Path Dusseldorf

Instagram Linkedin
Book With me
+49 173 351 97 17

Data Privacy Policy 

Last updated: 08.02.2026

Path Düsseldorf GmbH takes the protection of personal data seriously. This Data Privacy Policy explains how personal data is processed when you visit our website or interact with us in the context of our professional activities, in accordance with the General Data Protection Regulation (GDPR / DSGVO), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and other applicable data-protection laws.

1. Controller

The controller responsible for data processing pursuant to Art. 4(7) GDPR is:

Path Düsseldorf GmbH
Geschäftsführer: K. Hakan Hasserbetci
c/o 360 Workspace
Gerresheimer Straße 86
40233 Düsseldorf
Germany

Email: support@pathdusseldorf.com

2. General Information on Data Processing

We process personal data only where permitted by law and only for specified, explicit, and legitimate purposes. Personal data is processed in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality as set out in Art. 5 GDPR.

3. Website Access and Hosting

When you access our website, technical data may be processed automatically by our hosting provider to ensure the secure and reliable operation of the website. This data may include:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

This data is processed exclusively for technical, security, and operational purposes and is not used to identify individual users.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in secure and stable website operation)

4. No Contact Forms on the Website

Our website does not provide contact forms and does not require visitors to actively enter personal data.

If you contact us voluntarily via email, we will process the personal data you provide (such as your email address, name, and message content) solely for the purpose of responding to your enquiry or initiating professional communication.

Legal basis:
Art. 6(1)(b) GDPR (pre-contractual measures)
Art. 6(1)(f) GDPR (legitimate interest in professional communication)

5. Cookies and Tracking Technologies

Our website does not use cookies, analytics tools, tracking technologies, or marketing services.

No cookie banner is displayed, as no cookies requiring consent under applicable data-protection law are used.
Further details are provided in our separate Cookies Policy.

6. Processing of Client and Business Contact Data

In the course of our professional activities, we process personal data of business contacts, including clients, client representatives, training participants, and partners.

Such data may include names, professional contact details, organisational roles, and communication records. Processing is limited to what is necessary for:

  • contract initiation and performance,
  • consulting, governance, and compliance services,
  • training delivery and documentation,
  • compliance with legal and regulatory obligations.

Legal bases:
Art. 6(1)(b) GDPR
Art. 6(1)(c) GDPR
Art. 6(1)(f) GDPR

7. Processing in Consulting, DPO, and Compliance Mandates

Depending on the specific engagement, Path Düsseldorf GmbH may act as:

  • controller,
  • processor, or
  • independent professional subject to statutory secrecy obligations, including in the role of outsourced Data Protection Officer (DPO).

Where personal data of a client’s employees or end customers is processed, such processing takes place strictly within the scope of the mandate and under the responsibility of the respective client as controller, unless otherwise contractually agreed.

8. Freelance Consultants and Advisory Board Members

Path Düsseldorf GmbH collaborates with freelance consultants and advisory board members worldwide. These individuals are not employees.

Personal data is processed for the purposes of contractual cooperation, coordination, communication, and compliance with legal, accounting, and tax obligations.

Legal bases:
Art. 6(1)(b) GDPR
Art. 6(1)(c) GDPR
Art. 6(1)(f) GDPR

9. Training and Events

When we organise or deliver training sessions, workshops, or professional events, we may process personal data of participants, such as names, professional contact details, attendance information, and certification-related records.

Processing is limited to what is necessary for training delivery, documentation, and professional follow-up.

Legal bases:
Art. 6(1)(b) GDPR
Art. 6(1)(f) GDPR

10. International Data Transfers

Due to the international scope of our consulting, governance, and training activities, personal data may be transferred to recipients located outside the European Union or the European Economic Area (EEA), including clients, partners, or consultants operating internationally.

Such transfers are carried out only where permitted under Chapter V GDPR and only when appropriate safeguards are in place. These safeguards may include, in particular:

  • Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR),
  • contractual confidentiality and data-protection obligations,
  • internal governance, access-control, and documentation measures.

Where required, transfer risk assessments are considered to evaluate the legal environment of the recipient country and the effectiveness of the implemented safeguards.

Path Düsseldorf GmbH does not transfer personal data to third countries for marketing, profiling, or advertising purposes.

11. Data Retention

Personal data is retained only for as long as necessary to fulfil the respective processing purpose or to comply with statutory retention obligations. Data is deleted or anonymised once retention is no longer required.

12. Data Subject Rights

Data subjects have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Requests may be addressed to:
📧 support@pathdusseldorf.com

13. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with a supervisory authority. The competent authority for Path Düsseldorf GmbH is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

14. Data Security

Path Düsseldorf GmbH implements appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.

These measures include, in particular:

  • role-based access controls and authorisation concepts,
  • confidentiality obligations for all persons involved in data processing,
  • secure communication and data-handling practices,
  • governance procedures for access, storage, and disclosure of personal data,
  • regular review of organisational and procedural safeguards.

Security measures are designed to protect personal data against unauthorised access, accidental loss, destruction, alteration, or unlawful disclosure, taking into account the nature, scope, context, and purposes of processing.

15. Changes to This Data Privacy Policy

We reserve the right to update this Data Privacy Policy where necessary to reflect legal, regulatory, or operational changes.