Skip links
Contact Us
Charmworks | Booking Agency

Privacy Policy

Data protection policy in accordance with the EU General Data Protection Regulation (GDPR)

1. Data Controller Information

The data controller responsible for the processing of personal data in connection with this website, in accordance with Article 4(7) of the General Data Protection Regulation (GDPR), is:

Charmworks
Türkali Mah., Abbasağa Kuyu Sok. No: 13, 34357,
İstanbul, Beşiktaş, Türkiye
Email: charm@charmworks.net
Website: https://charmworks.net

For all questions or concerns regarding the processing of your personal data, or if you wish to exercise your rights as described in this privacy policy, you may contact us at the above address or by email.

Additionally, for the purpose of hosting and storing website data, we use the services of:

Hostido.pl Gałązka Spółka jawna
80-103 Gdańsk., ul. Kartuska 5,
Website: https://hostido.pl

Charmworks is responsible for all data processing activities on this website unless stated otherwise in this policy.

2. Scope and Purpose of Data Processing

This privacy policy applies to all personal data collected and processed by Charmworks through the use of this website, including but not limited to data obtained via forms, cookies, and third-party integrations. The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and relevant local laws, for the following purposes:

  • Provision and optimization of website functionality: To ensure the proper technical operation and security of the website, as well as to enhance the user experience.
  • Analysis of website traffic and user behavior: To measure and analyze traffic and usage patterns on our website using analytical tools such as Google Analytics, Google Tag Manager, and RankMath Analytics.
  • Embedding and operation of external media: To provide interactive content and functionalities, including embedded Spotify players and YouTube videos, which may set cookies and process user data.
  • Communication and responding to inquiries: If you contact us via email or contact forms, we process your data to respond to your queries and provide support.
  • Compliance with legal obligations: To fulfill our legal obligations regarding data protection, security, and record-keeping.

We process only such data that is necessary for the above purposes and always in accordance with the principles of lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity, and confidentiality as defined by the GDPR.

3. Types of Data Processed

In connection with the use of our website, we may process the following categories of personal data, depending on your interactions with the site:

  • Usage Data: Information about your visit to our website, such as the pages viewed, time and duration of visit, navigation paths, referring website, and interactions with website elements.
  • Technical Data: Information automatically collected by your browser or device, including IP address, browser type and version, operating system, device type, screen resolution, language preferences, and information about cookies and similar technologies stored on your device.
  • Cookie and Tracking Data: Data collected through the use of cookies and similar tracking technologies, including information related to your preferences, session identifiers, and analytics data (see separate section on cookies and tracking technologies).
  • Communication Data: If you contact us via email or through contact forms on the website, we process the personal data you provide (such as your name, email address, and the content of your message).
  • Data from Embedded Services: When interacting with embedded third-party content such as Spotify iframes or YouTube videos, additional data may be collected and processed by those third-party providers (e.g., unique identifiers, session and usage data), as specified in their own privacy policies.

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, etc.) through our website. Please refrain from submitting such sensitive information when using our services.

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to ensure its proper functioning, enhance user experience, and analyze website traffic. Cookies are small text files stored on your device that allow us or third-party providers to recognize your browser during subsequent visits. We distinguish between the following types of cookies used on our website:

  • Essential Cookies: These cookies are necessary for the website to function correctly and cannot be disabled in our systems. They enable basic features such as page navigation and access to secure areas. Essential cookies are also required for the proper operation of embedded content, such as Spotify iframes (e.g., sp_landing) and YouTube videos (e.g., VISITOR_INFO1_LIVE, YSC). Disabling these cookies may result in limited website functionality.
  • Analytical Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use tools such as Google Analytics, Google Tag Manager, and RankMath Analytics, which may set their own cookies to track user behavior, gather statistics, and generate aggregated reports. The data collected may include information about your visit, IP address (anonymized where possible), browser type, device information, and pages visited.
  • Third-Party Cookies: When you access external media embedded on our website, such as Spotify players or YouTube videos, third-party providers may set additional cookies and process data according to their own privacy policies. We recommend reviewing the privacy policies of these providers for more information on their data processing practices.

Upon your first visit to our website, you are presented with a cookie banner that allows you to accept or manage your cookie preferences in accordance with applicable data protection laws. You may withdraw your consent or adjust your cookie settings at any time by using the options provided in your browser or through our website’s cookie management tool.

5. Legal Basis for Processing

The processing of your personal data on this website is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable data protection laws. We process your data on the following legal bases, as appropriate:

  • Performance of a contract or steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR): For example, when you contact us to request information or support, we process your data to fulfill your request.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): We may process your data as required by applicable laws, including obligations related to data security, record-keeping, and cooperation with public authorities.
  • Legitimate interests (Art. 6(1)(f) GDPR): We have a legitimate interest in ensuring the security and proper functioning of our website, analyzing its usage, and optimizing our services. Where possible, we rely on legitimate interests to process technical and analytical data, provided that such processing does not override your fundamental rights and freedoms.
  • Consent (Art. 6(1)(a) GDPR): In cases where we use cookies and tracking technologies for analytical or marketing purposes, or when processing is not strictly necessary for the website’s operation, we obtain your explicit consent before such data processing takes place. You may withdraw your consent at any time with future effect.

Where processing is based on your consent, failure to provide such consent may limit the functionality of the website or certain services. We always strive to ensure that your rights and interests are respected, and we provide clear options to manage your data preferences.

6. Use of Third-Party Services

In order to enhance the functionality of our website and gain insights into user behavior, we integrate several third-party services that may process your personal data, primarily through the use of cookies and similar technologies. The main third-party services we use are as follows:

a) Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics helps us analyze website traffic and user behavior by collecting and reporting information such as page views, time spent on pages, and interactions with website elements. Data collected by Google Analytics may include your IP address (which is anonymized in accordance with GDPR requirements), browser type, operating system, and usage data. Google may process this data on servers located within the European Economic Area (EEA) or, in some cases, in the United States. For more information, please see Google’s Privacy Policy.

b) Google Tag Manager
We use Google Tag Manager to manage website tags and scripts in an efficient and secure manner. This tool does not itself process personal data but may trigger other tags that collect data. Any data collected via those tags is governed by the respective third-party privacy policies.

c) RankMath Analytics
RankMath Analytics is an SEO and analytics tool that helps us understand website performance, user engagement, and traffic sources. This tool may collect anonymized data about how visitors interact with our site, such as referral sources and search engine queries, in compliance with GDPR.

d) Spotify Embedded Player
Our website offers the ability to listen to music or audio content via the Spotify embedded player. This feature is provided by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. When you interact with the Spotify player, Spotify may place cookies on your device (such as sp_landing) and process data about your device, usage patterns, and potentially your Spotify account information, if logged in. Data processing by Spotify is subject to Spotify’s own privacy policy.

e) YouTube Embedded Videos
We embed YouTube videos on our website to offer multimedia content. YouTube is a service of Google Ireland Limited. When you view or interact with an embedded YouTube video, YouTube may place cookies on your device (including VISITOR_INFO1_LIVE, YSC, and others) and collect information about your interaction, device, and preferences. Processing of this data is subject to YouTube’s and Google’s privacy policies.

We recommend reviewing the privacy policies of these third-party services to understand how your data is processed. Integration with these services is designed to comply with GDPR requirements, including, where applicable, anonymization or pseudonymization of data and user consent management.

7. Data Recipients

Your personal data may be shared with selected third parties only when necessary for the purposes described in this privacy policy and always in accordance with the GDPR. The main categories of data recipients include:

  • Service providers and processors: We engage carefully selected external service providers (processors) to assist in the operation and security of our website. This includes hosting providers such as Hostido Sp. z o.o. (ul. Górna 2, 62-052 Komorniki, Poland), technical support, IT infrastructure, and analytics providers (e.g., Google Analytics, RankMath Analytics). All such processors are contractually obliged to process personal data only on our instructions and in compliance with applicable data protection laws, including the conclusion of Data Processing Agreements (DPAs) where required by law.
  • Third-party content providers: When you interact with embedded content such as Spotify or YouTube, your data may be transmitted directly to those third-party providers. The processing of your data by such providers is governed by their respective privacy policies, and we encourage you to consult those policies for further information.
  • Public authorities: We may disclose your data to public authorities, law enforcement agencies, or courts if required to do so by law or in response to valid legal requests.
  • Other recipients: In exceptional cases, such as a merger, acquisition, or sale of assets, your personal data may be transferred to new owners or operators of the website, subject to continued protection under this privacy policy and applicable data protection laws.

We do not sell or rent your personal data to any third parties for marketing purposes. Except as described above, your data will not be disclosed to third parties without your explicit consent unless required by law.

8. Data Storage and Hosting

All personal data collected through our website is stored on secure servers located in Poland, operated by our hosting provider:

Hostido.pl Gałązka Spółka jawna
ul. Kartuska 5, 80-103 Gdańsk, Poland
Website: https://hostido.pl

In addition, for the purpose of providing proper communication and support, your personal data—specifically, data included in email correspondence and contact forms—may also be stored and processed by our email service provider in Turkey:

TIERRA
https://www.tierra.net/TOS_current/privacy?

This processing is essential for the performance of our services, as it allows us to manage and respond to your inquiries efficiently. Please note that if you do not consent to the transfer and storage of your data by our email provider in Turkey, we may be unable to provide certain services, including handling your requests or maintaining further correspondence.

We are fully committed to ensuring the maximum possible security for all personal data entrusted to us, including your name and surname, company name, email address, phone and fax numbers, as well as any other information—whether public or confidential—that you provide to us. We employ technical and organizational measures such as encrypted data transmission (SSL/TLS), firewalls, access controls, regular security audits, and strict internal procedures to protect your data against unauthorized access, loss, destruction, or alteration.

Only authorized personnel, who have received appropriate training and are bound by confidentiality obligations, are permitted to access your personal data. Any information entrusted to us—whether explicit or confidential—remains inaccessible to unauthorized persons and is treated with the highest degree of care and responsibility.

All data is processed and stored primarily within the European Economic Area (EEA), specifically within the territory of Poland, unless otherwise specified (as in the case of our email provider in Turkey or third-party services such as Google or Spotify, which may involve transfers outside the EEA—see “International Data Transfers”). We do not transfer or store your personal data outside the EEA unless appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, are in place or unless such transfer is necessary for the performance of a contract.

Access to your personal data is strictly limited to authorized personnel who require access for the purposes described in this policy and who are bound by confidentiality obligations.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, to comply with applicable legal and regulatory obligations, or as required by contractual agreements. The specific retention periods depend on the type of data and the purpose of processing, and are determined in accordance with the following criteria:

  • Usage and analytical data collected via cookies and third-party tools (such as Google Analytics, RankMath Analytics) are typically stored for up to 26 months, unless you withdraw your consent earlier. Data retention periods for third-party cookies are determined by the respective providers, and you can find more details in their privacy policies.
  • Data provided via contact forms or email correspondence (including your name, company name, email address, phone number, fax number, and the content of your inquiry) are retained for as long as is necessary to process and respond to your request, and for a maximum period of 3 years after the conclusion of your inquiry, unless further retention is required to comply with legal obligations (e.g., for accounting, tax, or dispute resolution purposes).
  • Data related to contractual obligations (if you become our client or business partner) may be retained for the duration of the contract and for up to 6 years after its termination, to comply with legal, accounting, or regulatory requirements.

Once the retention period has expired or the data is no longer needed for the specified purpose, your personal data will be securely deleted, anonymized, or—if applicable—archived in accordance with legal requirements. We regularly review the data we hold and erase or anonymize it when it is no longer necessary for processing.

You have the right to request the deletion of your personal data at any time, subject to certain exceptions provided by law. For more information on your rights, see the section “Data Subject Rights” below.

10. Data Subject Rights

Under the GDPR, you have a range of rights regarding the processing of your personal data. These include:

  • Right of access – You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to your personal data and information about how it is being processed.
  • Right to rectification – You have the right to request the correction of inaccurate or incomplete personal data concerning you.
  • Right to erasure (“right to be forgotten”) – You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent, among other grounds.
  • Right to restriction of processing – In certain circumstances, you have the right to request the restriction of processing of your personal data.
  • Right to data portability – You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit those data to another controller.
  • Right to object – You have the right to object, on grounds relating to your particular situation, to the processing of your personal data, including for direct marketing purposes.
  • Right to withdraw consent – Where data processing is based on your consent, you may withdraw it at any time with future effect.

Informal Withdrawal of Cookie Consent

You can also informally withdraw your consent to cookies and tracking technologies at any time by clearing cookies in your web browser. This action will immediately stop us from collecting your data through these technologies on our website.

Important clarifications:

  • Deleting cookies in your browser does not constitute a formal withdrawal of consent that you may have given on various websites — but in practice, for the website, it is as if you are visiting for the first time.
  • Consent for cookies and other tracking technologies is usually stored in the form of cookies (or in the browser’s localStorage). When you delete these files, the website will not know that you previously gave (or declined) consent, and will ask you for your preferences again.
  • Deleting cookies does not mean that the website “remembers” you have withdrawn your consent – it simply “remembers nothing” and will ask for your choices again.

In summary:
Clearing cookies causes your browser and websites to “forget” your previous choices and consents. As a result, you will see the cookie consent banner again on your next visit. However, from a data protection perspective, this is not a formal withdrawal of consent for processing — if you require formal withdrawal, please do so through your account settings on the website or by contacting us directly.

To exercise any of your rights or to formally withdraw your consent, please contact us at charm@charmworks.net.

11. Data Security

We are fully committed to ensuring the security and confidentiality of your personal data. We implement a wide range of technical and organizational measures designed to protect your information from unauthorized access, loss, misuse, alteration, or disclosure. These measures are regularly reviewed and updated in accordance with the latest standards and best practices in data protection.

Our security measures include, but are not limited to:

  • Encrypted data transmission: All data exchanged between your device and our website is protected using SSL/TLS encryption.
  • Secure server infrastructure: Our hosting provider uses modern and secure server facilities located in the European Economic Area, with robust access controls, firewalls, and intrusion prevention systems.
  • Access controls: Access to your personal data is strictly limited to authorized personnel who require it to perform their duties, and all such personnel are bound by strict confidentiality obligations.
  • Regular audits and monitoring: We conduct regular reviews of our systems and procedures to identify and address potential security vulnerabilities.
  • Data minimization and pseudonymization: Wherever possible, we limit the collection and processing of personal data to what is strictly necessary and employ pseudonymization or anonymization techniques to enhance privacy.
  • Employee training: Our employees receive regular training on data protection, information security, and privacy obligations.

Despite our best efforts, no system can guarantee absolute security. However, we strive to maintain the highest possible level of protection for your personal data, continuously monitoring for threats and promptly responding to any incidents. In the unlikely event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, as required by law.

If you have any questions or concerns about the security of your data, please contact us at charm@charmworks.net.

12. International Data Transfers

As a rule, we strive to ensure that your personal data is processed and stored within the European Economic Area (EEA), specifically in Poland, where our primary hosting provider is located. However, in certain cases, it may be necessary to transfer your personal data outside the EEA in order to deliver our services effectively.

In particular, your data may be transferred and stored in Turkey by our email service provider, TIERRA, for the purpose of managing and responding to your inquiries and ensuring uninterrupted communication. Such a transfer is essential for the proper provision of our services. Please note that if you do not consent to the transfer and storage of your data by our email provider in Turkey, we may be unable to provide certain services, including handling your requests or maintaining further correspondence.

Transfers of personal data outside the EEA are conducted in accordance with applicable data protection laws. We ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the European Commission, or other mechanisms that ensure an adequate level of protection in accordance with Article 46 of the GDPR.

Additionally, some of our third-party service providers, such as Google (for Analytics and YouTube embedded content) and Spotify, may also transfer data to servers located outside the EEA, including the United States or other jurisdictions. These providers are responsible for ensuring that adequate safeguards are in place and for compliance with applicable data protection laws. For more information about their data transfer mechanisms and security measures, please consult their respective privacy policies.

We take all reasonable steps to ensure that your data is handled securely and in accordance with this privacy policy, regardless of where it is processed.

13. Changes to the Policy

We reserve the right to update or modify this privacy policy at any time in order to reflect changes in our practices, legal requirements, or in response to new technological developments or the introduction of new services. Any updates or amendments will be published on this page, together with the date of the last update, and will become effective upon publication unless otherwise stated.

We encourage you to regularly review this privacy policy to stay informed about how we are protecting your personal data and any changes that may affect your rights or the way your data is processed. Significant changes to this policy, or changes that materially affect your privacy rights, will be communicated to you directly where possible (for example, via email or a notice on our website).

Continued use of our website following the posting of changes to this privacy policy constitutes your acceptance of those changes.

14. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or the processing of your personal data, or if you wish to exercise any of your rights as a data subject under the GDPR, please contact us using the following details:

Charmworks
Türkali Mah., Abbasağa Kuyu Sok. No: 13, 34357
İstanbul, Beşiktaş, Türkiye
Email: charm@charmworks.net
Website: https://charmworks.net

We take all privacy-related matters seriously and will respond to your inquiry as soon as possible, and in any case within the timeframes required by applicable data protection laws. If you believe that your data protection rights have been violated, you also have the right to lodge a complaint with your local data protection authority or the competent supervisory authority in the European Union.

This website uses cookies to improve your web experience.