1. Introduction & Overview
1.1 Scope and Purpose
This Privacy Policy describes how Mohammad Hossein Tavangar (“we,” “us,” or “our”) collects, uses, stores, and protects information obtained from users (“you” or “user”) of tavangarx.com (“the Website”). This policy applies to all services, features, and functionalities offered through our Website, including but not limited to:
- Professional portfolio and information
- Blog content
- Contact forms
- Online booking system
- File upload functionality
- Newsletter subscriptions
- Analytics and performance monitoring
1.2 Data Controller Information
Mohammad Hossein Tavangar
Rothenburger Straße 145, 90439 Nuremberg, Germany
[email protected]
is the data controller responsible for the processing of personal data under this policy.
1.3 Applicable Laws
This Privacy Policy complies with and is governed by:
- General Data Protection Regulation (GDPR)
- German Federal Data Protection Act (BDSG)
- German Telemedia Act (TMG)
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Other applicable state and international privacy laws
2. Data Collection & Processing
2.1 Categories of Personal Data
We collect and process the following categories of personal data:
a) Information You Provide Directly:
- Contact information (name, email, phone number)
- Professional information (company, role, industry)
- Booking details
- File uploads
- Newsletter subscription preferences
- Communication content
- Inquiry details
b) Automatically Collected Information:
- IP address
- Browser type and version
- Operating system
- Device information
- Access times and dates
- Pages visited
- Referral sources
- Network location
- Connection information
c) Technical Data Through Service Providers:
- Cloudflare analytics and security metrics
- Google Analytics data
- Server logs
- Performance metrics
- Security-related data
2.2 Legal Basis for Processing
We process personal data based on the following legal grounds:
a) Consent (Art. 6(1)(a) GDPR):
- Newsletter subscriptions
- Cookie usage (non-essential)
- Marketing communications
- Optional analytics
b) Contract Performance (Art. 6(1)(b) GDPR):
- Booking management
- Service delivery
- Communication handling
- File processing
c) Legal Obligations (Art. 6(1)(c) GDPR):
- Tax requirements
- Business records
- Legal compliance
- Security measures
d) Legitimate Interests (Art. 6(1)(f) GDPR):
- Website security
- Service improvement
- Performance optimization
- Fraud prevention
- Analytics
2.3 Data Collection Methods
a) Direct Collection:
- Contact forms
- Booking forms
- File uploads
- Newsletter subscription
- Direct communications
b) Automatic Collection:
- Cookies
- Server logs
- Analytics tools
- Security monitoring
2.4 Purpose of Data Processing
a) Core Purposes:
- Website functionality
- Service provision
- Communication
- Security maintenance
- Performance optimization
b) Additional Purposes:
- Service improvement
- Analytics
- User experience enhancement
- Security monitoring
- Legal compliance
3. Technical Implementation & Data Processing
3.1 Hosting and Infrastructure
Our website is hosted by Herznet GmbH in Germany. Server logs contain:
- IP addresses
- Access times
- Requested URLs
- HTTP status codes
- Browser information
- Operating system data
Retention period: 7 days for security logs, 30 days for performance metrics
3.2 Cloudflare Services
We use Cloudflare for:
- DNS management
- DDoS protection
- CDN services
- SSL/TLS encryption
- Performance optimization
Cloudflare processes:
- IP addresses
- Traffic data
- Security metrics
- Browser characteristics
- HTTP request data
Privacy details: https://www.cloudflare.com/privacypolicy/
3.3 Analytics Implementation
a) Google Analytics:
- Privacy-enhanced mode enabled
- IP anonymization active
- Data retention limited to 14 months
- No user ID tracking
- No cross-site tracking
- Cookie lifetime: 24 hours (session), 24 months (_ga)
b) Server-Side Analytics:
- Aggregated traffic metrics
- Performance monitoring
- Error logging
- Security event tracking
3.4 Forms and User Input
a) Contact Forms:
Data collected:
- Name
- Message content
- Timestamp
Retention: 24 months or until request fulfillment
b) Booking System:
Data collected:
- Name
- Company
- Booking preferences
- Time zone
Retention: Duration of business relationship plus 24 months
c) File Upload System:
- Maximum file size: 10MB
- Allowed formats: PDF, DOC, DOCX, JPG, PNG
- Virus scanning enabled
- Automated file deletion after 30 days
- Encryption in transit and at rest
3.5 Newsletter and Communications
a) Technical Implementation:
- Encryption for stored addresses
- Separate consent tracking
- Unsubscribe mechanism in every email
b) Data Processing:
- Email address
- Subscription timestamp
- IP address of subscription
- Consent records
Retention: Until unsubscribe request
4. User Rights & Control Mechanisms
4.1 GDPR Rights
You have the right to:
- Access your data
- Rectify inaccurate data
- Erase your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
Response time: Within 30 days
4.2 CCPA/CPRA Rights
California residents have the right to:
- Know what personal information is collected
- Know if personal information is sold or disclosed
- Decline the sale of personal information
- Access personal information
- Request data deletion
- Equal service and price
4.3 Implementation of Rights
To exercise your rights:
Email: [email protected]
Response process:
- Identity verification
- Request review
- Action implementation
- Confirmation
- Documentation
4.4 Cookie Controls
- Essential cookies: Always active
- Analytics cookies: Opt-in
- Preference cookies: Opt-in
- Marketing cookies: Not used
Cookie banner with granular controls provided
5. Data Security & Protection
5.1 Technical Measures
- SSL/TLS encryption
- Firewalls
- Intrusion detection
- Regular security updates
- Access logging
- Automated threat detection
- Regular backups
- Server hardening
5.2 Organizational Measures
- Access control system
- Regular security training
- Data processing guidelines
- Incident response plan
- Regular security audits
- Vendor assessment
- Documentation maintenance
5.3 Data Storage
- Primary storage: EU servers
- Backup storage: EU region
- Encryption at rest
- Regular integrity checks
- Access monitoring
6. International Data Transfers
6.1 Data Transfer Mechanisms
- EU Standard Contractual Clauses
- Adequacy decisions
- Privacy Shield (where applicable)
- Vendor assessment
6.2 Transfer Safeguards
- Data minimization
- Purpose limitation
- Storage limitation
- Security measures
- Transparency
7. Data Retention
7.1 Retention Periods
- Contact form data: 24 months
- Account data: Duration of relationship + 24 months
- Security logs: 7 days
- Analytics data: 14 months
- Newsletter data: Until unsubscribe
- Business records: 10 years (legal requirement)
7.2 Deletion Procedures
- Automated deletion
- Manual review process
- Secure erasure
- Deletion confirmation
- Documentation
8. Special Provisions
8.1 Professional Services
- Client confidentiality
- Professional discretion
- Industry standards
- Ethical guidelines
8.2 Business Relationships
- Portfolio companies
- Investment activities
- Advisory services
- Speaking engagements
9. Updates & Changes
9.1 Policy Updates
- Regular review schedule
- Change notification
- Version tracking
- Archive maintenance
9.2 Contact Information
For privacy-related inquiries:
[email protected]
10. Additional Information
10.1 Regulatory Authorities
You have the right to lodge a complaint with a supervisory authority:
Germany:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
California:
California Attorney General’s Office
10.2 Children’s Privacy
This website is not intended for children under 16. We do not knowingly collect data from children.