Privacy Policy

Last updated: 3 May 2026

This English version is provided for convenience. The legally binding version is the German one at halal-spots.de/de/datenschutz.

Data Controller

Mohammed Shehbaz Khan
Basselweg 92b
22527 Hamburg
Germany

Email: hello@halal-spots.de
Imprint: halal-spots.de/en/impressum

Overview of Processing

Types of data processed

  • Master data (e.g. name, address, contact details).
  • Contact data (e.g. email addresses).
  • Content data (e.g. form input).
  • Usage data (e.g. visited pages, time spent).
  • Meta, communication and procedural data (e.g. IP addresses, timestamps).
  • Log data (e.g. server log files).

Categories of data subjects

  • Users (website visitors).
  • Communication partners.

Purposes of processing

  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Direct marketing (newsletter for beta signup).
  • Security measures.

Legal Basis

The following provides an overview of the legal bases under the GDPR on which we process personal data:

  • Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing for one or more specific purposes.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the data subject’s rights.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation.

German national rules: In addition to the GDPR, the German Federal Data Protection Act (BDSG) and applicable state data protection laws apply.

Security Measures

We take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements and the state of the art.

Securing online connections via TLS/SSL (HTTPS): All connections between the browser and our server are encrypted via TLS/SSL. The certificate is issued via Let’s Encrypt (managed by Vercel) and renewed automatically.

Sharing of Personal Data

As part of our processing, personal data may be shared with other parties, in particular with the IT service providers we use as data processors (see “Hosting” and “Newsletter” sections). We have entered into data processing agreements (Art. 28 GDPR) with all recipients.

International Data Transfers

Where we transfer data to a third country (outside the EU/EEA), this is always done in accordance with legal requirements.

For transfers to the United States, we rely primarily on the EU-US Data Privacy Framework (DPF), recognised as an adequate legal framework by the EU Commission’s adequacy decision of 10 July 2023. In addition, we have concluded Standard Contractual Clauses under Art. 46 GDPR with the respective providers.

Data Storage and Deletion

We delete personal data once consent is withdrawn or no further legal basis for processing exists. Exceptions apply where legal obligations or legitimate interests require longer storage.

Statutory retention periods under German law:

  • 10 years — accounting books, financial statements, inventories (§ 147 AO, § 257 HGB).
  • 8 years — accounting documents such as invoices.
  • 6 years — other business records, including received and sent business correspondence.
  • 3 years — data needed to consider potential warranty or damage claims (§§ 195, 199 BGB).

Rights of Data Subjects

You have several rights under the GDPR (in particular Art. 15-21):

  • Right to object (Art. 21): You have the right at any time to object to processing based on legitimate interests, including for direct marketing purposes.
  • Right to withdraw consent: You may withdraw consent at any time.
  • Right of access (Art. 15): You have the right to obtain confirmation as to whether your data is being processed, and access to it.
  • Right to rectification (Art. 16): You may request correction of inaccurate data.
  • Right to erasure and restriction (Art. 17, 18): You may request deletion or restriction of processing.
  • Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
  • Right to lodge a complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority (see below).

Provision of the Online Offering and Hosting

We process user data in order to make our online services available. For this purpose we process the user’s IP address, which is required to deliver content and functionality to the user’s browser or device.

Data Processor: Vercel Inc. (Hosting)

Our website is hosted by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA.

US transfer: Vercel is certified under the EU-US Data Privacy Framework (DPF). In addition, we have concluded Standard Contractual Clauses with Vercel under Art. 46 GDPR. Static content is primarily delivered from EU edge nodes (incl. Frankfurt).

Vercel privacy policy: vercel.com/legal/privacy-policy

Server log files

Access to our online offering is logged in server log files. This may include URLs accessed, date and time, transmitted data volumes, browser type and version, operating system, referrer URL, and IP address.

Purpose: Stability and security (in particular protection against DDoS attacks).
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Retention: Log information is stored for a maximum of 30 days, then deleted or anonymised.

Newsletter and Electronic Notifications

We send newsletters and electronic notifications only with the recipient’s consent. To sign up, your email address is sufficient. You may optionally provide your city.

Newsletter content: Information about the launch of the beta app on TestFlight (iOS) and Google Play (Android), updates on app availability, and occasional notes about app development.

Legal basis: Art. 6(1)(a) GDPR (consent).

Opt-out: You can cancel the newsletter at any time, i.e. withdraw your consent. Email hello@halal-spots.de or use the unsubscribe link that will appear in future messages.

Retention: We may retain unsubscribed email addresses for up to three years on the basis of our legitimate interest in proving that consent was previously given. Processing is limited to potential defence against claims.

Data Processor: Brevo (Sendinblue)

Sending and managing newsletter recipients is handled by Sendinblue SAS (brand name “Brevo”), 7 rue de Madrid, 75008 Paris, France.

Data processing takes place within the EU. No third-country transfer occurs. We have concluded a data processing agreement (Art. 28 GDPR) with Brevo.

Data processed: email address, optionally city, signup timestamp, and IP address as evidence of consent.

Brevo privacy policy: brevo.com/legal/privacypolicy

Email Forwarding (Contact)

Emails sent to addresses on our domain (e.g. hello@halal-spots.de) are forwarded to our private inbox via ImprovMX (provider: Vinz B.V., Netherlands; see provider site for the official imprint).

A data processing agreement (Art. 28 GDPR) is in place with ImprovMX. Where any technical processing steps occur outside the EU/EEA, they are protected by Standard Contractual Clauses (Art. 46 GDPR).

ImprovMX privacy policy: improvmx.com/policies/privacy

Competent Supervisory Authority

Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI)
Ludwig-Erhard-Straße 22, 7. OG
20459 Hamburg, Germany
Phone: +49 40 428 54-4040
Email: mailbox@datenschutz.hamburg.de
Website: datenschutz-hamburg.de

Changes and Updates

Please check this privacy policy regularly. We update it when changes to our processing make this necessary. We will inform you whenever changes require a cooperative action on your part (e.g. renewed consent).

Created with Datenschutz-Generator.de by Dr. Thomas Schwenke, then adapted and extended for our setup.

Back to homepage