Privacy Policy

We take data protection seriously. This website is operated from Germany. We apply the General Data Protection Regulation (GDPR) and the applicable German data protection laws as our baseline standard. Depending on your location and the services used on this website, additional national data protection laws within the European Union and its member states may apply. If Turkish data protection law becomes applicable, we will comply with the relevant requirements of the Turkish Personal Data Protection Law, Law No. 6698 (KVKK), where required.

1. Controller

David Astor
Westenhellweg 5
44137 Dortmund
Germany

Email: contact@david-astor.com

2. Server log files and website provision

When you visit this website, the hosting provider processes technically necessary access data in server log files. This data typically includes your IP address, date and time of access, requested page or file, amount of data transferred, HTTP status code, referrer URL, browser type and version, and operating system information.

The purpose of this processing is to provide the website, maintain IT security, troubleshoot errors, and prevent misuse.

The legal basis is Article 6(1)(f) GDPR based on our legitimate interests in secure and reliable website operation.

Recipients may include the hosting provider and technical service providers used to operate the website.

Log data is stored only for as long as necessary for the purposes stated. Storage may be extended where required to investigate or defend against security incidents.

3. Hosting and website infrastructure, including Webflow

This website is hosted and operated using Webflow. In this context, personal data may be processed by Webflow and its subprocessors to provide hosting, content delivery, website functionality, form handling, and related technical services.

Where Webflow processes personal data on our behalf, processing is based on a data processing arrangement and the applicable legal safeguards for international data transfers, where required by law.

The legal basis for the use of Webflow for website provision and operation is Article 6(1)(f) GDPR based on our legitimate interests in operating a secure and functional website. Where specific processing activities require consent, the legal basis is Article 6(1)(a) GDPR.

4. Technical and organisational measures

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

5. Contact by email

If you contact us by email, we process the personal data you provide to handle and respond to your request.

The legal basis is Article 6(1)(b) GDPR where your request relates to pre-contractual steps or a contract, otherwise Article 6(1)(f) GDPR based on our legitimate interests in communication and administration.

Email communication is stored only for as long as necessary to process your request and is then deleted, unless statutory retention obligations require longer storage.

6. Contact forms and Webflow Forms

If you submit a message through a contact form on this website, we process the data you enter in the form, for example your name, email address, company details if provided, subject, message content, and any other information you submit, in order to receive, process, and respond to your request.

Form submissions on this website may be processed through Webflow Forms and related website infrastructure. In this context, technical metadata may also be processed, for example IP address, timestamp, user agent, and website-related submission data, to enable secure and reliable form delivery, operation, and abuse prevention.

The legal basis is Article 6(1)(b) GDPR where your request relates to pre-contractual steps or a contract, otherwise Article 6(1)(f) GDPR based on our legitimate interests in communication, request handling, website operation, and misuse prevention. If a specific form is used for a purpose requiring consent, the legal basis is Article 6(1)(a) GDPR.

We store form submissions only for as long as necessary to process your request and any related follow-up communication, unless statutory retention obligations require longer storage.

Please do not submit sensitive personal data through the contact form unless this is necessary and appropriately protected.

7. Cookies and similar technologies

This website may use technically necessary cookies or similar technologies where required for basic functionality, secure operation, and essential website features.

If non-essential services are used, for example analytics tools, marketing technologies, or certain third-party content integrations, these may store or access information on your device and may process personal data, including your IP address and technical usage data.

Where legally required, non-essential services are activated only after your prior consent.

You can withdraw or change your consent at any time with effect for the future via the consent settings or the mechanism provided on the website.

8. Embedded third-party content

Individual pages of this website may include embedded third-party content or integrations, for example videos, maps, audio players, social media content, scheduling tools, document viewers, or other externally hosted content.

When such content is loaded, the relevant third-party provider may process personal data, including your IP address, browser and device information, referrer data, and usage data. The provider may also set cookies or use similar technologies.

If the embedded content is not technically necessary, it will only be activated after your prior consent where legally required. If you do not give consent, the content may not be displayed or may only be displayed in a blocked placeholder mode.

The legal basis is Article 6(1)(a) GDPR where consent is required. Where embedded content is technically necessary in an individual case, the legal basis is Article 6(1)(f) GDPR based on our legitimate interests in providing the requested website functionality.

Further details on the specific embedded providers used on this website will be added to this Privacy Policy as applicable.

9. Recipients and categories of recipients

Personal data processed in connection with this website may be disclosed to the following categories of recipients where necessary:

hosting and website infrastructure providers, including Webflow
technical service providers and subprocessors used for website operation
communication service providers
embedded content providers used on individual pages
public authorities or courts, where disclosure is required by law

We do not sell personal data.

10. International data transfers

Personal data may be transferred to countries outside the European Union or the European Economic Area where this is necessary for hosting, website infrastructure, form processing, embedded third-party content, or other services used on this website.

Where an international transfer is necessary, it is carried out only on the basis of the applicable legal safeguards under data protection law, for example an adequacy decision, standard contractual clauses, or another lawful transfer mechanism, as applicable.

11. Retention periods

We process and store personal data only for as long as necessary for the relevant processing purpose.

If statutory retention obligations apply, storage will be limited to the period required by law.

After the purpose no longer applies and any applicable retention periods expire, the data will be deleted or anonymised in accordance with legal requirements.

12. Data subject rights

Under the GDPR, and subject to the applicable legal requirements, you have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability, and to object to processing based on Article 6(1)(f) GDPR.

Where processing is based on consent, you also have the right to withdraw your consent at any time with effect for the future.

To exercise your rights, please contact us at contact@david-astor.com.

13. Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority for the controller’s location is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2 to 4, 40213 Düsseldorf, Germany.

14. Automated decision-making

There is no automated decision-making, including profiling, within the meaning of Article 22 GDPR in connection with the operation of this website.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

The current version published on this website applies.

Last updated: 21 February 2026