Chevron
Fast delivery

Free shipping from €48 in DE

Produced in Germany

Chevron
Home Produkte Focus Shot About Us
English Chevron
Account
Account

Privacy policy

Thank you for your interest in our company. We take data protection seriously.

You can generally use our website without providing any personal data. However, if a data subject wishes to order products from our company through our online shop, processing of personal data will be required.

The processing of personal data (such as the name, address, email address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and the national data protection provisions applicable to us.

By means of this Privacy Policy, we wish to inform the public about the type, scope and purpose of the personal data we collect, use and process. This Privacy Policy also informs data subjects of the rights to which they are entitled.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via our website. However, data transmissions over the internet may, in principle, contain security vulnerabilities, and absolute protection cannot be guaranteed.

1. Definitions

This Privacy Policy is based on the definitions used by the European legislator when adopting the GDPR (Article 4 GDPR). This Privacy Policy is intended to be easy to read and easy to understand for everyone. To ensure this, we would first like to explain the terms used. The following definitions, among others, are used in this Privacy Policy:

  • “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “data subject” means any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
  • “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
  • “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • “recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be carried out in compliance with the applicable data protection rules according to the purposes of the processing;
  • “third party” means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and contact details of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Marcel Effenberger
Christine-Teusch-Str. 4
53859 Niederkassel
Germany
Phone: +49 152 29571994
Email: info@onsync.shop

3. Collection and storage of personal data and the type and purpose of its use

a) When visiting the website

You can generally use our website without disclosing your identity. When you access our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the file accessed,
  • the website from which access was made (referrer URL),
  • the browser used and, where applicable, the operating system of your computer and the name of your access provider.

The above data is processed by us for the following purposes:

  • ensuring a smooth connection to the website,
  • ensuring comfortable use of our website,
  • evaluating system security and stability, and
  • for further administrative purposes.

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

In addition, we use cookies and analytics services on our website. Further information can be found in the corresponding sections of this Privacy Policy.

b) When using our contact form

For any inquiries, we offer you the option of contacting us via a form provided on our website. Providing a valid email address and a name is required so that we know whom the inquiry is from and so that we can respond to it. Further information may be provided voluntarily. It is at your discretion whether you wish to enter this data via the contact form.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(b) GDPR, provided that your inquiry relates to the performance of a contract or to pre-contractual measures. In all other cases, processing is based on our legitimate interest in handling the inquiry (Art. 6(1)(f) GDPR).
The personal data collected by us for the use of the contact form will be deleted after your inquiry has been resolved.

c) For orders placed via our website

Via our website, you can either place orders as a guest, without registering, or register in our shop as a customer for future orders. Registration has the advantage that, for any future order, you can log in to our shop directly with your email address and the code sent to your stored email address, without having to enter your contact details again.

Your personal data is entered via an input form and transmitted to us and stored. When you place an order via our website, we collect the following data, both in the case of a guest order and in the case of registration in the shop:

  • salutation, first name, surname,
  • a valid email address,
  • address,
  • where applicable, telephone number (landline and/or mobile).

This data is collected

  • to identify you as our customer;
  • to process, fulfil and handle your order;
  • for correspondence with you;
  • for invoicing;
  • to handle any liability claims;
  • to assert any claims against you;
  • to ensure the technical administration of our website;
  • to manage our customer data.

The data processing takes place in response to your order and/or registration and is necessary under Art. 6(1)(b) GDPR for the stated purposes for the appropriate processing of your order and for the mutual performance of obligations arising from the purchase contract.

The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention obligation and will then be deleted, unless we are obliged to store it for a longer period in accordance with Art. 6(1)(c) GDPR due to tax and commercial law retention and documentation obligations (under the German Commercial Code (HGB), Criminal Code (StGB) or Fiscal Code (AO)) or unless you have consented to storage beyond this period in accordance with Art. 6(1)(a) GDPR.

4. Disclosure of data

Your personal data will only be disclosed to third parties involved in the performance of the contract, such as the logistics company commissioned with delivery and the credit institution commissioned with payment matters. In cases where your personal data is shared with third parties, the scope of the data transferred is limited to the necessary minimum.

For payment via PayPal, credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal, we forward your payment data, as part of payment processing, to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). For the payment methods credit card via PayPal, direct debit via PayPal or “purchase on account” via PayPal, PayPal reserves the right to carry out a credit check. PayPal uses the result of the credit check in respect of the statistical probability of payment default to decide on the provision of the respective payment method. The credit assessment may contain probability values (so-called score values). Where score values are included in the result of the credit assessment, they are based on a scientifically recognised mathematical-statistical procedure. Address data is among the data included in the calculation of score values.

For payments via Shopify Payments, payment processing is carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Necessary payment data is transmitted to the payment service provider to the extent required for the performance of the contract.

For the operational processing of orders, we use the service of Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany. Only the data necessary for order processing is transmitted.

Your personal data will not be transmitted to third parties for purposes other than those listed above.
We will only share your personal data with third parties if:

  • you have given your express consent in accordance with Art. 6(1)(a) GDPR,
  • the disclosure is necessary under Art. 6(1)(f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
  • in the event that there is a legal obligation to disclose under Art. 6(1)(c) GDPR, and
  • this is permitted by law and is necessary under Art. 6(1)(b) GDPR for the performance of contractual relationships with you.

5. Customer accounts
If you create a customer account on our website, we collect and process the data entered in the corresponding forms to set up and manage your customer account and to perform the contractual relationship (Art. 6(1)(b) GDPR). The data required for this purpose can be seen from the respective input forms.

You may request the deletion of your customer account at any time; a message to the contact details listed above is sufficient. After deletion of your customer account, your personal data will be deleted unless statutory retention obligations (e.g. under commercial or tax law) or a legitimate interest on our part preclude further storage.

6. Direct marketing and newsletter

  • Newsletter sign-up: If you subscribe to our newsletter, it is only dispatched with your separate consent through a double opt-in procedure. The mandatory information for sending is the email address; any further information is voluntary and is used for a more personal approach.
  • Legal basis and withdrawal: The processing of your data for the purpose of sending the newsletter is based on your consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by sending us a notification. After unsubscribing, your email address will be removed from the distribution list, unless statutory retention obligations apply.
  • Service provider Klaviyo: The newsletters are sent via Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA. For this purpose, we share your email address and, where applicable, any other voluntarily provided data with Klaviyo. Klaviyo is engaged as a processor in accordance with Art. 28 GDPR. As part of its services, Klaviyo may collect open and usage statistics by means of so-called web beacons. These analyses are carried out exclusively on the basis of your consent.

A transfer of personal data to the USA takes place on the basis of the EU-US Data Privacy Framework, for which Klaviyo is certified.

7. Use of cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, trojans or other malware.

Cookies store information that arises in connection with the specific device used. This does not mean, however, that we obtain direct knowledge of your identity as a result.

The use of cookies serves, on the one hand, to make the use of our offering more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, in order to optimise user-friendliness, we use temporary cookies that are stored on your device for a specified period. If you visit our website again, it is automatically recognised that you have visited us before and which entries and settings you have made, so that you do not have to enter them again.

Insofar as cookies are technically necessary for the operation of the website, they are used on the basis of Section 25(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG) and Art. 6(1)(f) GDPR.

The use of cookies for analytics or marketing purposes takes place exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw your consent at any time via the settings of your cookie banner.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored or so that a notice always appears before a new cookie is created. Completely deactivating cookies may, however, result in you not being able to use all functions of our website.

8. Analytics and tracking tools
On our website, we use various technologies to analyse the use of our website and to optimise our online marketing measures. The use of these technologies is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw your consent at any time via the settings of your cookie banner.

Google Analytics
We use Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Integration is implemented via the Google & YouTube app within our shop system. Google Analytics uses cookies and similar technologies to analyse the use of our website (including pages visited, time spent, origin of visitors, approximate location based on a truncated IP address, device and browser information). This information is generally transferred to Google and stored there.
The legal basis is exclusively your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG; without consent, Google Analytics is not loaded. You may withdraw your consent at any time with effect for the future via the settings of our consent tool. Personal data may be transferred to Google LLC in the USA; Google is certified under the EU-US Data Privacy Framework. A data processing agreement under Art. 28 GDPR is in place with Google.

Microsoft Clarity
To analyse user behaviour, we use Microsoft Clarity, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Clarity creates heatmaps and records selected sessions (session replays) in order to analyse how visitors interact with our website. The data processed includes mouse and scroll movements, clicks, device and browser information and a truncated IP address. Cookies and similar technologies are used for this purpose.
The legal basis is exclusively your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Without consent, Microsoft Clarity is not loaded. You may withdraw your consent at any time with effect for the future via the settings of our consent tool. As part of the use, personal data may be transferred to Microsoft Corporation in the USA; Microsoft is certified under the EU-US Data Privacy Framework. A data processing agreement under Art. 28 GDPR is in place with Microsoft. Session recordings are automatically deleted after 30 days, while heatmap and aggregated data are deleted after 13 months. Further information: https://privacy.microsoft.com/en-us/privacystatement

Meta Pixel
To measure and optimise our advertising activities, we use the Meta Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This allows the behaviour of users to be tracked after they have reached our website by clicking on an advertisement. The technology uses cookies or comparable identifiers. The setting of these marketing cookies and the associated data processing take place exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG, which may be withdrawn at any time via the settings of our consent tool. Personal data may be transferred to the USA (Meta is certified under the EU-US Data Privacy Framework).

In the course of using these services, personal data may be transferred to the USA or other third countries. Where necessary, such transfers take place on the basis of the EU-US Data Privacy Framework, an adequacy decision of the European Commission, or appropriate safeguards such as Standard Contractual Clauses.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored or so that a notice always appears before a new cookie is created. Completely deactivating cookies may, however, result in you not being able to use all functions of our website.

9. Other services and tools

  • Consent management (Pandectes): To obtain and manage your consents for cookies and tracking technologies, we use the consent management tool Pandectes GDPR Compliance of Pandectes, Pudisoo küla, Männimäe/1, 74626 Kuusalu vald, Estonia (contact: info@pandectes.io). Technically necessary cookies are set to store your consent decisions and document them in a verifiable manner. The legal basis is Art. 6(1)(c) GDPR in conjunction with Section 25(2) TDDDG, as well as our legitimate interest in legally compliant consent management (Art. 6(1)(f) GDPR).
  • Accounting software (sevDesk): For bookkeeping and invoicing, we use sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany. The processing of personal data is carried out to fulfil our statutory obligations under tax and commercial law in accordance with Art. 6(1)(c) GDPR and on the basis of our legitimate interest in the efficient organisation of our business processes in accordance with Art. 6(1)(f) GDPR.
  • Review platform (Judge.me): To collect and publish customer reviews, we use Judge.me (Judge.me Ltd.). Relevant order information (e.g. name, email address, product data) may be transmitted to Judge.me in order to verify the authenticity of the review. Processing is based on our legitimate interest in transparent customer reviews (Art. 6(1)(f) GDPR); where non-essential cookies are set, on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG). Data may be transferred to third countries (e.g. USA), safeguarded via the EU-US Data Privacy Framework, an adequacy decision or appropriate safeguards.
  • Affiliate/referral programme (UpPromote): To manage our affiliate and referral programme, we use UpPromote, operated by SECOMUS TECHNOLOGY JOINT STOCK COMPANY (Secomapp), Home City, Tầng 4, Toà V4, 177 Trung Kính, Yên Hòa, Hà Nội 100000, Vietnam (contact: privacy@secomapp.com). If you reach us via a referral link or a partner’s discount code or place an order via such means, we process information for the attribution of the referral (e.g. referral/cookie ID, pages accessed, order and revenue data for commission accounting). Where cookies or comparable technologies that are not technically necessary are used for this purpose, this is done on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG); otherwise, for the operation of our partner programme on the basis of our legitimate interest in the settlement of referrals (Art. 6(1)(f) GDPR). In the course of use, personal data may be transferred to Vietnam. There is no adequacy decision of the European Commission for Vietnam; the transfer is therefore based on appropriate safeguards within the meaning of Art. 46 GDPR (in particular Standard Contractual Clauses).

10. Stock notifications and cart reminders

  • Stock availability notifications: If you sign up to be notified of the re-availability of a product that is temporarily unavailable, we will process the email address you provide exclusively for this purpose. Processing is based on your consent in accordance with Art. 6(1)(a) GDPR. Sign-up is carried out using a double opt-in procedure to ensure that the holder of the email address provided actually requested the notification.
  • Cart reminders: If you sign up for a one-time reminder about an unfinished order, we will process the data necessary for this purpose (e.g. email address and cart information) in order to remind you of your unfinished purchase. Processing is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR.
    You can withdraw your consent at any time with effect for the future. After withdrawal or once the purpose of processing no longer applies, the corresponding data will be deleted, unless statutory retention obligations apply.

11. Hosting
To operate our website and our online shop, we use the infrastructure and platform services of Shopify. The provider for users from Europe is Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.

As part of the use of Shopify, personal data of website visitors and customers is processed on Shopify’s servers. This includes, in particular, data collected in the course of using our website, ordering products or using our customer account.

Furthermore, as part of the technical infrastructure, data may be transferred to Shopify Inc., 150 Elgin St., Ottawa, ON K2P 1L4, Canada.

A data processing agreement in accordance with Art. 28 GDPR has been concluded with Shopify. This obligates Shopify to comply with appropriate technical and organisational measures to protect personal data.

For Canada, there is an adequacy decision of the European Commission pursuant to Art. 45 GDPR, ensuring an adequate level of data protection.

12. Data subject rights

You have the right:

  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or to object, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details;
  • pursuant to Art. 16 GDPR, to immediately request the rectification of inaccurate personal data or the completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
  • pursuant to Art. 7(3) GDPR, to withdraw your consent given to us at any time. As a consequence, we will no longer be allowed to continue the data processing based on this consent in the future; and
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or place of work or our company’s registered office.

13. Right to object

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are grounds for doing so arising from your particular situation.

If your objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object, which will be implemented without you having to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, an email to: info@onsync.shop is sufficient.

14. Data security

During your visit to the website, we use the widespread SSL/TLS encryption procedure to protect your data during transmission. You can recognise an encrypted connection by the fact that the address line of your browser starts with “https://” and by the lock icon in the browser bar.

In addition, we use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or against unauthorised access by third parties.
Our security measures are continuously improved in line with technological developments.

15. Storage period

We store personal data only for as long as is necessary to achieve the respective processing purposes or as required by statutory retention periods.

If you have consented to the processing of your personal data, we will store this data until you withdraw your consent.

Where data must be stored due to statutory retention obligations (e.g. under tax or commercial law), storage is carried out for the duration of the applicable statutory periods. After expiry of these periods, the relevant data will be deleted, unless it is still required for the performance or initiation of a contract.

16. Contact for data protection inquiries

If you have any questions about the processing of your personal data, the exercise of your rights, or the granting or withdrawal of consent, you may contact the controller at any time:

Marcel Effenberger
Christine-Teusch-Str. 4
53859 Niederkassel
Germany
Email: info@onsync.shop

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. As a rule, you can contact the supervisory authority of your habitual residence, your place of work or our company’s registered office.

 

Last updated: 18 May 2026 (This English version is provided for convenience. In case of discrepancies, the German version prevails.)