Privacy Policy

1. Controller

The controller responsible for data processing on this website and in the associated Shopify store is:

Omnava GmbH
Ludwig-Erhard-Platz 1
51373 Leverkusen
Germany
Authorised Managing Director: Michael Stoffels
E-mail: info@omnava.de

2. Data Collected When Accessing the Website

When you access the website, our hosting provider automatically records information in server log files: IP address, date and time of access, browser type, operating system, referrer URL, and the volume of data transferred.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the stable and secure provision of the website).

3. Hosting by Shopify

Our online store is operated on the platform of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). All data collected in the store is stored and processed on Shopify’s servers.

As part of the hosting service, Shopify may transfer data to affiliated companies, in particular Shopify Inc. (Canada) as well as Shopify Data Processing (USA) Inc. and Shopify (USA) Inc. (USA).

Transfer to third countries:

  • Canada: Adequacy decision of the EU Commission (Art. 45 GDPR).
  • USA: Shopify Inc. is not certified under the EU-US Data Privacy Framework. Data is transferred on the basis of the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR (Implementing Decision (EU) 2021/914).

A data processing agreement pursuant to Art. 28 GDPR (Shopify Data Processing Addendum) is in place with Shopify.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in an efficient and secure store platform).

Further information: https://www.shopify.com/legal/privacy

4. Cookies and Comparable Technologies

We use exclusively technically necessary cookies and comparable storage technologies that are strictly required to operate the store, in particular for the shopping cart, session management, checkout (incl. CSRF protection) and payment processing.

Legal basis: Section 25(2) no. 2 TDDDG in conjunction with Art. 6(1)(b) and (f) GDPR. No consent is required for this; therefore no consent banner is used.

We do NOT use any tracking, analytics, profiling or marketing cookies. No reach or behavioural analysis is carried out by Google Analytics, Meta Pixel, TikTok Pixel or comparable services.

5. Fonts (Google Fonts)

To display fonts consistently, we use web fonts provided by Google (“Google Fonts”). When a page is accessed, your browser loads the required fonts in order to display text correctly. If your browser retrieves the fonts from a Google server, a connection to Google’s servers is established and Google thereby becomes aware of your IP address.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Any transfer to the USA to Google LLC takes place on the basis of the EU-US Data Privacy Framework (Google LLC is certified) and, additionally, on the basis of the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a consistent and appealing presentation of our online offering). Where technically possible, we embed the fonts locally so that no connection to Google servers is established.

Further information: https://policies.google.com/privacy and https://developers.google.com/fonts/faq

6. Order Processing

When you place an order, we process the following personal data: first name, last name, address, delivery and billing address, e-mail address, telephone number (if provided), order data (item, quantity, price), and payment information depending on the selected payment method.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); for statutory retention obligations (Sections 147 AO, 257 HGB) additionally Art. 6(1)(c) GDPR.

Retention period: up to ten years in accordance with tax and commercial retention periods.

7. Payment Processing

We offer various payment methods. The respective payment processing is carried out by independent payment service providers to whom we pass on the data required for payment in order to perform the contract. Within the meaning of the GDPR, these providers are independent controllers; no data processing agreement pursuant to Art. 28 GDPR exists in this respect. The legal basis for the transfer is Art. 6(1)(b) GDPR.

a) Shopify Payments / Stripe

If you select a payment method offered via Shopify Payments (in particular credit card), the technical payment processing is carried out by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The data required for payment is transmitted, in particular name, address, credit card data where applicable, invoice amount and transaction number.

Stripe LLC (USA) is certified under the EU-US Data Privacy Framework. Data transfers to the USA take place on the basis of Art. 45 GDPR in conjunction with the adequacy decision of 10 July 2023.

Further information: https://stripe.com/privacy

b) Apple Pay

If you select “Apple Pay”, the payment data is processed via the Apple Pay procedure of Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Apple provides a pseudonymised Device Account Number; the actual card number is not visible to us.

Legal basis: Art. 6(1)(b) GDPR.

Further information: https://www.apple.com/legal/privacy/data/en/apple-pay/

c) Google Pay

If you select “Google Pay”, processing is carried out by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland by charging a payment method stored with Google Pay. Google Ireland forwards the data required for this to Google LLC (USA); Google LLC is certified under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(b) GDPR.

Further information: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

d) Klarna

If you select a Klarna payment method (“Klarna Pay Now”, “Klarna Invoice”, “Klarna Instalments”), the data required for payment processing is transmitted to Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden. Klarna is an independent controller within the meaning of Art. 4 no. 7 GDPR.

As part of the identity and credit check, Klarna may carry out an automated decision within the meaning of Art. 22 GDPR and obtain information from credit agencies. The legal bases arise from Art. 6(1)(b) and (f) GDPR as well as from anti-money-laundering regulations (Art. 6(1)(c) GDPR).

You have the right to object to the use of your data for advertising and market research purposes by Klarna. Further information and the complete list of processing purposes and credit agencies can be found in Klarna’s privacy policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_de/privacy

e) PayPal

If you select “PayPal”, the payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal is an independent controller within the meaning of Art. 4 no. 7 GDPR.

Where the selected payment method requires it, PayPal carries out a credit check on its own responsibility and obtains information from credit agencies. The legal basis for this is Art. 6(1)(f) GDPR in conjunction with PayPal’s legitimate interests in payment security, as well as Art. 6(1)(b) GDPR.

PayPal may also transfer data to the USA. Insofar as a transfer to the USA takes place, this is based on the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Further information: https://www.paypal.com/de/legalhub/paypal/privacy-full

8. Shipping and Logistics

To deliver your order, we transmit your name, your delivery address and, where applicable, your telephone number/e-mail address to the shipping service provider we use, GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1-7, 36286 Neuenstein). Legal basis: Art. 6(1)(b) GDPR.

9. E-mail Contact

If you contact us by e-mail or via the contact form, the data you provide (e-mail address, name, message) is stored in order to process the enquiry and for follow-up questions. Legal basis: Art. 6(1)(b) or (f) GDPR.

10. Promotional E-mails / Newsletter

Promotional e-mails are sent to existing customers on the basis of Section 7(3) UWG in conjunction with Art. 6(1)(f) GDPR. You can object to receiving them at any time without incurring any costs other than the transmission costs at the basic rates.

Otherwise, newsletters are sent on the basis of express consent pursuant to Art. 6(1)(a) GDPR using the double opt-in procedure. You can withdraw your consent at any time with effect for the future.

11. Data Subject Rights

You have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection (Art. 21 GDPR). You can withdraw any consent given at any time with effect for the future (Art. 7(3) GDPR).

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2-4
40213 Düsseldorf, Germany

12. Validity of this Privacy Policy

Last updated: May 2026. We reserve the right to amend this privacy policy insofar as this becomes necessary due to new technologies or changed legal requirements.