• cookie-consent: your choice from the privacy banner (accepted / declined). Legal basis: § 25 (1) TDDDG together with Art. 6 (1) (a) GDPR (consent) and Art. 7 (1) GDPR (proof of consent).
• maps-consent: your decision regarding the embedded Google map (granted / denied). Legal basis: § 25 (1) TDDDG together with Art. 6 (1) (a) GDPR (consent).

This data does not leave your device and is not visible to us. You can clear it at any time via your browser settings or reset your choices using the "Manage consents" button in the footer.

6. Contact form and email delivery (Resend)

If you contact us via the form, we process the following data: name, email address, optional phone number and city, type of inquiry (quote, on-site measurement, consultation or other) and your message. The form additionally submits a technical timestamp and a hidden honeypot field for spam protection; these values do not contain personal information beyond what is listed above.

To prevent abuse and spam, the server function additionally processes your IP address (read from the CF-Connecting-IP header) in order to apply a per-IP submission limit within a ten-minute window. The IP address is held only in the memory of the worker instance and is not stored persistently. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in protection against spam and automated submissions).

We use the service Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA) to deliver the inquiry to our mailbox. A data processing agreement with Resend pursuant to Art. 28 GDPR is in place. Data is processed in the USA; the transfer is based on Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR. A certification of Resend under the EU-US Data Privacy Framework is currently not in place. Details: resend.com/legal/privacy-policy.

Legal basis for processing the data you enter is Art. 6 (1) (b) GDPR (pre-contractual measures). The mail provider's logs are deleted in line with its privacy policy after a short period (currently up to 30 days). Copies of your inquiry in our mailbox are deleted no later than 24 months after the last contact, longer only where required by law (e.g. retention periods of 6 or 10 years under §§ 147 AO, 257 HGB if a contract is concluded).

7. Google Maps

On our contact page we embed maps from Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The map only loads after your explicit consent. Once loaded, data is transferred to Google in the USA, in particular your IP address, user-agent, referrer and, if you are signed into your Google account, your account identifier. Google may combine this data with other account data for its own purposes (statistics, personalisation).

Legal basis: Art. 6 (1) (a) GDPR (consent). The transfer to the USA is based on the EU-US Data Privacy Framework supplemented by Standard Contractual Clauses (Art. 46 (2) (c) GDPR). You can revoke your consent at any time with effect for the future by clicking "Manage consents" in the footer or by deleting the maps-consent entry in your browser's local storage. Details: policies.google.com/privacy.

8. Links to social networks

The website contains links to our profiles on Facebook and WhatsApp. These are plain hyperlinks; we do not embed any plugins or tracking pixels from these providers. Data is only transmitted to these services once you actively click the link, at which point the privacy policies of the respective provider apply.

9. Encryption

For security reasons and to protect the transmission of confidential content, this website uses TLS/SSL encryption. You can recognise an encrypted connection by the https:// prefix in your browser's address bar.

10. Your rights

In short: you may at any time ask which data we hold about you, request its correction or deletion, or object to processing. An informal email to the address above is sufficient; we generally respond within 30 days.

The full list of your rights:

• access information about your stored personal data (Art. 15 GDPR),
• have inaccurate data corrected (Art. 16 GDPR),
• have your data erased ("right to be forgotten", Art. 17 GDPR),
• restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• object to processing (Art. 21 GDPR),
• withdraw given consent with effect for the future (Art. 7 (3) GDPR).

11. Right to lodge a complaint

Pursuant to Art. 77 GDPR you may lodge a complaint with a data-protection supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. As we are based in Bremen, the competent authority is the State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen
Arndtstraße 1, 27570 Bremerhaven, Germany
datenschutz.bremen.de

12. Automated decisions, profiling, minors

We do not use automated decision-making within the meaning of Art. 22 GDPR and we do not perform profiling.

Our offer is not directed at persons under the age of 16. We do not knowingly collect data from minors without the consent of their legal guardians.

13. Updates to this policy

This privacy policy is currently valid. As our website evolves or legal requirements change, it may be necessary to adjust this policy. The current version is always available on this page.