Privacy Policy

Last Updated: November 2025

1. Controller

Kastrati Tech GmbH
Wehneltstraße 9
91052 Erlangen
Germany

Email: info@kastratitech.com
CEO: Liridon Kastrati
Commercial Register: HRB 20297, Amtsgericht Fürth
VAT ID: DE360460691

2. General Data Processing

2.1 Scope of Processing

We generally only process personal data of our users to the extent necessary to provide a functional website and our content and services. Processing of personal data generally only takes place after user consent. An exception applies in cases where prior consent is not possible for practical reasons and data processing is permitted by law.

2.2 Legal Basis

If we obtain consent from the data subject for processing personal data, Art. 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

For processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

2.3 Data Deletion and Retention

Personal data is deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data is also blocked or deleted when a retention period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for contract conclusion or performance.

3. Website Provision and Log Files

3.1 Description and Scope

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

  • User's IP address
  • Date and time of access
  • Pages accessed
  • Data transferred
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)

The data is stored in log files of our system. This data is not stored together with other personal data of the user.

3.2 Legal Basis

The legal basis for temporary storage of data and log files is Art. 6(1)(f) GDPR (legitimate interest in ensuring the functionality and security of our website).

3.3 Purpose

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. Storage in log files is done to ensure the functionality of the website, optimize it, and ensure the security of our information technology systems.

3.4 Retention Period

Data is deleted as soon as it is no longer required for the purpose for which it was collected. For data collected to provide the website, this is when the session ends. For data stored in log files, this is after a maximum of 7 days.

4. Cookies

4.1 Description

Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system.

We use the following types of cookies:

Necessary Cookies (Legal Basis: Art. 6(1)(f) GDPR)

Cookie Name: cookie-consent
Purpose: Storing your cookie preferences
Retention: 12 months
Provider: Kastrati Tech GmbH (First-party)

Analytics Cookies (Legal Basis: Art. 6(1)(a) GDPR - Consent)

Currently, no analytics cookies are used. If implemented, these will only be set after your explicit consent.

Marketing Cookies (Legal Basis: Art. 6(1)(a) GDPR - Consent)

Currently, no marketing cookies are used. If implemented, these will only be set after your explicit consent.

4.2 Managing Cookies

You can adjust your cookie settings at any time via the cookie banner, which is accessible via the link in the footer. You can also configure your browser to inform you about cookie placement and decide individually whether to accept them, or exclude cookie acceptance for specific cases or generally. If you do not accept cookies, the functionality of our website may be limited.

5. Contact Form and Email

5.1 Description

Our website has a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input form is transmitted to us and stored:

  • First and last name
  • Email address
  • Company (optional)
  • Phone number (optional)
  • Message content
  • Time of submission

5.2 Legal Basis

If the user has given consent, the legal basis for processing is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

5.3 Purpose

Processing of personal data from the input form serves solely to handle the contact request. In case of contact via email, this also constitutes the necessary legitimate interest for processing the data.

5.4 Retention Period

Data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. For personal data from the contact form and those sent via email, this is when the conversation with the user has ended. The conversation is considered ended when circumstances indicate that the matter has been conclusively resolved. This is typically after 6 months, provided no business relationship has been established.

In case of a business relationship, statutory retention requirements (e.g., § 147 German Tax Code, § 257 German Commercial Code) may require longer storage of up to 10 years.

5.5 Email Sending via Resend

For email delivery, we use the service provider Resend (Resend, Inc., USA). Data submitted via the contact form is forwarded to Resend for delivery. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in reliable email delivery). We have concluded a data processing agreement with Resend. Resend processes the data exclusively according to our instructions.

More information: Resend Privacy Policy

6. Your Rights as Data Subject

If your personal data is processed, you are a data subject within the meaning of GDPR and you have the following rights:

6.1 Right to Access (Art. 15 GDPR)

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request information about this personal data and further details.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to rectification and/or completion from the controller if the processed personal data concerning you is inaccurate or incomplete.

6.3 Right to Erasure (Art. 17 GDPR)

You have the right to request that we delete your personal data without undue delay if one of the legal grounds applies and the processing is not necessary.

6.4 Right to Restriction (Art. 18 GDPR)

You have the right to request restriction of processing if one of the legal conditions is met.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller.

6.6 Right to Object (Art. 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON ART. 6(1)(F) GDPR (DATA PROCESSING BASED ON A BALANCING OF INTERESTS).

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

6.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates GDPR.

Competent supervisory authority for our company:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de

7. Exercising Your Rights

To exercise your rights, please contact us at:
Email: info@kastratitech.com
Address: Kastrati Tech GmbH, Wehneltstraße 9, 91052 Erlangen, Germany

We will generally respond to your request within one month. In complex cases, this period may be extended by a further two months, of which we will inform you.

8. Data Security

During your website visit, we use the widely adopted SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

9. Updates to This Privacy Policy

This privacy policy is currently valid as of November 2025. Due to the development of our website and offerings or changes in legal or regulatory requirements, it may become necessary to modify this privacy policy. The current privacy policy can be accessed and printed from the website at any time.