Privacy Policy

Responsible for data processing on this website is:

Management: Gönül Güneş

The appointment of a Data Protection Officer is not legally required for Sunlonix OÜ (Art. 37 GDPR). For data protection inquiries, please contact: [email protected]

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the General Data Protection Regulation (GDPR) and this privacy policy.

We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services.

Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to pre-contractual measures.

Where processing is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis.

Where processing is necessary for the purposes of legitimate interests pursued by our company and your interests, fundamental rights and freedoms do not override those interests, Art. 6(1)(f) GDPR serves as the legal basis.

We implement appropriate technical and organizational measures in accordance with legal requirements to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data. Furthermore, we consider the protection of personal data already in the development and selection of software and processes.

This website is hosted on our own EU infrastructure (self-hosted). The servers are located in the European Union.

With each access to our website, the following data is automatically collected by the system:

• Browser type and version
• Operating system
• Referrer URL (previously visited page)
• IP address (anonymized)
• Date and time of access
• Page accessed

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring technical operation).

Retention period: Log files are automatically deleted after 30 days. These data are not merged with other data sources.

When you send us inquiries via the contact form, your information from the form is stored for processing the inquiry.

The following data is collected:

• Name
• Email address
• Company (optional)
• Subject and message

Additionally, the following is stored at the time of submission:

• IP address of the user
• Date and time of submission

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (pre-contractual measures).

Retention period: Your data will be deleted after processing is complete, unless legal retention obligations apply (maximum 3 years).

No data is shared with third parties. The data is used exclusively for processing the conversation.

Alternatively, you can contact us via the provided email address. In this case, the personal data transmitted with the email will be stored.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). If the contact aims at concluding a contract, Art. 6(1)(b) GDPR serves as an additional legal basis.

Our website does not use tracking cookies. Only technically necessary cookies are used that are required for the operation of the website.

Since we do not use cookie-based tracking, a cookie banner is not required.

We use Umami Analytics — a privacy-friendly, self-hosted web analytics solution. Umami does not set cookies, does not store personal data, and is fully GDPR-compliant.

Data is processed exclusively on our own infrastructure in the European Union. No data is transmitted to third parties.

This website uses SSL/TLS encryption (HTTPS) for security purposes. This means that data you transmit to us is protected from third-party access. You can recognize an encrypted connection by the lock symbol in the browser bar.

Your personal data will not be disclosed to third parties unless:

• this is necessary for contract fulfillment,
• you have explicitly consented, or
• there is a legal obligation.

No transfer of personal data to countries outside the European Union (third countries) takes place. All data processing is carried out on EU-based infrastructure.

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue if this has been provided for by European or national legislation. Data will also be deleted when a prescribed retention period expires, unless there is a need for further storage for the conclusion or performance of a contract.

You have the following rights regarding your personal data:

No automated decision-making including profiling pursuant to Art. 22 GDPR takes place.

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

The competent supervisory authority for Sunlonix OÜ is:

We reserve the right to update this privacy policy as needed to adapt it to current legal requirements or to implement changes to our services. The current version applies to your renewed visit.