Privacy Policy

Below, we would like to inform you in detail about which personal data we collect, for what purposes they are used, with whom they may be shared, and which rights of control and information you may be entitled to.

A. Controller and Contact

The controller responsible for this website is OneChain GmbH, Hohenzollernstr. 12, 14163 Berlin, Germany Phone: +49 30 609 821 970, Email: one@onechain.eu (hereinafter referred to as “OneChain” or “we”). If you have any questions regarding this privacy policy or the collection, processing, or use of your personal data, you are welcome to contact our data protection officer. You can reach our data protection officer at itcon@harkenthal-it.de.

B. Processing of Your Data When Using Our Website

1. Use of Our Website for Informational Purposes

If you visit our website for informational purposes only, without providing personal data via registration or other means, only the internet connection data transmitted by your browser to our server will be processed. These data include personal data only to a limited extent. The processed information includes your IP address and other usage data (e.g. date and time of access, name of the accessed page, information on the volume of data transferred, and the requesting provider). This information is processed to enable the use of our website (e.g. by adapting our website to the technical requirements of your device) and to obtain comprehensive demographic data for the creation of anonymised statistics on website usage. These data are not merged with data from other sources. The legal basis for this processing is Art. 6(1)(f) GDPR, as the automatically collected data are required for the effective provision of our website. In addition, Art. 6(1)(f) GDPR applies, as the storage of this data serves our legitimate interest in ensuring the stability and security of the website and in optimising our website. In order to document your declaration of consent given prior to visiting the website in accordance with legal requirements, it is necessary to store this declaration of consent, including your IP address, for at least three years after the end of the year in which you last gave your consent, pursuant to Art. 6(a) and (f) GDPR.

1.1 Cookies

This website uses cookies. Cookies are small text files that are stored on your device. These text files may contain information about websites you have accessed. They help identify you when you visit our website. Some cookies are used to store your preferences and are deleted at the end of your browser session, i.e. when you close your browser (so-called session cookies). Other cookies help adapt the website to user needs and remain stored on your device (so-called persistent cookies). Below, we explain which cookies we use. We use our own session cookies to enable customer-friendly use of our website, for example to store your settings. These cookies are automatically deleted at the end of the browser session. The legal basis for the use of such cookies is the performance of a contract (Art. 6(1)(b) GDPR). In addition, we work with other service providers who support us in improving our website or offering additional functions. These service providers may use their own cookies under certain circumstances. Further information on this can be found in the following sections.

1.2 Google Analytics

This website uses the web analytics service Google Analytics. The service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies (see above, Section 1.1). The information generated by these cookies about your use of this website is transmitted to and stored on a Google server. We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or other contracting states to the Agreement on the European Economic Area before transmission to a server in the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website and internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. The storage of Google Analytics cookies is based on Art. 6(1)(f) GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. If a user is a Facebook member and does not want Facebook to collect data about them via this service and link it with their stored Facebook membership data, they must log out of Facebook before visiting the website.

1.3 LinkedIn-Plugins / Content

Our website integrates functions and content from the social network LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). LinkedIn is a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. When you access a page that contains a LinkedIn plugin (e.g. posts, videos, or buttons), a direct connection to LinkedIn’s servers is established. In this process, personal data such as your IP address, browser information, and possibly additional usage data are transmitted to LinkedIn and processed there. If you are logged into your LinkedIn account, LinkedIn may associate your visit to our website with your user account. The integration serves the purpose of presenting our content and services in an attractive way and enabling interaction with LinkedIn. The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR. Without your consent, LinkedIn content will not be loaded (two-click solution / consent banner). It cannot be ruled out that the transmitted data may also be processed in the USA. There is currently no adequacy decision by the EU for the USA. LinkedIn relies, among other safeguards, on the EU Standard Contractual Clauses for data transfers to the USA. Further details on data processing by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

2. Use of Our Services on the Website

We offer additional tools and services on our website (e.g. contact options). When using these services, we may collect personal data from you, such as your name or email address, and possibly additional personal information. Required information is always marked as mandatory fields. Without this information, we may not be able to provide the requested service or respond to inquiries. Below, we inform you about the respective processing operations and legal bases.

2.1 Contact

If you contact us, for example via a contact form or by email, the personal data you provide will be processed by us. This typically includes your name and email address (mandatory fields), as well as any additional information you choose to provide. These data are used exclusively to respond to your inquiry or for the associated technical administration. The legal basis for this data processing is Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance of a contract or pre-contractual measures, and Art. 6(1)(f) GDPR, as the processing serves our legitimate interest in handling inquiries.

2.2 Newsletter

If you subscribe to our newsletter, which informs you about our latest products and services, the personal data you provide in this context (e.g. name, address, and email address) will be processed by us for the purpose of sending the newsletter. You may object to receiving the newsletter at any time with effect for the future by unsubscribing via the unsubscribe link provided at the end of each newsletter or by contacting us by other means.

C. Processing of Your Data in Customer or Supplier Relationships

Within the scope of customer and supplier relationships, we process the following personal data:

> Contact information, such as your full name, business address, telephone number, mobile phone number, fax number, and email address;

> Payment details, such as data required for processing payments and preventing fraud, including credit card or EC card numbers, verification codes, and billing information;

> Information obtained from public sources, where applicable;

> Data required for compliance purposes, such as information necessary to fulfil legal obligations, including the ability to provide information to authorities for cartel law or similar regulatory purposes.

We process personal data for the following purposes:

> Planning, execution, control, and administration of your contractual relationship with us, for example for contract fulfilment, order processing, service provision, delivery of goods, handling of warranty claims, processing of complaints and returns, enabling repairs, and providing support services or other services at your request (Art. 6(1)(b) GDPR);

> Contacting you within an existing business relationship, insofar as this is legally permissible, in order to inform you about our products or services that you have already purchased or used, or that are related to them (generally based on Art. 6(1)(f) GDPR), unless you have given your consent, in which case Art. 6(1)(a) GDPR applies;

> Compliance with legal obligations, enforcement of our contractual agreements, and the establishment, exercise, or defence of legal claims (Art. 6(1)(f) GDPR);

> Ensuring compliance with tax and commercial law obligations, for example retention of accounting records or the sending of legally required notices and other disclosures (Art. 6(1)(c) GDPR).

With regard to direct marketing (e.g. by email), we will only process and transmit your personal data if you have consented to such processing, insofar as this is legally required.

D. Automated Decision-Making

We do not process your personal data for automated decision-making processes that produce legal effects concerning you or similarly significantly affect you.

E. Disclosure of Personal Data to Third Parties

In addition to the cases listed in this privacy policy, personal data may be disclosed to third parties. Personal data may be disclosed to third parties who act on our behalf and process personal data in accordance with the underlying purpose, for example for the provision of offered services, analysis of user behaviour on our website, or technical support. These third parties are contractually obliged by us, on the basis of statutory agreements, to use personal data only for the agreed purpose and not to disclose personal data to other parties without authorisation, unless this is legally required. In individual cases, your personal data may also be disclosed to the following recipients:

> Banks, for the purpose of processing payments;

> Courts, law enforcement authorities, supervisory authorities, tax authorities, and lawyers, where this is legally permissible or required.

Such disclosure of your personal data is based on Art. 6(1)(f) GDPR. Our legitimate interest arises from the respective purposes stated above. Some recipients are located outside the European Economic Area (EEA). Further information on cross-border data transfers outside the EEA can be found in Section F. In the event of a restructuring or sale of our company to a third party, personal data may be transferred to the restructured entity or the acquiring third party in compliance with applicable law. If we are legally entitled or obliged to do so (e.g. due to applicable law or a court order), we may disclose your personal data.

F. Transfer of Personal Data to Third Countries

To the extent described above, it is possible that we may transfer your personal data to other countries (including countries outside the European Economic Area (EEA), so-called third countries), where different data protection standards may apply compared to those in your country of residence. Please note that personal data processed in other countries may be subject to foreign laws and may be accessible to governments, courts, law enforcement authorities, and supervisory authorities in those countries. When transferring your personal data to third countries, we will take appropriate measures to ensure an adequate level of data protection. As a rule, transfers to third countries are safeguarded by the application of the EU Standard Contractual Clauses (see: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087). You may obtain corresponding evidence or further details by contacting us via email at the address provided above.

G. Data Minimisation and Retention Period

Our objective is to process your personal data only to the minimum extent necessary. We therefore store your personal data only for as long as required to fulfil the respective purpose for which they were collected or for which you originally consented, unless longer storage is required or permitted by law.

H. Your Rights

Depending on the circumstances of the individual case, you have the following rights:

> Right of access to your personal data

> Right to rectification or erasure, or restriction of processing of your personal data

> Right to withdraw consent at any time

> Right not to be subject to a decision based solely on automated processing, including profiling

> Right to data portability

> Right to object to the processing of your personal data

You may (i) exercise the above rights, (ii) ask questions, or (iii) lodge a complaint regarding the processing of your personal data by contacting us as described in the sections above. You also have the right to lodge a complaint with the competent data protection supervisory authority at any time.

I. Changes to This Privacy Policy

We reserve the right to amend this privacy policy at any time to reflect updates to our website or changes in legal requirements. Please visit this website regularly to review the current version of this privacy policy. This privacy policy was last updated on 15 December 2025.

OneChain GmbH