Privacy Policy

Last updated: May 2025 · Controller: Optima Ecom AI GmbH, Berlin

This privacy policy explains how Optima Ecom AI GmbH ("we", "us", "our") collects, uses, and protects personal data when you visit our website at optimaecomai.com or contact us about our services.

We are subject to the General Data Protection Regulation (GDPR) and applicable German data protection law, supervised by the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

1. Data Controller

Optima Ecom AI GmbH
Mommsenstraße 9, 10630 Berlin, Germany
Email: [email protected]
Phone: +49 30 8832321

2. What data we collect and why

2.1 Website analytics

With your consent (analytics cookies), we collect anonymised data about how visitors use our website — pages visited, time on site, referral source, device type. This is used to understand how well the website serves visitors. Legal basis: consent (Art. 6(1)(a) GDPR).

2.2 Contact form

When you submit the contact form, we collect: name, email address, e-commerce platform (optional), topic of enquiry, and any message you include. This is used to respond to your enquiry and assess whether a discovery call is appropriate. Legal basis: pre-contractual measures / legitimate interest (Art. 6(1)(b) and (f) GDPR).

2.3 Email communication

If you email us directly at [email protected], we process your email address and message content to respond. Legal basis: pre-contractual measures / legitimate interest (Art. 6(1)(b) and (f) GDPR).

2.4 Technical data (server logs)

Our hosting provider may log standard technical data including IP address, browser type, and page requests for security and operational purposes. These logs are retained for no longer than 30 days. Legal basis: legitimate interest in operating a secure website (Art. 6(1)(f) GDPR).

3. Cookies

We use cookies as described in our Cookie Policy. Strictly necessary cookies are always active. Analytics cookies are only placed with your explicit consent, given via the cookie banner when you first visit the site. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

4. How long we keep your data

Type of dataRetention period
Contact form submissions (pre-contract)Up to 12 months, or until the enquiry is resolved and no contract results
Client project data (contractual)For the duration of the contract plus 10 years for legal/tax records
Analytics dataAs configured in the analytics tool — maximum 26 months
Server logsMaximum 30 days

5. Who we share data with

We do not sell personal data. We may share data with:

  • Our hosting provider (EU-based server infrastructure) for website operation
  • Analytics software providers, subject to your cookie consent
  • Lawyers, accountants, or courts if required by law

For client projects, we enter into a separate Data Processing Agreement (DPA) as required under GDPR Art. 28. The specific sub-processors used in each project are documented in that agreement.

6. International transfers

We aim to keep data processing within the EU/EEA. Where we use services with servers outside the EU, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses). Details of any such transfers are available on request.

7. Your rights

Under GDPR, you have the following rights:

  • Right of access (Art. 15): request a copy of your personal data we hold
  • Right to rectification (Art. 16): correct inaccurate data
  • Right to erasure (Art. 17): request deletion of your data where we have no legal obligation to retain it
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at: [email protected]. We aim to respond within 30 days.

8. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority for data protection in Berlin:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. This includes encrypted data transmission (HTTPS), access controls, and regular security reviews.

10. Automated decision-making

We do not use automated decision-making or profiling that has legal or similarly significant effects on individuals based on data collected through this website.

11. Changes to this policy

We may update this privacy policy from time to time. The current version is always available at this URL. Material changes will be communicated by updating the "last updated" date above.

12. Contact for privacy matters

For any questions about this policy or to exercise your rights:
[email protected]
Optima Ecom AI GmbH, Mommsenstraße 9, 10630 Berlin