Privacy Policy

1. Controller

Controller within the meaning of the GDPR and other national data protection laws as well as other data protection-related provisions is:

Cengizhan Akbudak e.U
Björnsongasse 29
1130 Wien, Germany
Email: hello@mekyn.com
Phone:

2. Data Protection Officer

Our external data protection officer is:
datenschutzexperte.de
Email: dsb@datenschutzexperte.de

3. General information on data processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Processing is carried out regularly only after the user's consent or in cases where obtaining consent in advance is not possible for factual reasons and processing of the data is permitted by legal regulations.

4. Hosting in the EU

mekyn is operated exclusively on servers within the European Union. Data transfer to third countries takes place only in the cases mentioned in section 11 and exclusively on the basis of an effective legal basis (Standard Contractual Clauses plus additional protective measures after Schrems II).

5. Server log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• IP address of the user (truncated after 7 days)
• Date and time of access
• Accessed URL and referrer URL
• Used browser, operating system and language

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable operation and security). Storage period: 14 days, then automatic deletion.

6. Cookies and similar technologies

This website does not use tracking cookies or third-party cookies by default. Technically necessary cookies (e.g. for maintaining login session in the dashboard) are set without consent based on applicable law. Optional features (e.g. web analytics) are activated exclusively after active consent via our consent banner.

7. Contact form and email contact

When using the contact form, the data entered in the input form is transmitted to us and stored. We use this data exclusively to process your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in efficient processing). Data is deleted as soon as it is no longer required for the purpose for which it was collected, but no later than after the expiry of statutory retention periods.

8. Newsletter

You can register on our website for our newsletter free of charge. Registration is done using the so-called double opt-in procedure: After your registration, you will receive a confirmation email in which you must confirm your registration. We process your email address, the date of registration and the IP address from which the registration was made. Legal basis: Art. 6(1)(a) GDPR (consent). You can revoke your consent at any time by clicking the unsubscribe link in each newsletter email.

9. User account and dashboard

When you create a user account, we process the data required for contract execution (name, email, billing address, payment data, domain data if applicable). Legal basis: Art. 6(1)(b) GDPR. Data is stored for the duration of the contractual relationship and thereafter until the expiry of statutory retention periods.

10. Data processing agreements

We use carefully selected processors within the meaning of Art. 28 GDPR. Data processing agreements are in place with all processors. Processing takes place exclusively in the EU; for a few providers with group headquarters in third countries, EU Standard Contractual Clauses and additional protective measures (encryption, pseudonymization) apply. An up-to-date list of all sub-processors is available on our sub-processors page (under development).

11. Third country transfers (Schrems II)

To the extent data is transferred to third countries, this only occurs if an adequate level of protection is ensured (adequacy decision, Standard Contractual Clauses, additional protective measures). We individually assess the Schrems II risks for each provider and document the measures taken.

12. Your rights as a data subject

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) — the competent authority is the Hessian Commissioner for Data Protection and Freedom of Information.

13. Data security

We use TLS encryption in connection with the highest encryption level supported by your browser during website visits. In addition, we encrypt data at rest. Detailed technical measures can be found in our security overview (under development).

14. Updating this privacy policy

This privacy policy is currently valid and dated 2026-05-01. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to amend this privacy policy.

Draft based on GDPR requirements (as of 2026). Legal review before launch recommended.