Privecy Policy

TABLE OF CONTENTS

Last updated on: 08 December 2025

Welcome to Click Media Agency’s Privacy Policy. This Privacy Policy explains how we collect, process, store, and protect personal data when you visit our website, contact us, or use any of our services.

In this Privacy Policy, the terms “we”, “us”, and “our agency” refer to Click Media Agency (sole proprietorship owned by Ibrahim Jaber). The terms “you” or “data subject” refer to any natural person whose personal data is processed by us, including website visitors, interested parties, and customers.

We process personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR), and – where relevant – the corresponding German and EU data protection provisions. This Privacy Policy describes in detail:

  • which categories of data we process,

  • for which purposes and on which legal bases we process such data,

  • to whom data may be transferred,

  • how long we store data, and

  • which rights you have as a data subject.

This Privacy Policy applies to all data processing operations connected with the use of our website and our digital communication channels. It complements our General Terms and Conditions (“GTC”) and does not replace any contractual agreements.

By accessing our website or contacting us through the contact forms or other digital channels, you acknowledge that your personal data may be processed as described in this Privacy Policy, to the extent permitted by law or based on your explicit consent where required. In cases where consent is necessary (e.g. for analytics or marketing cookies), we will obtain it separately through our consent tools.

Please note: Any plain-language summaries are provided for convenience only and are not legally binding. Only the full wording of this Privacy Policy is legally authoritative. We recommend that you review this page regularly to stay informed about updates and changes to our data processing practices.

1. Controller and Scope of this Privacy Notice

  1. This Privacy Notice is intended to explain the nature, scope and purposes of the processing of personal data within the online platform of Click Media Agency (Einzelunternehmen Ibrahim Jaber), including all associated pages, content and digital features. The agency is the controller responsible for the processing of personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), as follows:
    1. Click Media Agency (Einzelunternehmen Ibrahim Jaber)
    2. Feuergasse 8, 77723 Gengenbach – Germany
    3. E-mail: info@ck-mediagency.com
    4. Website: https://ck-mediagency.com
  2. This Privacy Notice applies to all visitors to the website, individuals interested in the agency’s services, existing clients, and any person who interacts with the agency via online forms or other digital communication channels. It covers all data processing operations related to the operation and use of the website.

2. Collection and Storage of Personal Data, Nature of the Data and Purposes of Processing

  1. When visiting the agency’s website, the browser used on the visitor’s device automatically sends certain information to the server of the hosting provider. This information is temporarily stored in so-called server log files. The data collected in this context in particular includes the IP address of the device used, date and time of access, name and URL of the retrieved file, the referrer URL (the website from which the access originated), the browser type and version, the operating system used, and the name of the internet service provider.
  2. The processing of this data is technically necessary in order to ensure the proper and stable operation of the website, to enable the correct display of content, to guarantee system security and stability, and to carry out further administrative tasks. This processing is based on Article 6(1)(f) GDPR, which permits processing where the controller has a legitimate interest. This data is not combined with any other data sources.
  3. Personal data is also processed whenever a user interacts with the website, including when using contact forms, subscribing to newsletters, submitting booking requests, or entering any information into a form. The type of data processed depends on the fields the user completes and is used exclusively for the purpose of responding to enquiries, taking pre-contractual steps, performing contractual obligations, or complying with legal requirements. These activities are based on Article 6(1)(a), (b) and (c) GDPR.

3. Cookies and Consent Management (Complianz)

  1. The agency’s website uses cookies and similar technologies in order to ensure the basic functionality of the site, store certain settings, improve user-friendliness, and enable statistical analyses. Cookies are small text files stored on the user’s device that contain information relating to how the user interacts with the website. The processing of data derived from cookies depends on the type of cookie; some cookies are processed on the basis of Article 6(1)(f) GDPR where the agency has a legitimate interest, while others require the explicit consent of the user under Article 6(1)(a) GDPR.
  2. To manage users’ cookie consents, the agency uses the consent management tool “Complianz”. This tool is used to record and store users’ decisions regarding the acceptance or rejection of cookies. When accessing the website, a cookie banner is displayed, allowing users to consent to or restrict the use of cookies. The user’s preferences are stored so that they are automatically taken into account on subsequent visits.
  3. The processing of data within the scope of Complianz is based on Article 6(1)(c) GDPR for compliance with legal obligations, as well as Article 6(1)(f) GDPR to ensure lawful and efficient management of cookie settings.

4. Use of Tracking and Analytics Tools (Google Analytics)

  1. The agency uses the analytics service Google Analytics to evaluate user behaviour and improve the overall performance of the website. Google Analytics is a service provided by Google LLC in the United States or Google Ireland Limited as the entity responsible within the European Union. The service uses cookies that help analyse how visitors use the website. The information generated by the cookies, including shortened IP addresses, is generally transmitted to and stored on servers operated by Google.
  2. IP anonymisation is activated on this website, meaning that Google shortens the IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the United States.
  3. The processing of data within the context of Google Analytics is based on the user’s explicit consent in accordance with Article 6(1)(a) GDPR, which is obtained via the Complianz consent management system. Users may withdraw or modify their consent at any time. Google processes the data on behalf of the agency for the purpose of analysing website use, compiling statistical reports and providing other technical services related to website usage analysis.
  4. Data may be transferred to servers located in the United States on the basis of the Standard Contractual Clauses pursuant to Article 46 GDPR, which aim to ensure an adequate level of data protection even when processing occurs outside the European Union.

5. Integration of Third-Party Services

  1. To enhance the quality of the website and expand the range of functions available to users, the agency relies on various third-party services. Personal data processed in connection with these services is handled in compliance with applicable data protection laws and, where legally required, based on the user’s consent in accordance with Article 6(1)(a) GDPR.
  2. The website may include embedded videos from YouTube, a service of Google Ireland Limited. When a user visits a page containing a YouTube video, a connection to YouTube’s servers is established and technical data such as the IP address and the page from which the request originated is transmitted. No processing takes place unless and until the user has granted consent via the consent banner. The use of YouTube serves to present content in an attractive and efficient manner and is based on the agency’s legitimate interest under Article 6(1)(f) GDPR.
  3. The website uses Google Fonts to ensure a uniform and visually appealing display of text. Fonts may be loaded locally or from Google servers. Where fonts are loaded from Google servers, technical data such as the IP address may be transmitted. This processing is based on the agency’s legitimate interest in ensuring consistent technical performance of the website.
  4. The website uses a Content Delivery Network (CDN) provided by Cloudflare Inc. in order to improve performance and protect the website from cyberattacks. In this context, IP addresses and other technical data may be processed and transferred to data centres outside the European Union, including the United States. This processing is based on Article 6(1)(f) GDPR, as well as on Standard Contractual Clauses pursuant to Article 46 GDPR to ensure an adequate level of data protection.
  5. The website may contain plugins or components related to Instagram, a service of Meta Platforms Ireland. When visiting a page containing such components, a connection is established to Meta’s servers, and personal data such as IP address, device information and interaction data may be processed. This takes place on the basis of the user’s consent.
  6. The website also provides a button for direct communication via WhatsApp. When clicking on this button, a connection is established with the servers of WhatsApp Ireland, and technical data such as IP address may be transmitted. The use of this feature is entirely optional and is based on the user’s consent in accordance with Article 6(1)(a) GDPR. Messages sent via WhatsApp are additionally subject to WhatsApp’s own Privacy Policy.

6. Processing of Personal Data via Contact Forms

  1. The website uses electronic forms to collect user requests, bookings, enquiries and messages in an organised way. When using a contact or registration form, the personal data entered by the user into the respective fields is processed. This may include, without limitation, name, e-mail address, telephone number, company information, project details as well as any additional information voluntarily provided.
  2. This data is processed exclusively for the purpose of responding to enquiries, preparing contracts, or performing existing contractual obligations, in accordance with Article 6(1)(b) GDPR.
  3. In addition to being sent directly to the agency’s official e-mail address, all form entries are also stored in the website’s database in order to document communication and ensure data availability in case of technical failures or loss of e-mails. This processing is based on the agency’s legitimate interest pursuant to Article 6(1)(f) GDPR, as it improves the quality of request management and operational organisation.
  4. Data is not transferred to unauthorised third parties unless required by law or based on the user’s explicit consent. The retention period depends on the nature of the request and is limited to the period necessary to process the enquiry or meet contractual and legal requirements. Users may request access to or deletion of their stored data at any time, unless legal obligations require the retention of such data.

7. Data Retention and Deletion

  1. Personal data is stored only for as long as necessary to fulfil the purposes for which it was collected or for as long as there is a legal basis for ongoing processing. Once the purpose no longer applies or mandatory statutory retention periods expire, personal data is regularly deleted or anonymised such that it can no longer be attributed to an identified or identifiable person.
  2. For documents relating to contracts and business transactions, statutory retention periods of up to ten years may apply under German commercial and tax law. Data collected via contact forms for the purpose of handling enquiries or requests is deleted once the request has been fully processed, provided there are no legal or contractual requirements necessitating longer retention.
  3. Users may request the deletion of their personal data at any time, unless legal obligations conflict with such deletion. In such cases, the agency will promptly review whether deletion is legally permissible and will inform the user of the outcome and the measures taken.

8. Data Subject Rights

  1. Data subjects enjoy a wide range of rights under the GDPR regarding the processing of their personal data, irrespective of how they contact the agency or use the website. Users can exercise these rights at any time by contacting the agency directly.
  2. Foremost among these is the right of access pursuant to Article 15 GDPR, which allows individuals to obtain confirmation as to whether their personal data is being processed and, if so, to receive detailed information about the nature of the data, the purposes of processing, the categories of data, retention periods and any recipients to whom the data may be disclosed. Individuals also have the right to rectification of inaccurate data or completion of incomplete data in accordance with Article 16 GDPR.
  3. Under Article 17 GDPR, data subjects have the right to erasure of their personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn, or where processing is unlawful. This right does not apply where legal obligations require the retention of data or where overriding legitimate interests exist.
  4. Pursuant to Article 18 GDPR, data subjects may request restriction of processing in specific cases, such as when the accuracy of the data is contested, when processing is unlawful, or when the agency no longer needs the data but the data subject requires it for the establishment, exercise or defence of legal claims.
  5. Article 20 GDPR grants the right to data portability, allowing individuals to receive their personal data in a structured, commonly used and machine-readable format or to request that it be transmitted directly to another controller where technically feasible.
  6. Data subjects also have the right to withdraw consent at any time in accordance with Article 7(3) GDPR, without affecting the lawfulness of processing based on consent before its withdrawal.
  7. Furthermore, under Article 21 GDPR, users may object at any time, on grounds relating to their particular situation, to the processing of their personal data where such processing is based on legitimate interests or is carried out for direct marketing purposes. In the case of a justified objection, the agency will cease processing the data unless there are compelling legitimate grounds to continue.
  8. If an individual believes that the processing of their personal data infringes data protection law, they have the right to lodge a complaint with a supervisory authority. In the federal state of Baden-Württemberg, the competent authority is:
    1. Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

9. Data Transfers to Countries outside the European Union

  1. When using certain services such as Google Analytics, YouTube, Cloudflare or other technical infrastructures, personal data may be transferred to entities located in countries outside the European Economic Area (EEA), particularly the United States of America. From a data protection perspective, such countries are considered to have a level of protection that is not equivalent to that in the European Union.
  2. Data is transferred to these countries only where necessary for technical or contractual reasons, or where the user has given explicit consent pursuant to Article 6(1)(a) GDPR. In the case of services such as Google and Cloudflare, transfers are based on the Standard Contractual Clauses in accordance with Article 46 GDPR, which aim to ensure a level of protection comparable to that within the European Union.
  3. Nevertheless, it cannot be fully excluded that U.S. authorities may gain access to the transmitted data under local law, without providing sufficient legal remedies or effective means for individuals to challenge such access or fully protect their data.
  4. The agency carefully selects external service providers and strives to minimise the volume of data transferred to the bare minimum necessary. The agency also conducts ongoing reviews of transfer mechanisms and implements technical and organisational measures designed to ensure the highest possible level of data protection.

10. Security of Processing (Technical and Organisational Measures)

  1. The agency implements a wide range of technical and organisational measures to safeguard personal data and prevent its loss, misuse, unauthorised access, or unlawful disclosure. These measures include the use of state-of-the-art encryption technologies, secure server infrastructures, regular software updates, access restrictions based on the “need-to-know” principle, as well as continuous monitoring of system integrity and security.
  2. Data transmission via the website is carried out using encrypted TLS/SSL protocols, thereby ensuring a secure communication channel between the user’s browser and the agency’s server and reducing the risk of data being intercepted during transfer.
  3. Access to personal data is granted only to employees or service providers who require such access to perform their duties and who are contractually or legally bound to confidentiality. The agency regularly reviews and updates its security measures in line with technological developments and applicable legal requirements.
  4. Despite all precautions, absolute security of data cannot be guaranteed, particularly with respect to data transmission over the internet, which may be subject to technical risks beyond the agency’s complete control.

11. Controller and Contact Point for Data Protection Requests

  1. Click Media Agency (Einzelunternehmen Ibrahim Jaber) is the controller responsible for the processing of personal data in accordance with the GDPR.
  2. Data subjects may direct any requests or enquiries regarding the processing of their personal data to the contact details provided above. This includes requests for access, rectification, deletion, withdrawal of consent, or objections to certain processing activities. The agency will carefully review all requests and respond within the timeframes required by law.
  3. The agency has not appointed an official Data Protection Officer, as there is currently no legal obligation to do so. Nevertheless, the agency is committed to handling all data protection matters diligently and in full compliance with applicable regulations.

12. Amendments to this Privacy Policy

  1. The agency reserves the right to amend this Privacy Policy at any time in order to reflect changes in legal requirements, technological developments, or the expansion of services offered. The version published on the website at the time of the user’s visit shall be deemed the applicable and binding version. The agency will clearly indicate any material changes that affect users’ rights or introduce new processing activities.
  2. Users are advised to review this Privacy Policy periodically to stay informed about the latest updates regarding data processing and their legal rights. Continued use of the website is deemed to constitute implied acceptance of the Privacy Policy in force at the time of use.

TABLE OF CONTENTS

Last updated on: 08 December 2025

Welcome to Click Media Agency’s Privacy Policy. This Privacy Policy explains how we collect, process, store, and protect personal data when you visit our website, contact us, or use any of our services.

In this Privacy Policy, the terms “we”, “us”, and “our agency” refer to Click Media Agency (sole proprietorship owned by Ibrahim Jaber). The terms “you” or “data subject” refer to any natural person whose personal data is processed by us, including website visitors, interested parties, and customers.

We process personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR), and – where relevant – the corresponding German and EU data protection provisions. This Privacy Policy describes in detail:

  • which categories of data we process,

  • for which purposes and on which legal bases we process such data,

  • to whom data may be transferred,

  • how long we store data, and

  • which rights you have as a data subject.

This Privacy Policy applies to all data processing operations connected with the use of our website and our digital communication channels. It complements our General Terms and Conditions (“GTC”) and does not replace any contractual agreements.

By accessing our website or contacting us through the contact forms or other digital channels, you acknowledge that your personal data may be processed as described in this Privacy Policy, to the extent permitted by law or based on your explicit consent where required. In cases where consent is necessary (e.g. for analytics or marketing cookies), we will obtain it separately through our consent tools.

Please note: Any plain-language summaries are provided for convenience only and are not legally binding. Only the full wording of this Privacy Policy is legally authoritative. We recommend that you review this page regularly to stay informed about updates and changes to our data processing practices.

1. Controller and Scope of this Privacy Notice

  1. This Privacy Notice is intended to explain the nature, scope and purposes of the processing of personal data within the online platform of Click Media Agency (Einzelunternehmen Ibrahim Jaber), including all associated pages, content and digital features. The agency is the controller responsible for the processing of personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), as follows:
    1. Click Media Agency (Einzelunternehmen Ibrahim Jaber)
    2. Feuergasse 8, 77723 Gengenbach – Germany
    3. E-mail: info@ck-mediagency.com
    4. Website: https://ck-mediagency.com
  2. This Privacy Notice applies to all visitors to the website, individuals interested in the agency’s services, existing clients, and any person who interacts with the agency via online forms or other digital communication channels. It covers all data processing operations related to the operation and use of the website.

2. Collection and Storage of Personal Data, Nature of the Data and Purposes of Processing

  1. When visiting the agency’s website, the browser used on the visitor’s device automatically sends certain information to the server of the hosting provider. This information is temporarily stored in so-called server log files. The data collected in this context in particular includes the IP address of the device used, date and time of access, name and URL of the retrieved file, the referrer URL (the website from which the access originated), the browser type and version, the operating system used, and the name of the internet service provider.
  2. The processing of this data is technically necessary in order to ensure the proper and stable operation of the website, to enable the correct display of content, to guarantee system security and stability, and to carry out further administrative tasks. This processing is based on Article 6(1)(f) GDPR, which permits processing where the controller has a legitimate interest. This data is not combined with any other data sources.
  3. Personal data is also processed whenever a user interacts with the website, including when using contact forms, subscribing to newsletters, submitting booking requests, or entering any information into a form. The type of data processed depends on the fields the user completes and is used exclusively for the purpose of responding to enquiries, taking pre-contractual steps, performing contractual obligations, or complying with legal requirements. These activities are based on Article 6(1)(a), (b) and (c) GDPR.

3. Cookies and Consent Management (Complianz)

  1. The agency’s website uses cookies and similar technologies in order to ensure the basic functionality of the site, store certain settings, improve user-friendliness, and enable statistical analyses. Cookies are small text files stored on the user’s device that contain information relating to how the user interacts with the website. The processing of data derived from cookies depends on the type of cookie; some cookies are processed on the basis of Article 6(1)(f) GDPR where the agency has a legitimate interest, while others require the explicit consent of the user under Article 6(1)(a) GDPR.
  2. To manage users’ cookie consents, the agency uses the consent management tool “Complianz”. This tool is used to record and store users’ decisions regarding the acceptance or rejection of cookies. When accessing the website, a cookie banner is displayed, allowing users to consent to or restrict the use of cookies. The user’s preferences are stored so that they are automatically taken into account on subsequent visits.
  3. The processing of data within the scope of Complianz is based on Article 6(1)(c) GDPR for compliance with legal obligations, as well as Article 6(1)(f) GDPR to ensure lawful and efficient management of cookie settings.

4. Use of Tracking and Analytics Tools (Google Analytics)

  1. The agency uses the analytics service Google Analytics to evaluate user behaviour and improve the overall performance of the website. Google Analytics is a service provided by Google LLC in the United States or Google Ireland Limited as the entity responsible within the European Union. The service uses cookies that help analyse how visitors use the website. The information generated by the cookies, including shortened IP addresses, is generally transmitted to and stored on servers operated by Google.
  2. IP anonymisation is activated on this website, meaning that Google shortens the IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the United States.
  3. The processing of data within the context of Google Analytics is based on the user’s explicit consent in accordance with Article 6(1)(a) GDPR, which is obtained via the Complianz consent management system. Users may withdraw or modify their consent at any time. Google processes the data on behalf of the agency for the purpose of analysing website use, compiling statistical reports and providing other technical services related to website usage analysis.
  4. Data may be transferred to servers located in the United States on the basis of the Standard Contractual Clauses pursuant to Article 46 GDPR, which aim to ensure an adequate level of data protection even when processing occurs outside the European Union.

5. Integration of Third-Party Services

  1. To enhance the quality of the website and expand the range of functions available to users, the agency relies on various third-party services. Personal data processed in connection with these services is handled in compliance with applicable data protection laws and, where legally required, based on the user’s consent in accordance with Article 6(1)(a) GDPR.
  2. The website may include embedded videos from YouTube, a service of Google Ireland Limited. When a user visits a page containing a YouTube video, a connection to YouTube’s servers is established and technical data such as the IP address and the page from which the request originated is transmitted. No processing takes place unless and until the user has granted consent via the consent banner. The use of YouTube serves to present content in an attractive and efficient manner and is based on the agency’s legitimate interest under Article 6(1)(f) GDPR.
  3. The website uses Google Fonts to ensure a uniform and visually appealing display of text. Fonts may be loaded locally or from Google servers. Where fonts are loaded from Google servers, technical data such as the IP address may be transmitted. This processing is based on the agency’s legitimate interest in ensuring consistent technical performance of the website.
  4. The website uses a Content Delivery Network (CDN) provided by Cloudflare Inc. in order to improve performance and protect the website from cyberattacks. In this context, IP addresses and other technical data may be processed and transferred to data centres outside the European Union, including the United States. This processing is based on Article 6(1)(f) GDPR, as well as on Standard Contractual Clauses pursuant to Article 46 GDPR to ensure an adequate level of data protection.
  5. The website may contain plugins or components related to Instagram, a service of Meta Platforms Ireland. When visiting a page containing such components, a connection is established to Meta’s servers, and personal data such as IP address, device information and interaction data may be processed. This takes place on the basis of the user’s consent.
  6. The website also provides a button for direct communication via WhatsApp. When clicking on this button, a connection is established with the servers of WhatsApp Ireland, and technical data such as IP address may be transmitted. The use of this feature is entirely optional and is based on the user’s consent in accordance with Article 6(1)(a) GDPR. Messages sent via WhatsApp are additionally subject to WhatsApp’s own Privacy Policy.

6. Processing of Personal Data via Contact Forms

  1. The website uses electronic forms to collect user requests, bookings, enquiries and messages in an organised way. When using a contact or registration form, the personal data entered by the user into the respective fields is processed. This may include, without limitation, name, e-mail address, telephone number, company information, project details as well as any additional information voluntarily provided.
  2. This data is processed exclusively for the purpose of responding to enquiries, preparing contracts, or performing existing contractual obligations, in accordance with Article 6(1)(b) GDPR.
  3. In addition to being sent directly to the agency’s official e-mail address, all form entries are also stored in the website’s database in order to document communication and ensure data availability in case of technical failures or loss of e-mails. This processing is based on the agency’s legitimate interest pursuant to Article 6(1)(f) GDPR, as it improves the quality of request management and operational organisation.
  4. Data is not transferred to unauthorised third parties unless required by law or based on the user’s explicit consent. The retention period depends on the nature of the request and is limited to the period necessary to process the enquiry or meet contractual and legal requirements. Users may request access to or deletion of their stored data at any time, unless legal obligations require the retention of such data.

7. Data Retention and Deletion

  1. Personal data is stored only for as long as necessary to fulfil the purposes for which it was collected or for as long as there is a legal basis for ongoing processing. Once the purpose no longer applies or mandatory statutory retention periods expire, personal data is regularly deleted or anonymised such that it can no longer be attributed to an identified or identifiable person.
  2. For documents relating to contracts and business transactions, statutory retention periods of up to ten years may apply under German commercial and tax law. Data collected via contact forms for the purpose of handling enquiries or requests is deleted once the request has been fully processed, provided there are no legal or contractual requirements necessitating longer retention.
  3. Users may request the deletion of their personal data at any time, unless legal obligations conflict with such deletion. In such cases, the agency will promptly review whether deletion is legally permissible and will inform the user of the outcome and the measures taken.

8. Data Subject Rights

  1. Data subjects enjoy a wide range of rights under the GDPR regarding the processing of their personal data, irrespective of how they contact the agency or use the website. Users can exercise these rights at any time by contacting the agency directly.
  2. Foremost among these is the right of access pursuant to Article 15 GDPR, which allows individuals to obtain confirmation as to whether their personal data is being processed and, if so, to receive detailed information about the nature of the data, the purposes of processing, the categories of data, retention periods and any recipients to whom the data may be disclosed. Individuals also have the right to rectification of inaccurate data or completion of incomplete data in accordance with Article 16 GDPR.
  3. Under Article 17 GDPR, data subjects have the right to erasure of their personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn, or where processing is unlawful. This right does not apply where legal obligations require the retention of data or where overriding legitimate interests exist.
  4. Pursuant to Article 18 GDPR, data subjects may request restriction of processing in specific cases, such as when the accuracy of the data is contested, when processing is unlawful, or when the agency no longer needs the data but the data subject requires it for the establishment, exercise or defence of legal claims.
  5. Article 20 GDPR grants the right to data portability, allowing individuals to receive their personal data in a structured, commonly used and machine-readable format or to request that it be transmitted directly to another controller where technically feasible.
  6. Data subjects also have the right to withdraw consent at any time in accordance with Article 7(3) GDPR, without affecting the lawfulness of processing based on consent before its withdrawal.
  7. Furthermore, under Article 21 GDPR, users may object at any time, on grounds relating to their particular situation, to the processing of their personal data where such processing is based on legitimate interests or is carried out for direct marketing purposes. In the case of a justified objection, the agency will cease processing the data unless there are compelling legitimate grounds to continue.
  8. If an individual believes that the processing of their personal data infringes data protection law, they have the right to lodge a complaint with a supervisory authority. In the federal state of Baden-Württemberg, the competent authority is:
    1. Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

9. Data Transfers to Countries outside the European Union

  1. When using certain services such as Google Analytics, YouTube, Cloudflare or other technical infrastructures, personal data may be transferred to entities located in countries outside the European Economic Area (EEA), particularly the United States of America. From a data protection perspective, such countries are considered to have a level of protection that is not equivalent to that in the European Union.
  2. Data is transferred to these countries only where necessary for technical or contractual reasons, or where the user has given explicit consent pursuant to Article 6(1)(a) GDPR. In the case of services such as Google and Cloudflare, transfers are based on the Standard Contractual Clauses in accordance with Article 46 GDPR, which aim to ensure a level of protection comparable to that within the European Union.
  3. Nevertheless, it cannot be fully excluded that U.S. authorities may gain access to the transmitted data under local law, without providing sufficient legal remedies or effective means for individuals to challenge such access or fully protect their data.
  4. The agency carefully selects external service providers and strives to minimise the volume of data transferred to the bare minimum necessary. The agency also conducts ongoing reviews of transfer mechanisms and implements technical and organisational measures designed to ensure the highest possible level of data protection.

10. Security of Processing (Technical and Organisational Measures)

  1. The agency implements a wide range of technical and organisational measures to safeguard personal data and prevent its loss, misuse, unauthorised access, or unlawful disclosure. These measures include the use of state-of-the-art encryption technologies, secure server infrastructures, regular software updates, access restrictions based on the “need-to-know” principle, as well as continuous monitoring of system integrity and security.
  2. Data transmission via the website is carried out using encrypted TLS/SSL protocols, thereby ensuring a secure communication channel between the user’s browser and the agency’s server and reducing the risk of data being intercepted during transfer.
  3. Access to personal data is granted only to employees or service providers who require such access to perform their duties and who are contractually or legally bound to confidentiality. The agency regularly reviews and updates its security measures in line with technological developments and applicable legal requirements.
  4. Despite all precautions, absolute security of data cannot be guaranteed, particularly with respect to data transmission over the internet, which may be subject to technical risks beyond the agency’s complete control.

11. Controller and Contact Point for Data Protection Requests

  1. Click Media Agency (Einzelunternehmen Ibrahim Jaber) is the controller responsible for the processing of personal data in accordance with the GDPR.
  2. Data subjects may direct any requests or enquiries regarding the processing of their personal data to the contact details provided above. This includes requests for access, rectification, deletion, withdrawal of consent, or objections to certain processing activities. The agency will carefully review all requests and respond within the timeframes required by law.
  3. The agency has not appointed an official Data Protection Officer, as there is currently no legal obligation to do so. Nevertheless, the agency is committed to handling all data protection matters diligently and in full compliance with applicable regulations.

12. Amendments to this Privacy Policy

  1. The agency reserves the right to amend this Privacy Policy at any time in order to reflect changes in legal requirements, technological developments, or the expansion of services offered. The version published on the website at the time of the user’s visit shall be deemed the applicable and binding version. The agency will clearly indicate any material changes that affect users’ rights or introduce new processing activities.
  2. Users are advised to review this Privacy Policy periodically to stay informed about the latest updates regarding data processing and their legal rights. Continued use of the website is deemed to constitute implied acceptance of the Privacy Policy in force at the time of use.
© 2026 Click Media Agency. All rights reserved.

+90 554 009 09 77
info@ck-mediagency.com

Instagram Facebook-f Tiktok Whatsapp

Review My Order

0

Subtotal

Checkout