Privacy Policy

1. Introduction & Overview

1.1 Scope and Purpose

This Privacy Policy describes how Mohammad Hossein Tavangar (“we,” “us,” or “our”) collects, uses, stores, and protects information obtained from users (“you” or “user”) of tavangarx.com (“the Website”). This policy applies to all services, features, and functionalities offered through our Website, including but not limited to:

  • Professional portfolio and information
  • Blog content
  • Contact forms
  • Online booking system
  • File upload functionality
  • Newsletter subscriptions
  • Analytics and performance monitoring

1.2 Data Controller Information

Mohammad Hossein Tavangar
Rothenburger Straße 145, 90439 Nuremberg, Germany
[email protected]
is the data controller responsible for the processing of personal data under this policy.

1.3 Applicable Laws

This Privacy Policy complies with and is governed by:

  • General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (BDSG)
  • German Telemedia Act (TMG)
  • California Consumer Privacy Act (CCPA)
  • California Privacy Rights Act (CPRA)
  • Other applicable state and international privacy laws

2. Data Collection & Processing

2.1 Categories of Personal Data

We collect and process the following categories of personal data:

a) Information You Provide Directly:

  • Contact information (name, email, phone number)
  • Professional information (company, role, industry)
  • Booking details
  • File uploads
  • Newsletter subscription preferences
  • Communication content
  • Inquiry details

b) Automatically Collected Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Access times and dates
  • Pages visited
  • Referral sources
  • Network location
  • Connection information

c) Technical Data Through Service Providers:

  • Cloudflare analytics and security metrics
  • Google Analytics data
  • Server logs
  • Performance metrics
  • Security-related data

We process personal data based on the following legal grounds:

  • Newsletter subscriptions
  • Cookie usage (non-essential)
  • Marketing communications
  • Optional analytics

b) Contract Performance (Art. 6(1)(b) GDPR):

  • Booking management
  • Service delivery
  • Communication handling
  • File processing
  • Tax requirements
  • Business records
  • Legal compliance
  • Security measures

d) Legitimate Interests (Art. 6(1)(f) GDPR):

  • Website security
  • Service improvement
  • Performance optimization
  • Fraud prevention
  • Analytics

2.3 Data Collection Methods

a) Direct Collection:

  • Contact forms
  • Booking forms
  • File uploads
  • Newsletter subscription
  • Direct communications

b) Automatic Collection:

  • Cookies
  • Server logs
  • Analytics tools
  • Security monitoring

2.4 Purpose of Data Processing

a) Core Purposes:

  • Website functionality
  • Service provision
  • Communication
  • Security maintenance
  • Performance optimization

b) Additional Purposes:

  • Service improvement
  • Analytics
  • User experience enhancement
  • Security monitoring
  • Legal compliance

3. Technical Implementation & Data Processing

3.1 Hosting and Infrastructure

Our website is hosted by Herznet GmbH in Germany. Server logs contain:

  • IP addresses
  • Access times
  • Requested URLs
  • HTTP status codes
  • Browser information
  • Operating system data
    Retention period: 7 days for security logs, 30 days for performance metrics

3.2 Cloudflare Services

We use Cloudflare for:

  • DNS management
  • DDoS protection
  • CDN services
  • SSL/TLS encryption
  • Performance optimization

Cloudflare processes:

3.3 Analytics Implementation

a) Google Analytics:

  • Privacy-enhanced mode enabled
  • IP anonymization active
  • Data retention limited to 14 months
  • No user ID tracking
  • No cross-site tracking
  • Cookie lifetime: 24 hours (session), 24 months (_ga)

b) Server-Side Analytics:

  • Aggregated traffic metrics
  • Performance monitoring
  • Error logging
  • Security event tracking

3.4 Forms and User Input

a) Contact Forms:

Data collected:

  • Name
  • Email
  • Message content
  • Timestamp
    Retention: 24 months or until request fulfillment

b) Booking System:

Data collected:

  • Name
  • Email
  • Company
  • Booking preferences
  • Time zone
    Retention: Duration of business relationship plus 24 months

c) File Upload System:

  • Maximum file size: 10MB
  • Allowed formats: PDF, DOC, DOCX, JPG, PNG
  • Virus scanning enabled
  • Automated file deletion after 30 days
  • Encryption in transit and at rest

3.5 Newsletter and Communications

a) Technical Implementation:

  • Encryption for stored addresses
  • Separate consent tracking
  • Unsubscribe mechanism in every email

b) Data Processing:

  • Email address
  • Subscription timestamp
  • IP address of subscription
  • Consent records
    Retention: Until unsubscribe request

4. User Rights & Control Mechanisms

4.1 GDPR Rights

You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
    Response time: Within 30 days

4.2 CCPA/CPRA Rights

California residents have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Decline the sale of personal information
  • Access personal information
  • Request data deletion
  • Equal service and price

4.3 Implementation of Rights

To exercise your rights:
Email: [email protected]

Response process:

  1. Identity verification
  2. Request review
  3. Action implementation
  4. Confirmation
  5. Documentation
  • Essential cookies: Always active
  • Analytics cookies: Opt-in
  • Preference cookies: Opt-in
  • Marketing cookies: Not used
    Cookie banner with granular controls provided

5. Data Security & Protection

5.1 Technical Measures

  • SSL/TLS encryption
  • Firewalls
  • Intrusion detection
  • Regular security updates
  • Access logging
  • Automated threat detection
  • Regular backups
  • Server hardening

5.2 Organizational Measures

  • Access control system
  • Regular security training
  • Data processing guidelines
  • Incident response plan
  • Regular security audits
  • Vendor assessment
  • Documentation maintenance

5.3 Data Storage

  • Primary storage: EU servers
  • Backup storage: EU region
  • Encryption at rest
  • Regular integrity checks
  • Access monitoring

6. International Data Transfers

6.1 Data Transfer Mechanisms

  • EU Standard Contractual Clauses
  • Adequacy decisions
  • Privacy Shield (where applicable)
  • Vendor assessment

6.2 Transfer Safeguards

  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Security measures
  • Transparency

7. Data Retention

7.1 Retention Periods

  • Contact form data: 24 months
  • Account data: Duration of relationship + 24 months
  • Security logs: 7 days
  • Analytics data: 14 months
  • Newsletter data: Until unsubscribe
  • Business records: 10 years (legal requirement)

7.2 Deletion Procedures

  • Automated deletion
  • Manual review process
  • Secure erasure
  • Deletion confirmation
  • Documentation

8. Special Provisions

8.1 Professional Services

  • Client confidentiality
  • Professional discretion
  • Industry standards
  • Ethical guidelines

8.2 Business Relationships

  • Portfolio companies
  • Investment activities
  • Advisory services
  • Speaking engagements

9. Updates & Changes

9.1 Policy Updates

  • Regular review schedule
  • Change notification
  • Version tracking
  • Archive maintenance

9.2 Contact Information

For privacy-related inquiries:
[email protected]

10. Additional Information

10.1 Regulatory Authorities

You have the right to lodge a complaint with a supervisory authority:

Germany:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

California:
California Attorney General’s Office

10.2 Children’s Privacy

This website is not intended for children under 16. We do not knowingly collect data from children.

Scroll to Top