© 2020 Sur YapıAll rights reserved

Data Privacy

Data Privacy Statement 


The following data privacy statement aims to describe the types of personal data processed as well as the intended purpose and scope of processing of such personal data (hereinafter referred to as "Data"). This Data Privacy Statement is applicable to all personal data processed by us both within the context of provision of our services and particularly on external online platforms such as our website, mobile apps, and social media accounts (hereinafter referred to as "Online offer"). 

The terms used herein this Statement are not specific to a particular gender. 

Data Controller 

Gen GmbH 

Anna-Schneider-Steig 3,  

50678 Cologne,  


E-mail: Website: 

Scope of Processing of Personal Data 

In principle, we process personal data of our users limited to the purpose of creating a functional website and providing our contents and services as required. We process personal data of our users periodically and based solely on the prior explicit consent of our users. In such cases where prior explicit consent of the data subject is not readily obtained due to any factual reasons and provided that processing of personal data is nevertheless permitted by applicable legislation, an exception shall be applicable thereof. 

Legal Basis for Processing of Personal Data 

General Data Protection Regulation (EU GDPR), Article 6, paragraph 1, sub-paragraph F provides a legal basis for provisional storage and documentation of data. Please note that national regulations of your country of residence and/or national data protection regulations of your country of residence may also be applicable in addition to the provisions of GDPR. 


Transfer and disclosure of personal data 

Personal data subject to processing as per applicable regulations may be transferred or disclosed to other institutions, companies, legally independent natural or legal entities. The recipients of such data may include, for instance, institutions to which payments are made in relation to relevant payment transactions, IT service providers, or providers of services and contents that can be integrated to a website. In such cases, we fulfill our legal obligations and enter into contracts and agreements with the recipients of your data on the protection of your personal data. 

Use of Cookies 

Cookies are text files containing data relating to the websites or domain names visited by the user and stored in the computer of the user through a web browser. Cookies are primarily used during an online offer or after a visit in order to store information about the user. The information stored may contain language settings on a website, login status, shopping cart, or location of a video viewed by the user. The term "Cookies" also includes other technologies sharing similar functions with such cookies (e.g. storage of user information using online IDs also known as "user name", etc.) 

Types and functions of cookies are described below: 

Temporary cookies (Session cookies): Temporary cookies expire as soon as the user leaves the online offer and exits the web browser. Persistent cookies: Persistent cookies remain in your hard disk even after exiting the web browser. For instance, login details may be saved or the user may view customized contents when revisiting the website. In addition, user information as used to determine user access for marketing purposes may also be stored in such type of cookies. 
First-party cookies: First-party cookies are created by us. 
Third-party cookies: Third-party cookies are primarily created by advertisers (third parties) to process user information. 
Essential (Absolutely Required) Cookies: Essential cookies are absolutely required for navigating through the website and use the features as offered by the website (e.g. login for security reasons or saving other user inputs, etc.) 
Performance, advertisement, and functionality cookies: In addition, cookies are generally used for measurement of access or in cases where user interests and behaviors such as viewing a specific content, using certain functions etc. are saved in the user profile on a website. Such profiles aim to show users potential contents customized to their areas of interest. Defined as "tracking", this process means following the potential interests of the users. When cookies or "tracking" technologies are used, users are informed individually by data privacy statement or based on explicit consent form. 

Information on legal basis: The legal basis for processing of your personal data through cookies is determined based on your explicit consent to be received. In such cases where you give your explicit consent, such explicit consent constitutes the legal basis for processing of your personal data. Otherwise, such data as processed through cookies shall be processed based on our legitimate interests (e.g. business operation and improvement of our online offer) or in case use of cookies is required in order to fulfill our contractual obligations thereof. 

General information on exclusion and right to objection (Opt-Out): Depending on whether data processing is performed based on an explicit consent or legal authorization, you are always entitled to renounce a previously given consent or opt-out from processing of your data through cookies (hereinafter referred to as "Opt-Out"). You can notify your opt-out primarily by using the settings on your web browser, i.e. disabling use of cookies (this may limit the functionality of our online offer). Information on how to opt out from the use of cookies, especially in case of tracking, as used for online marketing purposes is available in various sources such as US website or EU website  or 

Processing of data through cookies based on explicit consent: Prior to processing of your personal data or ensuring processing of such data through the use of cookies, we request for an explicit consent from the users whereas such users may renounce such consent at any time at their own discretion. Prior to consent, the required cookies for the operation of our online offer may be used. Use of such cookies is based on the functionality expectation of us and the user regarding our online offer. 

Types of data processed: Usage data (e.g. visited websites, interest in the content, access duration, etc.), Meta/Communication data (e.g. device information, IP address, etc.). 
Relevant persons: Users (e.g. website visitors and online service users, etc.). 
Legal basis: Explicit Consent (GDPR Article 6, paragraph 1, sub-paragraph A), Legitimate Interests (GDPR Article 6, paragraph 1, sub-paragraph F). 

Business services 

We process the personal data of our contract partners and business associates such as customers and relevant persons (collectively referred to as "contract partner") due to such reasons as responding to the requests within the context of communication with the contract partners under the contract and similar legal relationship, and relevant procedures (or prior to contract). 

We process such data for the purposes of the fulfillment of our contractual obligations, protection of our rights, and performance of administrative roles regarding such data as well as for business purposes. Pursuant to applicable law, we transfer the data of our contract partners to third parties (e.g. relevant communication contractor, other support services such as transportation and subcontractors, banks, tax consultants and legal consultants, payment service providers, or tax authorities, etc.) only for the aforesaid purposes or as required for the fulfillment of our statutory obligations, or in cases where prior explicit consent of the contract partners has been obtained thereof. Contract partners are provided information about other types of data processing such as data processing for marketing purposes within the scope of the data privacy statement. 

We inform the contract partners on which data are required for the aforesaid purposes prior to or during the collection of such data in online forms with special markings (e.g. color codes, etc.) or symbols (asterisk or similar symbols), or provide them with direct information. 

We delete such data after expiration of the statutory guarantee and similar obligations (e.g. after 4 years) unless such data are not subject to statutory archiving obligations requiring such data to be stored for a period of 10 years for tax purposes or unless such data are stored in customer accounts.   We delete data as disclosed to us based on a request from the contract partners upon expiry of such a request in principle and in line with the requirements of such a request thereof. 

In case you use third parties or third-party platforms within the scope of our services, the terms & conditions and privacy statements of such third parties or third-party platforms shall be applicable. 


When you contact us (e.g. through contact form, via e-mail, phone, or using social media platforms, etc.), we process the data of the persons requesting for information in case such processing of data is required for providing a response to contact requests and the processes subject to such a request. 

Response to contact requests within the scope of contractual or pre-contract relationships is provided for the purposes of the fulfillment of our contractual obligations or responding to contractual or pre-contract requests, and providing a response to requests based on our legitimate interests. 

Types of data processed: Inventory data (e.g. names, addresses, etc.), contact data (e.g. e-mail, phone numbers, etc.), content data (e.g. text inputs, photographs/images, videos, etc.). Relevant persons: Communication partners. 
Purposes for processing: Contact requests and communication. 
Legal basis: Performance of the contract and pre-contract requests (GDPR, Article 6, paragraph 1, sub-paragraph B), Legitimate Interests (GDPR, Article 6, paragraph 1, sub-paragraph F). 

Communication through Messenger 

We use Messenger services for communication purposes and therefore, we kindly ask you to review the following information regarding the Messenger functionality, encryption, use of communication meta data, and opt-out. 

You may also contact us through alternative channels such as by phone or via e-mail. Please use the communication channels as provided to you or specified in our online offer. 

In case of end-to-end encryption of the content (the contents of your message and attachments), we inform you about such end-to-end encryption of the contact information (the contents of your message and attachments). This means that the message contents can not be viewed even by Messenger providers. In order to ensure the encryption of the message contents, always use an up-to-date version of the Messenger with an active encryption. 

On the other hand, we kindly inform our communication partners that certain meta data such as the fact that communication partners have contacted us and technical data of the devices used by such communication partners and geolocation data based on the device settings are processed even though Messenger providers are unable to view the contents of the message. 

Information on legal basis: In such cases where we request for an explicit consent from our communication partners prior to contacting through Messenger, such explicit consent is the legal basis for processing of the data of our communication partners. In case we do not request for additional explicit consent and provided that you contact us at your own discretion, we may use Messenger as a measure to initiate the contract in terms of our contract partners and we meet the requirements of our communication partners in a fast and efficient manner through Messenger based on our legitimate interests by virtue of other relevant parties and communication partners. We kindly inform you that we do not transfer to Messenger your contact data without your prior explicit consent. 

Cancellation, opt-out, and deletion: You are entitled to cancel any consent as previously provided and opt out from being contacted through Messenger at any time. In case of contacting through Messenger, we delete such messages in compliance with our general regulations for deletion (e.g. after expiration of contractual relationships, archiving requirements, etc. as described above). In addition, we also delete such messages in cases where the potential inquiries of the communication partners have been addressed, providing information on previous conversations is not deemed necessary, and where statutory data storage obligations do not prevent such deletion of messages thereof. 

Reserving the right to provide a response through other communication channels: Consequently, we reserve the right not to provide a response to your inquiries through Messenger for your security at our own discretion. This is applicable in such cases where the relevant contract requires for particular privacy or a response provided through Messenger fails to meet the applicable formal requirements. In such cases, we will provide you with necessary instructions to contact us through more suitable communication channels. 

Services used and service providers: 

Microsoft Teams: Microsoft Teams – Messenger; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website:; Data privacy statement:, Security warning:; Privacy shield (Data privacy guarantee during data processing in the USA): Telegram Broadcasts: Telegram Broadcasts – End-to-end encrypted Messenger; Service provider: Telegram, Dubai; Website:; Data privacy statement: 
WhatsApp: End-to-end encrypted WhatsApp Messenger; Service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Website:; Data privacy statement:; Privacy shield (Data privacy guarantee during data processing in the USA): 

Deletion of data 

Data processed are deleted upon cancellation of the consent obtained for data processing or withdrawal of other authorizations pursuant to legal requirements (e.g. intended purpose for data processing is no longer applicable or such data are no longer required for the relevant purpose, etc.). 

Processing of data that could not be deleted due to such legal requirements shall be limited to such legal purposes thereof. In other words, such data shall not be accessible and shall not be processed for any other purposes. The foregoing provision shall be applicable to data whose storage is required pursuant to commercial or tax laws, or storage of such data is deemed required for declaration, execution, or defense of legal claims, or in such cases where storage of such data is required for the protection of the rights of other natural or legal entities thereof. 

Additional information on the deletion of personal data is available under personal data protection details as contained in this data privacy statement. 

Changes and revisions to this data privacy statement 

We advise you to review the contents of this data privacy statement on a regular basis. We may revise this data privacy statement as required by data processing operations undertaken by us. We will provide you with information as soon as possible in case of any requirement for your cooperation (e.g. explicit consent, etc.) or any other requirement for providing individual information in relation to such changes. 

Rights of the data owner 

Data owners have various rights pursuant to applicable provisions of GDPR, especially from Article 15 to Article 18 as well as under Article 21: 

Right to objection: Due to reasons arising out of special circumstances, you are entitled to object to processing of your personal data at any time pursuant to GDPR, Article 6, paragraph 1, sub-paragraphs E or F; this right shall also be applicable to creating a profile based on such provisions. In such cases where your personal data are processed directly for advertisement purposes, then you are entitled to object to processing of your personal data for such kind of advertisement purposes at any time; this right shall also be applicable to removal of a profile in case it is directly related to such advertisements thereof. 
Right to withdraw your explicit consent: You are entitled to withdraw your explicit consent at any time at your own discretion. 
Right to receive information: Within the framework of legal requirements, you are entitled to request for information about whether such personal data have been processed, data categories subject to such processing as well as a confirmation letter containing further detailed information about your personal data and copies of such data. 
Right to correct: In case your personal data have been processed in an inaccurate or incomplete manner, then you are entitled to request for correction or completion of such data. 
Right to limitation to processing of data and deletion of data: Within the framework of legal requirements, you are entitled to request for deletion of your personal data without delay or limitation of processing of such data. 
Right to data portability: Within the framework of legal requirements, you are entitled to receive your personal data, previously transferred to us, in a configured, common, and machine-readable format or transfer of the same to another data controller. 
Right to submit a formal complaint to an official supervisory authority: Within the framework of legal requirements, you are entitled to submit a formal complaint to an official supervisory authority and particularly to the relevant supervisory authority of your place of residence, registered office, or jurisdiction in which the alleged claim occurred in case you reasonably believe that your personal data have been processed in a manner as contrary to the applicable provisions of GDPR.