Path Dusseldorf


EU GDPR (General Data Protection Regulation) Data Protection Policy

Path Düsseldorf GmbH
DPO: Kemal Hakan Hasserbetci
Lise-Meitner Strasse No: 6
40878 Ratingen, Germany
E-Mail: &
General Mudur: Kemal Hakan Hasserbetci 
HRB 74806 Düsseldorf
Steuer Nr.: 147/5857/1411 
USt-IdNr.: DE300087677

Data Protection Officer:

Kemal Hakan Hasserbetci
Lise-Meitner Strasse No: 6
40878 Ratingen, Germany                                                                                             E-Mail:

Our Policy Objectives and Scope

We would like to thank you for visiting our website and for your interest in the services we provide. The complete protection of your personal data is of utmost importance to us. In this Privacy Policy, we explain the purposes for which we collect your personal data, how we process it, the legal basis on which we rely, the rights you have, the steps we take to protect your personal data, and the choices provided to you regarding its use.

We value your privacy because it is crucial not only for our management but also for all our company colleagues. Indeed, we use your personal data solely for potential project meetings and to respond to your information requests, and if you have given consent, to inform you about our services. Protecting the confidentiality, privacy, and integrity of your personal information is vital for every member of our organization.

We commit to processing the personal data of our website visitors, including special categories of personal data, in line with the GDPR and local laws, ensuring that all visitors comply with this and other relevant policies. Data cannot be processed by a third party without your consent. In cases where your data is processed with your consent, we will ensure that the third party takes corporate and technical measures, as seen in the GDPR, to continue our commitment to data protection. Under the GDPR, we are aware of our responsibility for the processing, management, organization, and storage of all personal data held in manual records and on computers.

We are mindful of our obligation to briefly inform you about the GDPR Regulation :

Personal Data:

‘Personal data’ refers to information directly or indirectly related to an identifiable individual, such as a person’s name, identification number, location, or online identifier. It can also include pseudonyms and other data. Any information related to an identified or identifiable individual is considered personal data. Personal data encompasses not only information related to an individual’s private life, including professional activities but also information regarding their public life. According to EU laws, information is considered personal data if: • an individual can be identified or is identifiable from the information; or • even if an individual cannot be identified, it is possible to determine their identity through additional research.

These are considered as personal data. ‘Special categories of personal data’ pertain to data concerning the identifiable individual’s health, sexual life, sexual orientation, race, ethnic origin, political opinions, religious beliefs, and union membership. Additionally, these categories include genetic and biometric data when used for identification.

‘Data processing’ refers to any operation or set of operations performed on personal data or sets, whether carried out by automatic means or not. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination, or making available, alignment, or combination, restriction, erasure, or destruction of data.

Data Subject As per EU laws, natural persons are the sole beneficiaries of data protection rules (Article 1). Only living entities are protected under the European Data Protection Act (Recital 27. Also see Article 29 Data Protection Working Party (2007), Opinion 4/2007 on the concept of personal data, WP 136, 20 June 2007, p. 22.). The General Data Protection Regulation (GDPR) defines personal data as any information relating to an identified or identifiable natural person.

Under the European Data Protection Act, both types of information are equally protected. The evaluation of individuals’ direct or indirect identifiability requires continuous assessment, taking into account current technologies and technological advancements during processing (General Data Protection Regulation, Recital 26).

An identifiable individual is considered identifiable under the GDPR when they can be identified directly or indirectly, especially by reference to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (General Data Protection Regulation Article 4(1)).

This website is not intended or designed for use by children under the age of 16. Without explicit prior consent from a parent or guardian, we do not knowingly collect personal data from anyone under the age of 16. Upon request from a parent or guardian in such a situation, information provided by the child can be disclosed, and the parent or guardian has the right to request the deletion of the relevant data. Furthermore, all minors who are not of legal age must obtain consent from their parents or guardians before using or disclosing any personal data on this website or any online source.

Rights of Data Subjects In general, data subjects have the following rights: Every data subject, with limited exceptions, has the right to be informed about the processing of their personal data by a data controller.

Data subjects have the right to access their data and receive specific information about its processing, and they have the right to request the correction of their data by the controller processing it. If the controller is processing their data unlawfully, the data subject has the right to temporarily restrict the processing and, under certain conditions, to transfer their data to another controller. Additionally, in specific circumstances where data is used for direct marketing, the data subject has the right to object to the processing of their data.

Data subjects have the right not to be subject to a decision with legal effects or significant impact based solely on automated processing, including profiling. Data subjects also have the right to express their views regarding the controller’s standpoint and to request the intervention of another person after objecting to a decision based on automated processing. If you have provided consent for data processing, you may withdraw it at any time for future applicability.

At any time, you can submit your complaint to your local supervisory authority. The determination of the competent supervisory authority for you depends on where you reside, work, or the type of alleged violation. The list and addresses of supervisory authorities (for the private sector) can be found here (German Data Protection Authorities’ information is provided as an example below)

Data Protection Principles:

 All personal data we obtain, and record will:

  • be processed fairly, lawfully, and transparently
  • be collected for specific, explicit, and legitimate purposes
  • be limited to what is necessary, adequate, and relevant to the processing purposes • be kept accurate and up-to-date. Every effort will be made to promptly correct or delete incorrect data.
  • not be retained longer than necessary for the intended purpose • be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, loss, destruction, or damage, through specific technical and organizational measures
  • comply with the relevant GDPR procedures for the international transfer of personal data.

Additionally, personal data will be processed according to the data protection rights, as follows:

  • right to information • right to access
  • right to rectification of any inaccuracies (verification)
  • right to erasure of information (cancellation)
  • right to restriction of processing
  • right to portability
  • right to object to the addition of any information
  • right to object to automated decision-making and profiling regulations.

Data Processing:

 We process our users’ personal data only as long as it is necessary for the smooth operation of our website and the provision of our content and services. The processing of our users’ personal data occurs only regularly with the user’s consent. An exception will apply only for cases where processing is necessary for valid reasons and prior consent cannot be obtained, and data processing is permitted by law.

Personal information collected during your visit to our websites is used to make your usage of the site as comfortable as possible and to protect our IT systems from attacks and other unlawful activities.

Your personal data will not be transferred to third parties for any purpose other than the following: • when you have given explicit consent • when it is necessary for the performance of a contract with you • when it is necessary to fulfill a legal obligation • when processing is necessary to protect justified interests, and there is no overriding interest in not disclosing the data.

The legal basis for processing personal data is considered as GDPR Article 6(1)(a) when consent is obtained from the data subject. Processing of personal data necessary for the performance of a contract to which the data subject is party is considered as the legal basis according to GDPR Article 6(1)(b). This also applies to pre-contractual measures to be taken. When the processing of personal data is necessary to fulfill a legal obligation that our company is subject to, it is considered as the legal basis according to GDPR Article 6(1)(c). If processing is necessary to protect the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override those legitimate interests, it is considered as the legal basis according to GDPR Article 6(1)(f).

As soon as the purpose of data storage is fulfilled, the personal data of the data subject will be erased or blocked. Data may be stored for a longer period as required by European or national legislators in EU regulations, laws, or other regulations to which the controller is subject. Upon expiration of the prescribed storage period in accordance with the established standards and unless further storage of data is necessary for the performance or completion of a contract, the data will be blocked or deleted.

Concerning the processing of data outside the EU/EEA, your data will also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may have a lower level of data protection than European countries. In such cases, for example, by concluding specific agreements with our contract partners (you can request a copy of the list on demand), we will ensure adequate protection for your data or request your explicit consent for such processing.

Regarding Data Marketing:

Without providing you explicit notice and obtaining your explicit consent, we never sell or transfer Personal Data to any organization not affiliated with our company for our direct marketing uses. For information on this practice and options to refuse data sharing, please read our Cookie Policy.


We keep records of operational activities in our personal data record, including the purposes of processing and storage periods. These records are kept up-to-date to reflect current processing activities.

Access to Data Our visitors have the right to be informed whether we process personal data about them and to access the data we hold about them. Requests for such access are treated with utmost care and in compliance with the GDPR.

Visitors can promptly inform us if they believe data is incorrect as a result of an access request or by other means. Necessary steps will be taken immediately to rectify the information.

Data Security:

We use secure procedures to ensure the security of data recording and transmission: • All confidential files or written information are securely stored and access is granted only to authorized individuals who need it. • Confidential files or written information are never left where unauthorized persons could read them. • The accuracy of data entered into computers is regularly checked. • We always use the passwords given to access computer systems and do not transfer or misuse them to unauthorized individuals. • We utilize techniques to ensure personal data doesn’t remain on the screen when not in use.

Personal data about our visitors is neither stored nor carried in laptops, USB drives, or similar devices.

For security reasons, especially to prevent and detect attacks on our websites or fraudulent attempts, we retain your IP address and the name of your internet service provider for seven days.

Deletion of Your Personal:

 Data For security purposes, the personal IP addresses of our visitors will be deleted after seven days. Personal information is deleted once the purpose for which it was collected and processed has been fulfilled.

International Data Transfer:

 Personal data is stored only in Turkey outside the EU and is not transferred to any third party or recipient.

Data Breach Notification:

 When a data breach is considered a risk to individuals’ rights and freedoms, the data controller will be notified within 72 hours of the company becoming aware of the breach. The notification may occur in multiple steps.

When a breach is considered a high risk to the rights and freedoms of the individuals, they will be informed directly.

If a breach necessitates public notification, we promptly inform the public.

Creation of Logfiles:

 When You Visit Our Website When you access our website, general information is automatically collected through a cookie. This information, in server Logfile format, includes the type of your web browser, the operating system used, your internet service provider’s domain name, and similar details. These are only general information that does not allow any conclusion about an individual.

This information is technically necessary to correctly deliver the content you request from our websites and is mandatory when using the internet. Specifically, this data is processed for the following purposes: • Ensuring the seamless connection of the website • Guaranteeing the seamless usability of our website • Evaluating system security and stability • Other administrative purposes.

Each time you visit our websites, we retain specific information about your browser and operating system, the date and time of your visit, your interaction status, the usage of features on the website, search terms you’ve entered, frequency of visits to specific websites, the names of accessed files, the transferred data volume, the web page you accessed on our website, as well as the browser tab (or window) you used by clicking links on our websites or by directly typing an address into the URL bar. We also retain your IP address and your internet service provider’s name for seven days. This storage is done for security reasons, particularly to prevent and detect attacks or fraudulent attempts on our websites.

How are cookies used?

 Like many other websites, we use cookies on our site. These are small files automatically created by your browser when you visit our site, stored on your device (laptop, tablet, smartphone, etc.). Cookies do not cause any harm to your device; they do not contain viruses, trojans, or other malicious software. Cookies automatically provide certain data such as your IP address, browser, operating system, and internet connection. The information in cookies enables us to facilitate your navigation of web pages and to properly display the content of our site.

The data processed by cookies is necessary under the General Data Protection Regulation (GDPR) 6(1)(f) to protect our legitimate interests and against third parties.

Most browsers accept cookies automatically. However, you can always set your browser to show a warning before storing cookies on your computer or before creating a new identification data. Yet, completely disabling cookies may mean that you cannot use all the features of our website.

Without your specific permission, we never transfer the data collected by us to third parties or establish any connection with personal data.

If you wish, you can use our website without cookies. Internet browsers are usually set to accept cookies. Generally, you can disable the use of cookies at any time through your browser settings. Please use your browser’s help function to learn how to change these settings. Please note that if you disable cookie usage, some features of our website may not work.

What personal data do we collect?

We need certain personal data to provide you with this service. You provide some of this data to our websites and directly through email, fax, or mail. When you become our partner or customer, we create an account for you in our records.

By recording how you interact with our services (through cookies), we indirectly obtain some of your personal data from your devices, and we also receive the data you share through the following omnichannels: Fax, email, telephone, social networks, GDPR Turkey website.

Consequently, with your consent, we process the following data you share with us: • Company/Individual Names, if disclosed • Salutation (Mr., Mrs., no salutation, title) • Email address • Phone number • Address • IP address • If available, tax identification number

There is an available contact form on our website that can be used for electronic communication. We have only shared the email address for you to reach us. Communication is possible via the provided email address. In this case, the personal data transmitted via email by the user will be recorded.

Within this scope, data is not transferred to third parties. Data is used solely to process the contact.

With the user’s consent, the legal basis for data processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR).

During email transmission, the legal basis for processing the transmitted data is Article 6(1)(b) of the General Data Protection Regulation (GDPR).

The processing of other personal data during the transmission is carried out to prevent the misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted when it is no longer required for the purpose of collection. For personally shared data via email, there will be a necessity as long as the conversation with the user continues. The conversation will be considered ended when it’s understood that the relevant issue has been finally clarified.

Additional personal data collected during the transmission will be deleted within a maximum of seven days.

Right to object and delete:

 The user has the option to revoke the consent given for the processing of personal data at any time. When the user contacts us via email, they can object to the storage of personal data at any time. In such a case, the communication cannot continue. All personal data stored during the communication will be deleted in this case.

Changes in our privacy policy:

 We reserve the right to change this privacy policy to ensure it always complies with current legal requirements or to make changes to our services in the context of privacy policy when, for example, we offer new services. The new privacy policy will be valid for your next visit.

Questions and complaints:

 If you have any questions or concerns about how we use your personal information, please contact customer service or reach out to our Data Protection Officer: Mr. Kemal Hakan Hasserbetci Last updated: November 7, 2023