Imprint

Disclaimer

Liability for Content

We are responsible for our own content on these pages according to § 7 Para. 1 TMG. However, according to §§ 8–10 TMG, we are not obligated to monitor transmitted or stored third-party information. Liability in this regard only exists from the time of knowledge of a specific legal violation. Upon becoming aware of corresponding legal violations, we will remove this content immediately.

Liability for Links

Our website contains links to external third-party websites over whose content we have no influence. We cannot assume any liability for third-party content. Upon becoming aware of legal violations, we will remove such links immediately.

Copyright

The content created by us is subject to German copyright law. Third-party contributions are marked as such. Reproduction, editing or distribution outside the limits of copyright requires the written consent of the respective author.

Privacy Policy

We take the protection of your personal data seriously. Below we inform you in accordance with Art. 13 GDPR which data we collect, for what purpose, on what legal basis, how long we store it, and to which recipients it may be passed on.

The use of contact data published within the framework of the imprint obligation by third parties for sending unsolicited advertising and information materials is hereby expressly prohibited. In the event of unsolicited sending of advertising information, such as spam emails, we reserve the right to take legal action.

1. Data Controller

The party responsible for data processing on this website is:
Sadaghian® e.K., Owner Arash Sadaghian
Leverkusenstr. 3, 22761 Hamburg, Germany
E-mail: [email protected] · Phone: +49 40-228643240

For information requests, rectification, deletion and any other concerns regarding your personal data, please contact us informally at [email protected].

2. Data Collected and Processing Purposes

Depending on the nature of your contact with us, we process the following categories of data:

Repair order & DHL label request: first and last name, address, e-mail, phone, device serial number, fault description. Legal basis: Art. 6(1)(b) GDPR (initiation and performance of contract).
Shipping: full delivery or pickup address for the creation of the shipping label by DHL. Legal basis: Art. 6(1)(b) GDPR.
Invoice & bookkeeping: billing address, invoice line items, payment data. Legal basis: Art. 6(1)(b) and (c) GDPR (statutory retention obligation).
Payment processing: depending on the chosen payment method — see section 7.
Customer portal login: e-mail address and/or mobile phone number for sending a one-time code (OTP), session data. We store neither passwords nor password hashes. The one-time code is valid only briefly and is discarded after use. Legal basis: Art. 6(1)(b) GDPR.
E-mail correspondence: content of your message, sender, date. Legal basis: Art. 6(1)(b) and (f) GDPR (efficient customer communication).
Server log files: IP address, timestamp, requested URL, browser, operating system. Legal basis: Art. 6(1)(f) GDPR (IT security, availability, error analysis) — see section 16.

3. Storage Period

We store personal data only as long as necessary for the respective processing purpose:

Repair and order data: for the duration of the business relationship.
Invoice and bookkeeping-relevant data: 10 years pursuant to § 257 HGB, § 147 AO.
Server log files: a few days, then automatic deletion.
E-mail correspondence: until the end of the business relationship plus statutory commercial and tax retention periods.
OTP one-time codes: discarded immediately after use or expiry of validity (a few minutes).

4. Internal Workshop Management System (Local Operation)

We process order, repair and customer data in a workshop management system that we operate ourselves. It runs on a server located in our own business premises at Leverkusenstr. 3, 22761 Hamburg — i.e. at the same location as our workshop. There is no external hosting provider, no cloud replication and no remote access by third parties. Access is restricted to authorised employees.

Legal basis: Art. 6(1)(b) GDPR. Storage period: for the duration of the business relationship; invoice and bookkeeping data 10 years pursuant to § 257 HGB / § 147 AO.

5. Shipping via DHL

For shipping or returning your device we engage Deutsche Post DHL Group (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany). For this purpose we transmit to DHL the data necessary for creating the shipping label (first and last name, delivery address). DHL acts in this respect as a processor in the context of contract performance.

Legal basis: Art. 6(1)(b) GDPR. Further information: DHL Privacy Policy.

6. E-mail Processing via Microsoft 365

For sending and receiving business e-mail we use Microsoft 365 (Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). When you send an e-mail to [email protected], the content, name and e-mail address are processed on Microsoft servers. Our tenant is registered on the EU Data Boundary; Exchange Online operates within the EU data area with committed target region Germany.

Legal basis: Art. 6(1)(b) GDPR or (f) (efficient customer communication). A data processing agreement with Microsoft is in place. Further information: Microsoft Privacy Statement.

7. Payment Processing

Online payments are handled via external payment service providers. Which data is processed depends on the chosen payment method. Full card data never reaches our server; it is transmitted directly between your browser and the respective payment provider.

7.1 Stripe (online card payment)

Online card payments are processed via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Integration uses Stripe's Payment Element: your card data is captured in an input field hosted by Stripe and transmitted directly to Stripe — we never see or store your full card numbers. Stripe processes name, billing address, payment card data and technical connection data to perform the payment.

Legal basis: Art. 6(1)(b) GDPR. Stripe may transmit data to its parent company Stripe, Inc. (USA); transfer is based on EU Standard Contractual Clauses. Stripe Privacy Policy.

7.2 PayPal

When paying via PayPal, your payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. PayPal processes your name, e-mail address, address, bank or credit card data and technical transaction data to perform the payment.

Legal basis: Art. 6(1)(b) GDPR. PayPal may transmit data to affiliated entities worldwide; transfer is based on EU Standard Contractual Clauses. PayPal Privacy Policy.

7.3 Fiserv (card payment)

Card payments may also be processed via Fiserv. Fiserv processes your name, payment card data and technical transaction data to authorise and settle the payment. We do not store your full card data ourselves.

Legal basis: Art. 6(1)(b) GDPR. Fiserv Privacy Notice.

8. Customer Portal (sadaghian.com/status/)

On our customer portal at sadaghian.com/status/ you can view the repair status of your device and pay open invoices online. Login uses a one-time code (OTP), which we send to you by either e-mail or SMS — we store neither passwords nor password hashes. For online payment the providers listed in section 7 are integrated. For SMS delivery, the messaging provider sipgate (see section 9) is used. The portal runs entirely on our own server at Leverkusenstr. 3.

Legal basis: Art. 6(1)(b) GDPR. Storage period: for the duration of the business relationship.

9. SMS Delivery via sipgate

For sending SMS one-time codes (OTP) as part of the customer portal login, we use the German telecommunications provider sipgate GmbH, Gladbacher Str. 74, 40219 Düsseldorf, Germany. We transmit to sipgate your mobile number and the respective one-time code. sipgate processes this data exclusively to deliver the SMS and is subject to German telecommunications and data protection law. No transfer to third countries takes place.

Legal basis: Art. 6(1)(b) GDPR. sipgate Privacy Policy (German).

10. Bot Protection: Cloudflare Turnstile

On our DHL shipping form at sadaghian.com/en/shipping/ we use Cloudflare Turnstile (Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA) to defend against automated requests. Turnstile processes your IP address and technical browser characteristics for this purpose, without setting cookies. Without this protection the form would be open to bot abuse, which would cause us real shipping costs.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing abuse). Cloudflare is certified under the EU-US Data Privacy Framework.

11. Cloudflare CDN

This website uses Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA, as a Content Delivery Network (CDN) and security service. Cloudflare processes your IP address and other technical information (browser, operating system, pages visited) to optimise loading times and protect against attacks. This data processing is based on our legitimate interest in the secure and efficient provision of our website.

Cloudflare is certified under the EU-US Data Privacy Framework. Further information: Cloudflare Privacy Policy.

12. TikTok

Content from the TikTok platform may be embedded on our pages. The data controller for users in the EEA is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland — a subsidiary of the parent group ByteDance Ltd. (Cayman Islands). A connection to TikTok is only established after you actively click the play button (click-to-load). TikTok or affiliated ByteDance entities then receive the information that you have visited our site with your IP address; data may also be processed outside the EU. If you are logged into your TikTok account, you can link content from our pages with your TikTok profile. Further information: TikTok Privacy Policy.

13. WhatsApp

Functions of the messaging service WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are integrated on our pages. When you click on the WhatsApp button, a connection to WhatsApp's servers is established and you will be redirected to wa.me. WhatsApp receives the information that you have visited our site with your IP address. Further information: WhatsApp Privacy Policy.

14. ElevenLabs

Audio content created with ElevenLabs (ElevenLabs, Inc., 177 E Colorado Blvd, Suite 180, Pasadena, CA 91105, USA) may be embedded on our pages. ElevenLabs is an AI-based speech synthesis service. Playback is only activated after you click (click-to-load). When playing, data (including your IP address) may be transmitted to ElevenLabs servers in the USA. Further information: ElevenLabs Privacy Policy.

15. YouTube

Videos from the YouTube platform (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) may be embedded on our pages. We use YouTube in extended privacy mode (youtube-nocookie.com). A connection to YouTube/Google is only established after you click the play button, at which point data (including your IP address) may be transmitted to Google servers in the USA. If you are logged into your Google account, Google can associate the playback with your account. Further information: Google Privacy Policy.

16. Server Log Files

When our website is accessed, the web server automatically stores access data in log files. The following are recorded: IP address of the requesting computer, date and time of access, requested URL, amount of data transferred, response code, browser type, operating system and, where applicable, the previously visited page (referrer). This data is stored for a few days and then automatically deleted. No combination with other data sources takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security, availability and error analysis).

17. Your Rights as a Data Subject

You have the following rights vis-à-vis us with regard to personal data concerning you:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent given, with effect for the future (Art. 7(3) GDPR)

To exercise these rights, please contact us informally at [email protected]. We will respond within the statutory period of one month (Art. 12(3) GDPR).

18. Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. The authority competent for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(The Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str. 22, 7th floor, 20459 Hamburg, Germany
Phone: +49 40 / 428 54 - 4040 · Fax: +49 40 / 428 54 - 4000
E-mail: [email protected]
datenschutz-hamburg.de

Currency of this Privacy Policy

Last updated: May 2026. We reserve the right to amend this privacy policy if changes to our data processing make this necessary.

Repair Terms and Liability

Before handing over your device, you are obligated to create a complete backup of your data. We accept no liability for data loss, software errors or consequential damage. We also accept no liability for any work failures (lost working days) or economic damage due to delayed repairs.

A cost estimate does not constitute a repair guarantee. The repair time is non-binding. Payment is only due upon successful repair; in case of failure, no payment is due.