Legal
Protecting your personal data matters to us. Below we inform you, in accordance with Art. 13 of the General Data Protection Regulation (GDPR), which data are processed when you visit this website and when you submit an enquiry.
The controller within the meaning of the GDPR and other data-protection provisions is:
Mirzazadeh GmbHThe authorised representative, register entry and further mandatory details can be found in the legal notice.
“Personal data” means any information relating to an identified or identifiable natural person — such as your name, your telephone number or your email address. We process personal data only insofar as this is necessary to provide this website and our services, or where you have given your consent.
Any processing of data is always carried out in accordance with the GDPR and the German Federal Data Protection Act (BDSG). We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or misuse.
This website is hosted as a static site by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) via the “Cloudflare Pages” service and delivered through Cloudflare’s global content-delivery network. When you access our pages, Cloudflare processes technically necessary connection and usage data (e.g. IP address, requested resource, date and time) in order to provide the site reliably, securely and quickly.
The legal basis is our legitimate interest in providing the website securely and efficiently pursuant to Art. 6(1)(f) GDPR. A data-processing agreement under Art. 28 GDPR is in place with the provider. Cloudflare may also process data in the USA — see the section on transfer to third countries.
When this website is accessed, the hosting provider may automatically collect and store information in so-called server log files. These typically include:
These data are not merged with other data sources and serve solely for technical provision, security and error analysis. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in error-free, secure operation).
If you contact us via the enquiry form or by email, we process the data you provide — usually name, telephone / WhatsApp number, email address and the content of your message — in order to handle your enquiry, respond to you and arrange a consultation or private viewing.
The legal basis is Art. 6(1)(b) GDPR (performance of pre-contractual measures at your request, i.e. initiating a contract). Where you additionally give your explicit consent, the processing is based on Art. 6(1)(a) GDPR; you may withdraw this consent at any time with effect for the future. Providing the data is voluntary, but necessary for us to process your enquiry.
Note: the enquiry form is handled technically through a form service provider (see the next section). Your data are not passed on to third parties for advertising purposes.
The following services are intended or are being prepared. They become relevant to data protection only once they have actually been activated on the website. Before any productive use, this section will be made specific (provider, purpose, legal basis, third-country relevance) and, where applicable, consent will be obtained via a consent banner.
For the delivery of form messages, the use of a form / email service is intended (initially Web3Forms, in time Resend with processing within the EU). The service transmits the data entered in the form to us as an email. The legal basis is Art. 6(1)(b) GDPR; a data-processing agreement is concluded with the provider.
We plan to use Google Analytics 4 for reach measurement as well as Google Ads conversion tracking to measure the success of advertisements. These services use cookies or comparable technologies and — where activated — are operated exclusively on the basis of your prior consent given via a consent banner (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). They are integrated using Google’s “Consent Mode v2”. The provider is Google Ireland Limited; processing in the USA is possible (see the section on third countries). As long as no consent banner is active, these services are not loaded.
To follow up on enquiries, a CRM system (e.g. HubSpot) may be used. Contact data stored there serve to handle your enquiry and to provide further personal advice (Art. 6(1)(b) GDPR).
Some of the services used or planned (in particular Cloudflare and, where applicable, Google) are based in the USA or process data there. The USA does not have a level of data protection equivalent to European law.
A transfer takes place only where an appropriate safeguard under Art. 44 et seq. GDPR exists — for example where the recipient is certified under the EU-US Data Privacy Framework (DPF), or on the basis of the standard contractual clauses adopted by the EU Commission. As part of the legal finalisation, the specific legal basis for the third-country transfer will be documented for each service.
We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations. Enquiry data are deleted as soon as they are no longer needed for processing and no commercial or tax-law retention periods (generally up to 6 or 10 years) prevent this. Server log files are generally deleted or anonymised automatically after a short period.
Under the GDPR you are entitled in particular to the following rights:
To exercise your rights, an informal message to the contact details given above is sufficient. You also have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR). The competent authority is, among others, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).
Insofar as we process data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object to such processing at any time (Art. 21 GDPR). We will then no longer process the data concerned, unless we can demonstrate compelling legitimate grounds that override your interests, or the processing serves to assert, exercise or defend legal claims.
This privacy policy will be adapted as soon as the actual processing operations change — for example through the activation of further services or of a consent banner. The current version published here shall apply in each case.
Effective date of this version: 14 June 2026 (draft, subject to legal review).
Any questions?
If you have questions about data protection or about an enquiry you have already submitted, you can reach us personally — discreetly and with no pressure to buy.