Privacy policy

Here is the translation of your privacy policy into English. I have maintained the numbering and formal legal terminology to ensure it remains professional and compliant with GDPR standards.

Privacy Policy

––––––––––––––––––––

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

 

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is OONIQUE GmbH, Gotthelfstr. 36, 81677 Munich, Germany, Tel.: 089/21528458, E-mail: info@oonique.com. The controller of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

1.3 The controller has appointed a data protection officer, who can be reached as follows: "Boris Hardi, Gotthelfstr. 36, 81677 Munich, 089/96118485, info@oonique.com"

 

2) Data Collection When Visiting Our Website

2.1 In the case of purely informational use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the site server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the moment of access

  • Amount of data sent in bytes

  • Source/reference from which you reached the page

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"); others remain on your device longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

 

If personal data is also processed by individual cookies implemented by us, the processing is carried out either in accordance with Art. 6 (1) (b) GDPR for the execution of the contract, in accordance with Art. 6 (1) (a) GDPR in the event of granted consent, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

 

You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that if cookies are not accepted, the functionality of our website may be restricted.

Klar - Cookie We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar collects, processes, and stores data on this website and its subpages for reach measurement and statistical analysis on our behalf. This collection takes place on the following legal basis: If the user's consent has been obtained in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, the data to be processed is collected on a user-related basis. Different cookies are used for the various types of collection mentioned above to ensure the respective collection method.

Cookie - Objection To generally object to the use of Klar, please use this link. This will set a cookie named "do_not_track" from the domain "oonique.com". Please do not delete this, otherwise it cannot be guaranteed that you will not be tracked by Klar. Information on data protection and data use by Klar can be found on the following website: https://www.getklar.com/data-protection

4) Contact

4.1 Stamped For review reminders, we use the services of the following provider: Stamped.io PTE. LTD., 68 Circular Road, #02-01, Singapore 049422. Exclusively on the basis of your express consent pursuant to Art. 6 (1) (a) GDPR, we transmit your e-mail address and, if applicable, other customer data to the provider so that they can contact you with a review reminder by e-mail. You can withdraw your consent at any time with effect for the future towards us or the provider. We have concluded an order processing agreement (DPA) with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

4.2 Trusted Shops For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany. Exclusively on the basis of your express consent pursuant to Art. 6 (1) (a) GDPR, we transmit your e-mail address and, if applicable, other customer data to the provider. You can withdraw your consent at any time with effect for the future. We have concluded a DPA with the provider.

4.3 WhatsApp Business Data protection provisions regarding the use of WhatsApp as a means of communication. The controller uses WhatsApp as a means of communication between employees, customers, business partners, shareholders, and stakeholders. WhatsApp is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the WhatsApp marketing tool from the company Klaviyo. The purpose of processing is to handle operational communication.

The legal basis is Art. 6 (1) (f) GDPR. WhatsApp stores personal communication data and accesses personal data, particularly the telephone book of mobile devices (all stored numbers are read). Communication handled via WhatsApp, collected numbers, and other data could be transmitted to third parties, especially Meta (Facebook) or international intelligence services. If you do not wish for us to store your number or communicate via WhatsApp, please inform us; we will use alternative communication methods (e.g., telephone). Further info: https://www.whatsapp.com/legal/#privacy-policy.

5) Comment Function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose will be stored and published. Furthermore, your IP address is logged and stored for security reasons in case a person violates the rights of third parties or posts illegal content. We require your e-mail address to contact you if a third party complains about your content. Legal bases: Art. 6 (1) (b) and (f) GDPR.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent required if you provide it to us when opening a customer account. The data required can be found in the input mask of the corresponding form. Deletion of your account is possible at any time by sending a message to the controller.

7) Use of Customer Data for Direct Advertising

7.1 Newsletter Registration: We use a Double Opt-in process. Your IP address and the time of registration are stored to prevent misuse. You can unsubscribe at any time via the link in the newsletter.

7.2 ActiveCampaign: Newsletters are sent via ActiveCampaign, LLC (USA). Processing is based on our legitimate interest (Art. 6 (1) (f) GDPR). If you consent (Art. 6 (1) (a) GDPR), statistical evaluations (web beacons/pixels) are performed. ActiveCampaign is certified under the EU-U.S. Data Privacy Framework.

7.3 Klaviyo: Newsletters are also sent via Klaviyo (USA). Similar conditions to ActiveCampaign apply, including DPA and EU-U.S. Data Privacy Framework certification.

7.4 SMS Marketing: Registration requires your mobile number (Double Opt-in). Data is used exclusively for promotional SMS. Withdrawal is possible at any time.

7.5 WhatsApp Newsletter: Registration via sending "Start" to our number. WhatsApp (Meta) may transfer data to the USA. We use a dedicated device to ensure only consenting contacts are processed.

7.6 & 7.7 Inventory & Cart Reminders: One-time e-mail notifications for available items or abandoned carts (Double Opt-in, Art. 6 (1) (a) GDPR).

8) Order Processing

8.1 Data is passed to transport and credit institutions (Art. 6 (1) (b) GDPR). 8.2 Amazon Fulfillment (FBA): Data shared for shipping purposes. 8.3 Xentral: Used for order processing and accounting (Art. 6 (1) (f) GDPR). 8.4 Shipping Providers: DHL Express, DPD Austria, and GLS. E-mail/phone shared only with express consent (Art. 6 (1) (a) GDPR) for delivery coordination; otherwise, only name/address are shared (Art. 6 (1) (b) GDPR). 8.5 Payment Providers: Includes Amazon Pay, Apple Pay, Google Pay, Klarna, PayPal, Shopify Payments, and Stripe. Data is shared for payment processing (Art. 6 (1) (b) GDPR) and, in some cases (Klarna, PayPal, Stripe), for credit checks (Art. 6 (1) (f) GDPR).

9) Online Marketing

9.1 Google AdSense: Uses cookies and web beacons. Requires consent (Art. 6 (1) (a) GDPR). 9.2 HubSpot: Customer management and marketing sync. Requires consent (Art. 6 (1) (a) GDPR). 9.3 & 9.4 Amazon & eBay Affiliates: We use affiliate links. Tracking requires consent (Art. 6 (1) (a) GDPR).

10) Web Analytics

10.1 Google (Universal) Analytics & 10.2 Google Analytics 4: Includes features like Demographic Characteristics, Google Signals, and UserIDs. Requires consent (Art. 6 (1) (a) GDPR). 10.3 Hotjar, 10.4 Klar!, 10.5 Tracify, 10.6 Triple Whale: Various tracking tools for behavior analysis and heatmaps. Most require consent (Art. 6 (1) (a) GDPR), except Tracify which uses anonymized script-based tracking.

11) Retargeting/Remarketing and Conversion Tracking

We use Facebook Pixel, Google Ads Remarketing, Microsoft Advertising, Pinterest Retargeting, and Taboola. All these tools require express consent (Art. 6 (1) (a) GDPR). We also use Google Ads Customer Match (encrypted data upload) only with consent.

12) Page Functionalities

12.1 Lightwidget (Instagram Feed), 12.2-12.5 Social Plugins (Facebook, Instagram, Pinterest): We use a "2-click" or "Shariff" solution to ensure no data is sent until you actively click the plugin. 12.6 YouTube: Embedded videos. Cookies set only upon consent. 12.7 Trusted Shops Trustbadge: Loaded to show reviews (Art. 6 (1) (f) GDPR). 12.8 Best Currency Converter: Uses IP to show local currency. 12.9 Google Maps API: Address validation (Art. 6 (1) (f) GDPR). 12.10 Google Web Fonts: Requires consent (Art. 6 (1) (a) GDPR). 12.11 E-mail Applications: Data processed for recruitment (Art. 6 (1) (b) GDPR / § 26 BDSG). Deleted after 6 months if unsuccessful.

13) Tools and Miscellaneous

13.1 DATEV & Xentral: Cloud-based accounting services. 13.2 Cookie Consent Tool: Used to manage your preferences (Art. 6 (1) (c) & (f) GDPR). 13.3 ChannelPilot: Online marketing tool for performance evaluation.

14) Rights of the Data Subject

14.1 You have the right to: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction of processing (Art. 18), Notification (Art. 19), Data portability (Art. 20), Withdrawal of consent (Art. 7 (3)), and Complaint to a supervisory authority (Art. 77).

14.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA WITHIN THE SCOPE OF A BALANCE OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU OBJECT, WE WILL STOP PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS OR FOR THE DEFENSE OF LEGAL CLAIMS. IF WE PROCESS DATA FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME; WE WILL THEN STOP PROCESSING FOR THESE PURPOSES.

15) Duration of Storage

Storage is determined by legal retention periods (e.g., 10 years for tax records). Data based on consent is stored until withdrawal. Data based on legitimate interest is stored until an objection is raised, unless overriding grounds exist.