PRIVACY POLICY

Last updated: 29.04.2026

1. Controller

The person responsible for data processing on this website is:

Tarkan Karakus — Nyxo Studio, Bavaria, Germany

Email: contact@nyxo.studio

2. Overview

We take the protection of your personal data very seriously. This Privacy Policy explains what data we collect, why we collect it, how it is processed, and what rights you have under the General Data Protection Regulation (GDPR / DSGVO).

Personal data is any information that can be used to identify you directly or indirectly — such as your name, email address, or IP address.

3. Hosting

This website is hosted by:

Hostinger International Ltd. 61 Lordou Vironos Street, 6023 Larnaca, Cyprus Email: support@hostinger.com Privacy contact: gdpr@hostinger.com Website: https://www.hostinger.com

When you visit this website, Hostinger processes certain technical data on our behalf as a data processor under Art. 28 GDPR. A Data Processing Addendum (DPA) is in place between us and Hostinger, which includes EU Standard Contractual Clauses (SCCs) to govern any data transfers outside the EEA. For full details, see Hostinger's Data Processing Addendum at https://www.hostinger.com/legal/dpa.

Data processed by the hosting infrastructure includes server log files containing:

  • Your IP address (anonymised where technically possible)

  • Date and time of access

  • Pages and files accessed

  • HTTP status codes

  • Browser type and version

  • Referring URL

  • Operating system

This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of our website). It is not combined with other data sources and is deleted after [e.g., 7–14 days] unless a security incident requires longer retention.

4. Data We Collect and Why

a) Visiting this website As described above, your browser automatically transmits technical data to our server. This is necessary for the website to function and is not used to identify you personally.

b) Contacting us When you send an enquiry via email or a contact form, we store your name, email address, and the content of your message. This data is used solely to process and respond to your request. The legal basis is Art. 6(1)(b) GDPR (pre-contractual communication) or Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries).

We do not share this data with third parties. We retain it for as long as necessary to resolve your enquiry, and for up to [e.g., 3 years] thereafter for documentation purposes, unless a longer retention period is required by law.

c) Client and project data If you engage Nyxo Studio for services, we process the personal data necessary to fulfil the contract — such as your name, business name, address, email, phone number, and payment information. The legal basis is Art. 6(1)(b) GDPR. We retain this data for 10 years in compliance with German statutory retention obligations under §§ 147 AO, 257 HGB.

d) Newsletter (if applicable) [Include only if you have a newsletter.] If you subscribe to our newsletter, we collect your email address on the basis of your explicit consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link included in every newsletter. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

5. Cookies and Tracking Technologies

This website uses cookies. We distinguish between:

Technically necessary cookies — required for the website to function (e.g., session management). These are placed on the basis of Art. 6(1)(f) GDPR and do not require your consent.

Optional cookies (analytics, marketing) — only placed after you have given your explicit, informed consent via our cookie consent banner, in accordance with Art. 6(1)(a) GDPR and the ePrivacy Directive.

When you first visit this website, a cookie consent banner will appear. You can adjust or withdraw your cookie preferences at any time via the cookie settings button in our website footer.

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We only share data with third parties where necessary, including:

RecipientPurposeLegal BasisHostinger International Ltd.Website hostingArt. 6(1)(f) GDPR + DPA[Payment provider, e.g. PayPal / Stripe]Processing paymentsArt. 6(1)(b) GDPR[Email provider, if applicable]Sending emailsArt. 6(1)(f) GDPR + DPA

Where data is transferred to countries outside the EU/EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (Art. 46 GDPR).

7. Data Retention

We store your personal data only for as long as necessary for the purposes described above. Applicable retention periods:

  • Server log files: [7–14 days]

  • Contact enquiries: [3 years] from last contact, or longer if a legal dispute arises

  • Client and invoice data: 10 years (§§ 147 AO, 257 HGB — German tax and commercial law)

  • Newsletter data: Until you unsubscribe or withdraw consent

8. Your Rights Under the GDPR

As a data subject, you have the following rights. To exercise any of them, contact us at contact@nyxo.studio:

  • Right of access (Art. 15 GDPR): Request a copy of the data we hold about you.

  • Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.

  • Right to erasure (Art. 17 GDPR): Request deletion of your data, subject to legal retention obligations.

  • Right to restriction (Art. 18 GDPR): Request that we limit how we use your data.

  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.

  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests, including any profiling.

  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

We will respond to your request without undue delay and at the latest within one month.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:

Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD) Wagmüllerstraße 18 80538 München, Germany Website: https://www.datenschutz-bayern.de/ Email: poststelle@datenschutz-bayern.de

10. No Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. Data Security

We implement appropriate technical and organisational security measures in accordance with Art. 32 GDPR to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our website uses SSL/TLS encryption (indicated by https:// in your browser). However, no data transmission over the internet can be guaranteed to be entirely secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the latest revision is shown at the top of this page. We encourage you to review this page periodically.

Privacy Policy

Terms and Conditions

Impressum

Cookies

Home

Work

Contact