This notice explains how the personal data of people who visit mubhem.com or subscribe to the newsletter is collected, for what purposes it is processed, and what rights you have. It has been prepared in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the European Union General Data Protection Regulation (GDPR), and Türkiye's Law No. 6698 on the Protection of Personal Data (KVKK).
1. Data controller
Sezer Shine Enterprizes LTD (a United Kingdom legal entity, registered in London).
The Mübhem brand is operated under this company. Company owner and artist: Aydın Sezer.
Contact: [email protected]
2. Data collected
a. Newsletter subscription
- E-mail address
- IP address
- Browser information (user-agent)
- Date and time of subscription
- Date of unsubscription, if you unsubscribe
b. Site interaction logs
The following events are recorded anonymously when UTM campaign parameters are present or when a user takes a direct action: page visits with UTM, outbound clicks to external platforms (such as Spotify, YouTube, Instagram, TikTok, X), video plays, hero button clicks, newsletter form submissions. For each event the following technical data is kept:
- Event type (e.g. page_view_utm, outbound_click, video_play)
- IP address
- Browser information (user-agent)
- Referring site (referer)
- UTM parameters (if any)
- Event timestamp
c. Automatic traffic statistics
Anonymous traffic information collected by Cloudflare Web Analytics without using cookies (page views, country breakdown, browser type). This data is not intended to identify users and contains no cookies.
3. Method of collection and legal basis
Data is collected directly when a visitor fills in a form or interacts with the site. No marketing cookies or third-party advertising trackers are used.
- Newsletter subscription: explicit consent (ticking the consent box on the form) under UK GDPR / GDPR Article 6(1)(a) and KVKK Article 5/1. The consent date is stored in the
consent_atfield. - Site interaction logs: legitimate interest (improving service quality, anonymous analysis, preventing abuse) under UK GDPR / GDPR Article 6(1)(f) and KVKK Article 5/2(f).
4. Purposes of processing
- Sending newsletters to announce new content
- Anonymous analysis of site traffic
- Measuring the effectiveness of marketing campaigns (UTM breakdown)
- Preventing abuse (IP-based rate limiting, spam protection)
- Continuous improvement of service quality
5. Retention period
- Newsletter records: retained while the subscription is active. After unsubscription the record is kept for a further 90 days (in case of a re-subscription request), then deleted or anonymised.
- Site interaction logs: automatically deleted after 12 months.
- Cloudflare Web Analytics: subject to Cloudflare's retention policy.
6. Third parties data is transferred to
Data is processed on the infrastructure of the following service providers. No data is sold or shared for marketing or advertising purposes.
- Cloudflare Inc. (US and European data centres): site hosting, database (D1), web analytics, security. Transfers are made under Standard Contractual Clauses (SCC) pursuant to UK GDPR / GDPR Article 46 and KVKK Article 9.
- GitHub Inc. (US): admin panel session authentication (only for the site owner's OAuth login).
- DistroKid LLC (US): music distribution. No visitor data is shared during this service; only the artist side's metadata is processed.
7. Your rights (UK GDPR / GDPR / KVKK)
Under United Kingdom and European Union data protection law (UK GDPR Articles 15–22, GDPR Articles 15–22) and Türkiye's KVKK Article 11, our visitors have the following rights:
- To learn whether their personal data is being processed
- To request information if it has been processed
- To know the third parties to whom their data has been transferred domestically or abroad
- To request correction if it has been processed incompletely or incorrectly
- To request its deletion or destruction within the conditions set out in the law
- To request that these actions be notified to third parties to whom the data has been transferred
- To object to analyses carried out through automated systems
- To claim compensation in the event of damage due to unlawful processing
To exercise these rights you can send a written request to [email protected]. Requests are answered within 30 days at the latest. To leave the newsletter you can also use the unsubscribe link in the newsletter e-mails.
8. Cookies
The site uses no marketing or third-party cookies. Only the following technical cookies exist:
- Admin panel session cookie (HttpOnly, Secure, SameSite=Strict): only for the site owner's admin login. It is not present on the visitor side.
- OAuth state cookie (temporary, short-lived): for CSRF protection in the admin login flow.
Apart from these, no cookies are written on the visitor side. At the browser level, sessionStorage temporarily holds UTM parameters and is cleared when the session ends.
9. Security measures
- HTTPS enforced (HSTS header, preload)
- Strict Content Security Policy
- Form spam protection (honeypot, IP-based rate limiting)
- Encrypted data transport (TLS)
- OAuth + HttpOnly cookie-based admin login against unauthorised access
10. Updates
This notice is updated when necessary. Significant changes are announced via the newsletter. The effective date is stated at the top of the page.
Contact
For your questions and requests: [email protected]
← Home