Privacy Policy

1. Introduction

The protection of your personal data is of utmost importance to us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

2. Responsible body

Responsible for data processing on this website is:
Clearblick UG (limited liability)
Immanuelkirchstraße 9
10405 Berlin
Email: hello@owin.care

3. General information on data processing

We process personal data as part of our online shop and website operations. This includes, in particular, order processing, managing customer accounts, sending newsletters, and using analysis and tracking tools.

In certain cases, data may also be transferred to third parties or to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). Should such a transfer occur, this will be indicated below, along with information on appropriate protective measures.

4. What personal data do we collect?

On our websites, you can purchase products, learn about our company and our offerings, and contact us. Depending on your use of our services, we collect different types of personal data. This data can be divided into the following categories:

(1) Automatically collected data

When you access and use our website, we automatically collect certain information, including personal data.

(2) Log files and device information

When you use our website, your browser automatically transmits certain data to our web server. These log files include, among other things:

      Your IP address

      Date and time of the request

      Requested URL (specific page accessed)

      Access status/HTTP status code

      Amount of data transferred

      Website from which the request comes (referrer URL)

      Browser type and language settings

(3) Cookies

We use cookies and allow third parties to use this technology on our website. Cookies are small text files that your browser stores on your device. They contain information about:

      Pages visited and their frequency

      User behavior on our website (e.g. interactions with social networks)

The data collected by cookies is pseudonymized, so that a direct assignment to you is not easily possible.

(4) Web beacons

Web beacons are small, invisible graphics embedded in our websites and newsletters. They enable us to analyze user behavior by providing information about whether a page or newsletter has been opened.

Legal basis: The use of tracking pixels (web beacons) only takes place with your express consent in accordance with Art. 6 (1) (a) GDPR

(5) Data submitted by you

Certain features of our website require you to provide personal information, for example, when you place an order, create a customer account, or contact us.

(6) Profile data

When you register a customer account, we collect the following data:

      First and Last Name

      E-mail address

      Self-chosen password

      Billing and delivery address

      Order history

Your email address and password serve as your login information. You can view and change your billing and delivery address at any time in your customer account.

(7) Communication data

When you contact us, we collect the information you provide, including:

      name

      address

      Telephone number

      E-mail address

      Content of your message

Depending on the type of communication (e.g., email, telephone, contact form), we also collect technical data, such as your device's IP address. We use this data exclusively to process your request.

(8) Purchase and payment data

When you place an order with us, we collect the information necessary to process your order, including:

      Order number

      Details of the purchased items (product name, purchase price, quantity, etc.)

      Payment method and details (e.g. credit card number, PayPal ID, IBAN and BIC)

      Delivery and billing addresses

      Communication regarding orders (e.g. complaints, cancellations)

      Shipping and payment status

      Tracking numbers from shipping service providers

This information is required to process your order and provide you with the best possible service.

5. How do we use the data we collect from you? What is the legal basis for this use?

We process and store personal data exclusively in accordance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Your data is used for the following purposes and is based on the respective legal bases:

6. Provision, improvement and security of our website

      We use automatically collected data (e.g., log files, device information, IP addresses) to enable the technical provision of our website and to ensure its security and functionality. This includes, in particular:

      Provision of the website and its functions

      Optimization of display and user-friendliness

      Ensuring stability and IT security

For this purpose, we store your IP address for the duration of your session.

Legal basis: The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR , as it is necessary to maintain and improve our online offering.

7. Provision of our online shop and processing of orders

(1) In order to provide you with our products online and to process orders, we process the data you provide, in particular:

      Profile data (e.g. name, email address, customer account information)

      Purchase and payment data (e.g. order number, payment method, delivery address)

      Communication data (e.g. customer service inquiries)

The main purposes of this processing include:

      Provision and personalization of our online shop (e.g. customer account, product reviews)

      Contract processing , including order and payment processing

      Customer service and processing of inquiries

      Returns, complaints and warranty cases

      Ensuring IT security and preventing fraud

Legal basis:

      For the performance of the contract in accordance with Art. 6 (1) (b) GDPR, provided that the processing is necessary for the performance of a sales contract.

      If the processing is aimed at security measures or operational optimization, it is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

8. Non-promotional communication

We use your data to inform you about important technical, security or contract-related changes, for example:

      Security warnings (e.g. suspected fraud, account suspensions)

      Important changes to our Terms and Conditions or Privacy Policy

This communication is not for advertising purposes.

Legal basis: The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR , as we need to inform our customers about security-relevant or contractual changes.

9. Hosting by Shopify

To provide our online store, we use Shopify Inc., a Canadian company located at 151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada. This may involve data transfer to Canada, for which an adequacy decision by the EU Commission has been approved.

The legal basis for data processing is our legitimate interest in providing a functioning online shop (Art. 6 (1) (f) GDPR).

10. Contact
When you send us inquiries via our contact form or by email, we process the data you provide (e.g. name, email address, message).

The legal basis for processing is either the necessity to fulfill the contract or to carry out pre-contractual measures (Art. 6 (1) (b) GDPR) or our legitimate interest in processing your request (Art. 6 (1) (f) GDPR).

Service providers used:

  • Zendesk (Zendesk GmbH, Neue Schönhauser Straße 3-5, 10178 Berlin) to optimize customer communication. Data may be transferred to the USA, subject to the EU Standard Contractual Clauses and Binding Corporate Rules.

11. Contract execution

We process your personal data to fulfill and process your purchase contract with us. This includes, in particular, processing your order, providing invoices, and shipping the ordered goods.

To deliver your order, we will transmit your address details to the shipping company commissioned with the delivery (e.g., DHL, GLS). This transfer is solely for the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR.

For payment processing, we transmit the necessary transaction data (e.g., name, order date, payment method, amount, payee, and – if necessary – bank details or credit card details) to the payment service provider you have chosen. This processing is carried out to fulfill the contract in accordance with Art. 6 (1) (b) GDPR and to comply with legal obligations, in particular under tax and commercial law, in accordance with Art. 6 (1) (c) GDPR.

Your data will only be stored for as long as is necessary to process the contract and in accordance with statutory retention periods.

12. Shipping status notifications

If you have opted for shipping status notifications, we will transmit your email address and/or telephone number to the shipping company commissioned with the delivery (e.g., DHL, GLS). This data processing is carried out solely for the purpose of informing you about the current status of your shipment.

This data is processed exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by contacting us at hello@owin.care .

13.  Credit check via Klarna

If you choose a payment method that requires a credit check (e.g., purchase on account or installment payments through Klarna), we will transmit your name and address to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. Klarna will initiate a credit check with a credit agency and send the results to us for risk assessment.

Legal basis for data processing:

·       If the credit check is necessary to protect our financial risk, the processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest is to avoid payment defaults, as we make advance payments when purchasing on account or by installment.

·       In all other cases, processing will be carried out exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect.

Further information on data processing by Klarna can be found in their privacy policy at: https://www.klarna.com/de/datenschutz .

14. Newsletter

(1) In order to regularly inform you about our company, our products, and current offers, we offer a newsletter by email. If you subscribe to our newsletter, we will process the data you provide (email address and any voluntary information).

(2) Double opt-in procedure and logging: After registering, you will receive an email with a confirmation link to complete your registration (double opt-in procedure). This serves to prevent misuse and ensure verifiability of your consent. For this purpose, we store the time of registration, the confirmation, and your IP address. Email addresses that have not confirmed their newsletter subscription will be automatically deleted after 30 days.

Legal basis:

Your data will be processed for sending the newsletter based on your consent in accordance with Art. 6 (1) (a) GDPR. The registration process will be logged based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR in order to be able to prove legal registration.

(3) Use of a shipping service provider: To send the newsletter, we use the "Klaviyo" service provided by Klaviyo Inc., 60 South Street, Suite 910, Boston, Massachusetts, USA. The data is transferred to servers in the USA. Since there is no adequacy decision from the EU Commission for the USA, the data transfer is based on the EU standard contractual clauses to ensure an appropriate level of data protection. You can receive a copy of these standard contractual clauses upon request by contacting us at hello@owin.care .

(4) Revocation of consent: You can revoke your consent to receive the newsletter at any time with future effect by using the unsubscribe link in the newsletter or by sending us a message to hello@owin.care .

15. Analysis and tracking

We use various tracking technologies to analyze user behavior on our website and to optimize our online offering and marketing measures. To do this, we use cookies, web beacons, and other technologies that enable the evaluation of user behavior.

We use technically necessary cookies (e.g., for the shopping cart) without your consent in accordance with Art. 6 (1) (f) GDPR. Other cookies, especially for tracking or advertising, are only used with your consent (Art. 6 (1) (a) GDPR).

(1) Web analysis and statistics

The information collected through cookies and web beacons helps us understand which content is most relevant, how long visitors stay on certain pages, and how successful our marketing campaigns are. We use the insights gained to improve our online presence and the user experience.

For these purposes we use the following analysis tools:

Shopify Analytics

      Provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

      Purpose: Analysis of website usage and purchasing behavior

      Data: visitor behavior, ordering behavior, technical data

      Privacy Policy: https://www.shopify.de/legal/datenschutz

      For more information: https://help.shopify.com/manual/reports-and-analytics/shopify-reports

Google Analytics

      Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

      Purpose: Analysis of user behavior on our website

      Data: Page views, session duration, interactions, IP address (anonymized)

      IP anonymization: Your IP address will be shortened before being transmitted to Google servers in the USA within the EU or EEA. Only in exceptional cases will the full IP address be transmitted to the USA and shortened there.

      Privacy Policy: https://www.google.com/intl/de/analytics/learn/privacy.html

You can revoke your consent to the use of Google Analytics at any time via our cookie settings or directly via the Google opt-out link ( https://tools.google.com/dlpage/gaoptout ).

 

16. Marketing and Advertising

We use tracking technologies to show you relevant ads and to evaluate the effectiveness of our marketing efforts. The information collected helps us deliver personalized content and targeted ads.

We use the following tools for personalized advertising:

(1) Meta services on our website

a. Meta Custom Audiences (Pixels & Cookies)

We use the Meta Pixel of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland .

The meta pixel is used to measure the success of our advertising campaigns on the meta platforms ( Facebook, Instagram ) and to optimize the display of advertisements for relevant target groups.

How it works:

      After clicking on a meta ad or visiting our website, the meta pixel stores a cookie on your device.

      This cookie processes information about whether you came to our website via a meta ad and analyses your behaviour until the purchase is completed.

      The pixel establishes a direct connection to Meta's servers .

Data collected:

      User's IP address

      Behavior on the website (pages visited, purchases, interactions)

      Source of origin (e.g. meta ad)

If you are registered with Meta , Meta can associate the collected information with your user account. Even if you are not registered or logged in, Meta can process and store your IP address.

Revocation:  You can revoke your consent for Meta Pixel at any time via our consent banner (see footer: “Change cookie settings”).

Further information on data processing by Meta: https://www.facebook.com/about/privacy

b. Meta Custom Audiences (customer list)

We also use Meta Custom Audiences (customer list) to target existing customers with personalized ads on Facebook and Instagram.

How it works:

      Customer data (e.g. email address or telephone number) is transmitted to Meta in encrypted form.

      Meta compares this data with existing user accounts and thus enables targeted advertising.

Legal basis:

      Processing takes place exclusively with your consent in accordance with Art. 6 (1) (a) GDPR .

      Cookies are stored on the basis of Section 25 Paragraph 1 TDDDG .

Revocation: You can revoke your consent at any time with effect for the future .

Data transfer to the USA: Meta is certified under the EU-US Data Privacy Framework , which ensures an appropriate level of data protection.

More information about Meta Custom Audiences:

      Meta Privacy Policy: https://www.facebook.com/about/privacy

      Meta Custom Audiences: https://www.facebook.com/business/help/744354708981227

 

c. Meta Ads (conversion tracking)

We use the advertising service Meta Ads on our website , provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland , a subsidiary of Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA .

How conversion tracking works

When you click on an ad served by Meta, a conversion cookie is stored on your device. If you subsequently visit certain pages of our website and the cookie has not yet expired, Meta and we can recognize that you clicked on the ad and were redirected .

This cookie is not used for personal identification , but enables statistical evaluation of advertising performance for companies that use conversion tracking.

Legal basis for processing:

      Meta uses cookies and similar technologies with your consent in accordance with Section 25 (1) TDDDG .

      The processing of the collected data is based on your consent in accordance with Art. 6 (1) (a) GDPR .

Revocation of consent: You can revoke your consent at any time with effect for the future by:

      deactivate the cookie via your browser settings or

      Adjust your preferences in our consent banner (see footer: “Change cookie settings”).

Data transfer to the USA:

Since Meta Platforms Ireland Limited is a subsidiary of the Meta Group , it cannot be ruled out that data will be transferred to Meta Platforms Inc. in the USA and processed there .

However, Meta is certified under the EU-US Data Privacy Framework and thus falls under the EU adequacy decision for the USA , which ensures an appropriate level of data protection.

Further information on data processing by Meta can be found here:

      Meta Privacy Policy: https://www.facebook.com/about/privacy

      Meta ad settings: https://www.facebook.com/settings?tab=ads

 

(2) Google services on our website

a. Google Analytics

We use Google Analytics , a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website. Google Analytics enables us to analyze the usage behavior of our website visitors and compile reports on the activities within our online offering. This serves to optimize and improve the user-friendliness of our website.

When using Google Analytics, interactions of website visitors are recorded and systematically evaluated using cookies .

We have implemented Google Analytics with the extension "anonymizeIp() ," which shortens IP addresses within EU or EEA member states . Only in exceptional cases will the full IP address be transmitted to Google servers in the US and shortened there. This generally precludes any direct personal reference.

Data collected:

      Anonymized IP address (3 bytes of the IP address of the accessed system)

      Visited websites and subpages

      Source page (referrer URL)

      Length of stay on the website

      Frequency of website visits

Google says it does not link the IP address with other data.

Privacy Policy : https://policies.google.com/privacy

Legal basis:

Processing takes place exclusively with your consent in accordance with Art. 6 (1) (a) GDPR .

 

b. Google Remarketing / Retargeting

Our website uses Google Remarketing or Google Retargeting to show you personalized ads based on your previous visits to our site. Google stores tracking cookies to analyze which products you've viewed and which ads might be relevant to you.

When you subsequently visit a partner website, they may display targeted ads based on your previous behavior on our site.

 

c. Google reCAPTCHA

To protect our website from spam and automated attacks (e.g. bots), we use the security service Google reCAPTCHA from Google Ireland Limited .

When reCAPTCHA is used, various data is transmitted to Google, including:

      Your IP address

      Referrer URL (the website from which you access reCAPTCHA)

      Information about your operating system and browser

      Cookies , if they are stored in your browser

      Mouse movements and keyboard interactions

      Time spent on the page

Legal basis:

The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR in the security and protection of our website against spam and misuse.

Data transfer to the USA:

It cannot be ruled out that data will be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA . Google is certified under the EU-US Data Privacy Framework , which ensures an appropriate level of data protection.

For more information about the use of Google reCAPTCHA and Google’s privacy policy:

      Google reCAPTCHA documentation: https://www.google.com/recaptcha/about/

      Google Privacy Policy: https://policies.google.com/privacy

d. Google Fonts

To ensure that our website is presented in an appealing manner, we use external fonts from Google Fonts , which are loaded from the servers of **Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) **.

When you load the fonts, Google does not store any cookies on your device. However, your IP address will be transmitted to Google and may be processed on servers in the USA.

Legal basis:

The processing is based on our legitimate interest in a uniform and appealing presentation of our website in accordance with Art. 6 (1) (f) GDPR .

Data transfer to the USA:

It cannot be ruled out that data will be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA . Google is certified under the EU-US Data Privacy Framework , which ensures an appropriate level of data protection.

Further information about Google Fonts and Google’s privacy policy:

      Google Fonts FAQ: https://developers.google.com/fonts/faq

      Google Privacy Policy: https://policies.google.com/privacy

 

e. Legal basis and revocation for Google services

      Your data will only be processed within the scope of Google Analytics, Google Ads and Google Remarketing with your consent in accordance with Art. 6 (1) (a) GDPR .

      Cookies are stored on the basis of Section 25 (1) TDDDG (consent to access to end device information).

Revocation: You can revoke your consent at any time via our consent banner (see footer: “Change cookie settings”).

Data transfer to the USA: Google is certified under the EU-US Data Privacy Framework , which ensures an appropriate level of data protection.

Further information:

      Google Privacy Policy: https://policies.google.com/privacy

      Google Ads Settings: https://adssettings.google.com/

 

17. How long will my data be stored?

We only store your personal data for as long as necessary to fulfill the respective purposes for which it was collected or as required by statutory retention periods.

      Log and device data : This data is automatically deleted as soon as the respective session ends. Log files stored for security purposes or to prevent attacks on our website are automatically deleted after 7 days at the latest.

      Cookies : The storage period of cookies varies depending on the type of cookie and your individual browser settings.

      Google Analytics data : Analysis data collected via Google Analytics is automatically deleted after 14 months .

If you close your customer account , we will delete all personal data stored in your account. If complete deletion is not possible or necessary due to legal retention obligations, the data in question will be blocked for further processing, i.e., access rights to this data will be restricted.

Legal retention obligations particularly concern data that is subject to tax and commercial law regulations, for example:

      Commercial Code (HGB)

      Tax Code (AO)

This data must be retained for up to ten years for audit purposes before it can be permanently deleted.

Even if there is no statutory retention period, we may delay deletion in certain cases if this is legally permissible. This particularly applies to cases in which we still need the data for contractual purposes or to assert, exercise, or defend legal claims (e.g., in the case of open complaints or ongoing legal disputes). In such cases, the duration of data storage is determined by the statutory limitation periods , after which the data in question will be permanently deleted.

 

18. Is data also transferred to recipients outside the European Union or the European Economic Area (EEA)?

Yes, we also transfer personal data to processors and partner companies located in third countries outside the European Economic Area (EEA). Before such a transfer takes place, we ensure that the recipient has an appropriate level of data protection .

This is done based on the following mechanisms:

      EU Commission adequacy decision for certain countries that ensure an adequate level of data protection.

      EU Standard Contractual Clauses (SCCs) : These were adopted by the European Commission and ensure that the data recipient outside the EEA is contractually obliged to comply with European data protection standards.

      Binding Corporate Rules (BCRs) : If an international group of companies has implemented internal data protection policies with its affiliates that have been approved by data protection authorities.

      User consent : In some cases, data transfer is based on your express consent in accordance with Art. 49 (1) (a) GDPR.

Transfer to the USA

Some of our service providers, such as Google, Meta (Facebook, Instagram), and Klaviyo , are based in the USA. These companies are certified under the EU-US Data Privacy Framework and are therefore subject to the EU Commission's adequacy decision, ensuring an adequate level of data protection.

If you would like further information about the data recipients in third countries or a copy of the relevant standard contractual clauses , you can contact us at any time using the methods provided in the Contact section .

19. Your rights as a data subject

Under the General Data Protection Regulation (GDPR), you as a data subject have various rights regarding the processing of your personal data. Below, we will inform you about these rights and how you can exercise them.

a) Right to information (Article 15 GDPR)

You have the right to obtain information about the personal data we have stored about you at any time and free of charge . Upon request, we will provide you with a copy of the stored data.

b) Right to rectification, erasure and restriction of processing (Articles 16, 17, 18 GDPR)

      Correction: If the data we store is incorrect or incomplete, you have the right to request that it be corrected or completed .

      Deletion: You can request the deletion of your personal data if one of the following reasons applies:

      The data is no longer required for the purposes for which it was collected.

      You withdraw your consent and there is no other legal basis for the processing.

      The processing was unlawful.

      The deletion is necessary to fulfill a legal obligation.

      You have objected to the processing and there are no overriding legitimate grounds for the processing.

      Restriction of processing: If deletion is not possible (e.g. due to legal retention obligations), you have the right to request that the processing of your data be restricted.

c) Right of objection (Article 21 GDPR)

      You can object to the processing of your data at any time if this is based on a legitimate interest (Art. 6 Para. 1 lit. f GDPR) or in the public interest (Art. 6 Para. 1 lit. e GDPR) .

      If your data is used for direct marketing purposes , you can object at any time. In this case, your data will no longer be processed for this purpose.

d) Right to withdraw consent (Article 7 (3) GDPR)

If we process your data based on your consent , you can revoke this consent at any time with future effect . The legality of the processing up to the time of revocation remains unaffected.

e) Right to data portability (Article 20 GDPR)

If the processing is based on consent (Art. 6 (1) (a) GDPR) or a contract (Art. 6 (1) (b) GDPR) and is carried out using automated procedures, you have the right to receive the data you have provided in a structured, common, and machine-readable format . Upon request, we can transmit this data to another controller , provided this is technically feasible.

f) Restriction of processing of anonymized data

If personal data has been anonymized (e.g., for analysis purposes) and identification of the data subject is no longer possible, the above-mentioned rights do not apply. However, if you provide additional information that enables identification, access, deletion, or correction may be possible in individual cases.

 

g) Exercise of your rights & right to lodge a complaint with the supervisory authority

If you would like to exercise any of your data subject rights, please contact us at: hello@owin.care

If you believe that the processing of your data violates the GDPR, you have the right to complain to a competent data protection supervisory authority .

The supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin