Privacy Policy

1. Controller
Controller in the sense of the General Data Protection Regulation (GDPR):
OSS Group GmbH
Alte Bergstr. 5
84174 Eching
Germany
Represented by the Managing Director:
Falko B. Diener
Phone: +49 (0) 1522 8093619
E-mail: contact@whynot.limited

2. General information on data processing
The protection of your personal data is very important to us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Personal data is any data with which you can be personally identified.
The processing of personal data is carried out exclusively within the framework of legal provisions, in particular the General Data Protection Regulation (GDPR).

3. Data collection when visiting our website
When you visit our website, information is automatically collected by the web server.
This includes, in particular:
•    IP address
•    Date and time of the server request
•    Browser type and browser version
•    Operating system used
•    Referrer URL
•    Hostname of the accessing computer
This data is processed to ensure the smooth operation of the website and to improve our offer.
Legal basis: Art. 6 para. 1 lit. f GDPR.

4. Hosting and shop system (Shopify)
Our online shop is operated via Shopify Inc.,
151 O’Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada.
Shopify provides the e-commerce platform through which we offer and sell our products.
In the course of using Shopify, personal data is processed, in particular:
•    Name
•    Address
•    Email address
•    Payment information
•    Order data
•    IP address
The data is stored on Shopify's servers. These may also be located outside the European Union.
Shopify processes data in accordance with the GDPR and uses appropriate protective mechanisms for international data transfers (e.g. standard contractual clauses).
Further information can be found in Shopify's privacy policy:
https://www.shopify.com/legal/privacy
Legal basis for processing:
Art. 6 para. 1 lit. b GDPR (performance of contract).

5. Cookies
Our website uses cookies. Cookies are small text files that are stored on your device.
Shopify uses cookies to provide basic functions of the online shop, in particular:
•    Storage of the shopping cart
•    Login functions
•    Execution of the ordering process
•    Fraud protection
These cookies are technically necessary.
Legal basis: Art. 6 para. 1 lit. f GDPR.
You can set your browser so that you are informed about the setting of cookies or allow cookies only in individual cases.

6. Orders in the online shop
If you place an order via our online shop, we process your data to process the order.
This includes, in particular:
•    Name
•    Delivery address
•    Billing address
•    Email address
•    Phone number (optional)
•    Payment information
•    Order history
This data is required for the performance of the contract.
Legal basis: Art. 6 para. 1 lit. b GDPR.

7. Payment processing (PayPal)
On our website, we offer payment via PayPal, among others.
The provider of this payment service is:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg
If you pay with PayPal, the data required for payment processing will be transmitted to PayPal.
This concerns, in particular:
•    Name
•    Payment amount
•    Order information
•    Email address
•    IP address
The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (performance of contract).
Further information can be found in PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8. Contacting us
If you contact us by e-mail, your information will be stored to process the request.
Processed data may include:
•    Name
•    Email address
•    Content of the message
Legal basis:
Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR.

9. Storage duration
We only store personal data for as long as this is necessary to fulfill the respective purposes.
Statutory retention obligations under commercial and tax law (e.g. 6 or 10 years) remain unaffected.

10. Your rights
You have the following rights at all times:
•    Information about your stored data (Art. 15 GDPR)
•    Correction of inaccurate data (Art. 16 GDPR)
•    Deletion of your data (Art. 17 GDPR)
•    Restriction of processing (Art. 18 GDPR)
•    Data portability (Art. 20 GDPR)
•    Objection to processing (Art. 21 GDPR)
You can contact us at any time to exercise your rights.

11. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

12. Up-to-dateness of this privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services.