1. Data Protection at a Glance

We take the protection of your personal data very seriously. This website follows the principle of **data minimization**: personal data is only collected when necessary and stored securely.

1. Data Protection at a Glance

We take the protection of your personal data very seriously. This website follows the principle of **data minimization**: personal data is only collected when necessary and stored securely.

1. Data Protection at a Glance

We take the protection of your personal data very seriously. This website follows the principle of **data minimization**: personal data is only collected when necessary and stored securely.

2. General Notes and Mandatory Information

**Controller**
Triple Caramel Marketing Ltd.
[Registered Address in Cyprus]
Email: info@tcm-digital.com
The controller is the legal entity which determines the purposes and means of the processing of personal data.

**Legal basis (GDPR)**
- Art. 6(1)(b) GDPR – contract performance (model registration and confirmation)
- Art. 6(1)(c) GDPR – legal obligations (documentation duties)
- Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, logging)
- Art. 6(1)(a) GDPR – consent (where applicable)

**Your rights**
You have the right to request information, rectification, deletion, restriction of processing, data portability, and to object to processing. You may also lodge a complaint with your local supervisory authority.

**SSL/TLS encryption**
Our site uses HTTPS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

2. General Notes and Mandatory Information

**Controller**
Triple Caramel Marketing Ltd.
[Registered Address in Cyprus]
Email: info@tcm-digital.com
The controller is the legal entity which determines the purposes and means of the processing of personal data.

**Legal basis (GDPR)**
- Art. 6(1)(b) GDPR – contract performance (model registration and confirmation)
- Art. 6(1)(c) GDPR – legal obligations (documentation duties)
- Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, logging)
- Art. 6(1)(a) GDPR – consent (where applicable)

**Your rights**
You have the right to request information, rectification, deletion, restriction of processing, data portability, and to object to processing. You may also lodge a complaint with your local supervisory authority.

**SSL/TLS encryption**
Our site uses HTTPS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

2. General Notes and Mandatory Information

**Controller**
Triple Caramel Marketing Ltd.
[Registered Address in Cyprus]
Email: info@tcm-digital.com
The controller is the legal entity which determines the purposes and means of the processing of personal data.

**Legal basis (GDPR)**
- Art. 6(1)(b) GDPR – contract performance (model registration and confirmation)
- Art. 6(1)(c) GDPR – legal obligations (documentation duties)
- Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, logging)
- Art. 6(1)(a) GDPR – consent (where applicable)

**Your rights**
You have the right to request information, rectification, deletion, restriction of processing, data portability, and to object to processing. You may also lodge a complaint with your local supervisory authority.

**SSL/TLS encryption**
Our site uses HTTPS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

3. Data Collection on This Website

**a) Registration Form**
When models fill out the registration form, we collect:
- First & last name
- Email address
- Consent to Terms & Conditions
**b) Confirmation Workflow (n8n)**
Registrations are processed via our self-hosted automation tool (n8n).
- A unique token is generated and linked to your email.
- The token is verified when you click the confirmation link.
- Upon confirmation, we store the date, IP address and User Agent for legal evidence.
**c) Storage (Google Sheets)**
Registration data is securely stored in Google Sheets (Google Workspace). Access is restricted to authorized staff.
**d) Emails (Gmail)**
We use Gmail (Google Workspace) to send confirmation emails. Outgoing emails are BCC’d to our internal account for documentation.
**e) Server log files**
When accessing this website, our hosting provider (Framer) automatically collects server log data (browser type, operating system, referrer URL, host name, time of access, IP address). This data is processed based on Art. 6(1)(f) GDPR for technical security.
**f) Cookies**
Our site may use strictly necessary cookies (session cookies). These are automatically deleted after your visit. We do not use tracking cookies or analytics services.

3. Data Collection on This Website

**a) Registration Form**
When models fill out the registration form, we collect:
- First & last name
- Email address
- Consent to Terms & Conditions
**b) Confirmation Workflow (n8n)**
Registrations are processed via our self-hosted automation tool (n8n).
- A unique token is generated and linked to your email.
- The token is verified when you click the confirmation link.
- Upon confirmation, we store the date, IP address and User Agent for legal evidence.
**c) Storage (Google Sheets)**
Registration data is securely stored in Google Sheets (Google Workspace). Access is restricted to authorized staff.
**d) Emails (Gmail)**
We use Gmail (Google Workspace) to send confirmation emails. Outgoing emails are BCC’d to our internal account for documentation.
**e) Server log files**
When accessing this website, our hosting provider (Framer) automatically collects server log data (browser type, operating system, referrer URL, host name, time of access, IP address). This data is processed based on Art. 6(1)(f) GDPR for technical security.
**f) Cookies**
Our site may use strictly necessary cookies (session cookies). These are automatically deleted after your visit. We do not use tracking cookies or analytics services.

3. Data Collection on This Website

**a) Registration Form**
When models fill out the registration form, we collect:
- First & last name
- Email address
- Consent to Terms & Conditions
**b) Confirmation Workflow (n8n)**
Registrations are processed via our self-hosted automation tool (n8n).
- A unique token is generated and linked to your email.
- The token is verified when you click the confirmation link.
- Upon confirmation, we store the date, IP address and User Agent for legal evidence.
**c) Storage (Google Sheets)**
Registration data is securely stored in Google Sheets (Google Workspace). Access is restricted to authorized staff.
**d) Emails (Gmail)**
We use Gmail (Google Workspace) to send confirmation emails. Outgoing emails are BCC’d to our internal account for documentation.
**e) Server log files**
When accessing this website, our hosting provider (Framer) automatically collects server log data (browser type, operating system, referrer URL, host name, time of access, IP address). This data is processed based on Art. 6(1)(f) GDPR for technical security.
**f) Cookies**
Our site may use strictly necessary cookies (session cookies). These are automatically deleted after your visit. We do not use tracking cookies or analytics services.

4. Purpose of Processing

Your data is used to:
- Register and verify models
- Send and log confirmations
- Provide legal proof of consent to Terms & Conditions
- Ensure technical security of the website
We do **not** use your data for profiling, analytics, or advertising.

4. Purpose of Processing

Your data is used to:
- Register and verify models
- Send and log confirmations
- Provide legal proof of consent to Terms & Conditions
- Ensure technical security of the website
We do **not** use your data for profiling, analytics, or advertising.

4. Purpose of Processing

Your data is used to:
- Register and verify models
- Send and log confirmations
- Provide legal proof of consent to Terms & Conditions
- Ensure technical security of the website
We do **not** use your data for profiling, analytics, or advertising.

5. Data Retention

We store registration and confirmation records as long as necessary to fulfill contractual and legal obligations. After that, data will be deleted unless retention is required by law.

5. Data Retention

We store registration and confirmation records as long as necessary to fulfill contractual and legal obligations. After that, data will be deleted unless retention is required by law.

5. Data Retention

We store registration and confirmation records as long as necessary to fulfill contractual and legal obligations. After that, data will be deleted unless retention is required by law.

6. Disclosure to Third Parties

Data may be shared with:
- Google (Workspace / Sheets / Gmail)
- Our hosting provider (Framer)
- Our own automation system (n8n, hosted in the EU)
We do not sell or rent your personal data to third parties.

6. Disclosure to Third Parties

Data may be shared with:
- Google (Workspace / Sheets / Gmail)
- Our hosting provider (Framer)
- Our own automation system (n8n, hosted in the EU)
We do not sell or rent your personal data to third parties.

6. Disclosure to Third Parties

Data may be shared with:
- Google (Workspace / Sheets / Gmail)
- Our hosting provider (Framer)
- Our own automation system (n8n, hosted in the EU)
We do not sell or rent your personal data to third parties.

7. International Transfers

Where data is transferred outside the EU/EEA (e.g. Google servers), appropriate safeguards are in place (Standard Contractual Clauses).

7. International Transfers

Where data is transferred outside the EU/EEA (e.g. Google servers), appropriate safeguards are in place (Standard Contractual Clauses).

7. International Transfers

Where data is transferred outside the EU/EEA (e.g. Google servers), appropriate safeguards are in place (Standard Contractual Clauses).

8. Objection to Marketing Emails

The use of our contact details published in the imprint for unsolicited marketing is prohibited. We reserve the right to take legal action against spam emails.

8. Objection to Marketing Emails

The use of our contact details published in the imprint for unsolicited marketing is prohibited. We reserve the right to take legal action against spam emails.

8. Objection to Marketing Emails

The use of our contact details published in the imprint for unsolicited marketing is prohibited. We reserve the right to take legal action against spam emails.