Welcome to the Owkania Ambassador Squad! 💪

Privacy Policy

A. Information about the processing of personal data

We hereby inform you about the collection and processing of your data in accordance with Art. 13 GDPR.
Version: 2.2 Date: 23/05/2025

B. Contact Information

Data Controller:

Owkania Horse International GmbH

Supervisory Authority:

Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163

C. General Information

Personal Data:

Personal data, according to Art. 4(1) GDPR, refers to any information relating to an identified or identifiable natural person (‘data subject’). An identifiable person is one who can be identified, directly or indirectly, by reference to identifiers such as a name, identification number, location data, online identifier, or characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing:

According to Art. 4(2) GDPR, ‘processing’ means any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, erasure or destruction.

Controller:

The ‘controller’, pursuant to Art. 4(7) GDPR, is the natural or legal person or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

Consent:

Consent, under Art. 4(11) GDPR, means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them. You may withdraw your consent at any time by clicking the 'Privacy Settings' link in the footer of our website.

Legal Bases and Retention Periods

Legal Bases for Processing:

We process your personal data in accordance with the General Data Protection Regulation (GDPR) based on the following legal grounds:
- Art. 6(1)(a) GDPR – Consent
- Art. 6(1)(b) GDPR – Performance of a contract or steps taken prior to entering into a contract
- Art. 6(1)(c) GDPR – Legal obligation
- Art. 6(1)(f) GDPR – Legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights and freedoms

Retention Periods:

We retain personal data only as long as necessary for the purposes for which they were collected or as required by statutory obligations. Accounting and commercial records must be retained for 10 years in accordance with applicable tax and commercial laws.

Transfers of Data Outside the EU

We only transfer personal data to third countries (i.e., countries outside the European Union or the European Economic Area) when one of the following conditions is met:
- The country has been recognized by the European Commission as providing an adequate level of data protection
- Standard contractual clauses as approved by the European Commission are in place
- You have given your explicit consent for the transfer

D. Your Rights under the GDPR

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and related information such as the purposes of processing, categories of data, recipients, and retention periods.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data where, for example, the data is no longer necessary for the purposes collected or you withdraw consent, and no other legal ground for processing exists.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing, for instance when you contest the accuracy of the data or object to its processing.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit those data to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to processing of personal data concerning you based on legitimate interests, including profiling or direct marketing.

Right to Withdraw Consent (Art. 7(3) GDPR)

If processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement.

E. Order Fulfillment

1. Order Fulfillment and Delivery

We process personal data such as your name, address, contact information, and payment details in order to fulfill contracts of sale. This includes:
- Sending order confirmations, invoices, and shipping updates
- Sharing delivery information with shipping partners or suppliers
- Providing your phone number to freight carriers for delivery arrangements
- Engaging collection agencies or legal services in case of non-payment

Legal basis: Art. 6(1)(b) GDPR – processing necessary for the performance of a contract.
Under tax law (§147 AO), order-related data must be retained for 10 years.

2. Payment Processing

We process your name and payment amount to facilitate payment transactions. Payment data is stored for 10 years due to statutory retention obligations (§147 AO).
Legal basis: Art. 6(1)(b) GDPR.

3. Invoice, Direct Debit & Credit Checks

For business customers selecting invoice or direct debit, we may perform a credit check using Creditreform. Legal basis: Art. 6(1)(f) GDPR – legitimate interest in minimizing payment default risks.

We process the following data when you choose invoice or direct debit:
- Invoice and delivery address
- Banking details (IBAN, BIC, if applicable)

Retention periods:
- Accounting records: 10 years
- Commercial correspondence: 6 years
- Credit data is retained only if a contract is concluded

Credit check provider:
- Creditreform Kassel (https://www.creditreform.de/kassel/datenschutz)

4. Owkania Horse (Loyalty Program)

By creating a customer account, you can join our loyalty program, the 'owkania horse'. With every purchase, you earn points that can be redeemed for discounts, early access to promotions, and birthday vouchers. We process your contact details, birthdate (for birthday offers), and purchase history for this purpose.
Purpose: customer retention and marketing.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.

Service providers:
- Shopify International Ltd.
- Klaviyo Inc.

F. Communication Channels

1. Website Visit

When you visit our website, technical data is automatically collected, including:
- IP address
- Date and time of access
- Browser and operating system
- Referrer URL

This information is required to ensure proper website functionality.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest.

Service providers:
- Shopify (webshop platform)
- Amazon Web Services (hosting)
- Cloudflare (security & CDN)

2. Email & Contact Forms

If you contact us by email or via a contact form, we will process your name, email address, message content, IP address and browser data. Customer support is handled through Zendesk. Communications are stored in encrypted form.

3. Live Chat

If you use our live chat feature, Zendesk may process data such as IP address, device information and browser data.

4. Legal Basis

- For order-related inquiries: Art. 6(1)(b) GDPR – performance of a contract
- For general inquiries: Art. 6(1)(f) GDPR – legitimate interest in customer service

Data will be deleted as soon as it is no longer required and there is no legal retention obligation.

Service providers:
- Zendesk International Ltd.
- Microsoft Deutschland GmbH (email infrastructure)

5. Video Conferences and Online Meetings

We use Microsoft Teams for virtual meetings, job interviews or customer communication. The following data may be processed:
- Name, email address, IP address
- Audio/video data
- Chat content
- Time logs

Legal bases:
- Art. 6(1)(b) GDPR – performance of a contract
- §26 BDSG in conjunction with Art. 6 GDPR – recruitment
- Art. 6(1)(f) GDPR – legitimate interest

Service provider:
- Microsoft Deutschland GmbH

6. Job Applications

We process personal data provided in connection with job applications – including your name, contact details, education, and work history – solely for the purpose of recruitment. If an employment relationship is established, the data will be included in the personnel file.
Applications submitted via our website are processed through Personio.

Legal basis:
- Art. 6(1)(b) GDPR in conjunction with §26 BDSG – initiation of an employment contract
- If no employment contract is concluded, the data will be deleted no later than six months after rejection.

Service provider:

G. Marketing and Personalized Offers

To provide you with tailored offers, we process information about your purchases, browsing behavior and email interactions (such as opened messages, clicked links, cart contents).

Processed data may include:
- Name and email address
- IP address, device ID, cookie ID
- Browsing history, viewed products, purchase patterns
- Email activity (open and click rates)

Technologies used:
- Tracking pixels in newsletters
- Encrypted transport of email traffic
- Cookies (see section P for more)

Legal basis: Art. 6(1)(a) GDPR – your consent
You may revoke your consent at any time via the unsubscribe link or cookie settings.

Service providers:
- Klaviyo Inc. (for private customers)
- Rapidmail GmbH (for B2B clients)

1 . Analytics and Personalization

To improve our website and offers, we analyze user behavior using cookies and tracking services – only after you have given consent.

Collected data includes:
- IP address and location
- User IDs
- Browser information
- Activities on the site (clicks, views, searches)
- Email behavior (opens, clicks)

Purpose:
- Tailored recommendations
- Behavioral analytics
- Optimization of marketing offers

Legal basis: Art. 6(1)(a) GDPR – consent
You may withdraw consent via cookie settings or our consent banner.

Service provider:
- Klaviyo Inc.
- Data processing agreement pursuant to Art. 28 GDPR in place
- Certified under the EU-US Data Privacy Framework

2. Direct Mail and Customer Communication

We may use your name and postal address to send offers, surveys, or promotional materials by mail. This data may be sourced from public directories or previous customer interactions.

Processing and disclosure:
- Only for specific marketing purposes
- May be shared with shipping or mailing providers
- Occasionally based on address lists obtained from third parties with appropriate consent

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in promoting our own products.
You may object to postal advertising at any time.

Service provider:
- Klaviyo Inc.

3. Customer Communication with Existing Customers

If you have previously made a purchase and provided your email address, we may send you offers for similar products via email without additional consent. This is permitted under Art. 6(1)(f) GDPR in conjunction with §7(3) UWG (German Law Against Unfair Competition).

Conditions:
- Email address obtained in context of a sale
- Offer concerns similar products
- You have been informed about your right to object
- No objection has been made

You may unsubscribe at any time using the link in the email or by contacting our customer service.

4. Use of Google Services

We use various Google services for analytics, advertising, tag management, maps and video integration. These include:

1.Google Analytics & Signals – analytics on usage behavior (IP, clicks, devices)
2. Google Ads – remarketing and conversion tracking
3. Google Tag Manager – tag control (no direct personal data processing)
4. Google Maps and YouTube – loaded only upon consentLegal basis: Art. 6(1)(a) GDPR – consent

Legal basis: Art. 6(1)(a) GDPR – consent

You may withdraw your consent at any time via the consent banner.
Service provider:
- Google Germany GmbH

5. Social Media

We operate social media profiles on Facebook, Instagram, YouTube, LinkedIn, Pinterest, TikTok and X. We use these platforms to provide information and engage with our community.

Your data is only processed when you actively interact with our pages. The type of data collected depends on each platform’s privacy policy.

Legal basis:
- Art. 6(1)(f) GDPR – legitimate interest
- If we publish your name or image: Art. 6(1)(a) GDPR – consent

6. Product Reviews and Customer Surveys

You may submit reviews on our website when logged in. Your first name and optional role may be displayed. Reviews are stored as long as the product is available.

Review invitations and customer surveys are sent via REVIEWS.io and SurveyMonkey.
Legal basis: Art. 6(1)(a) GDPR – consent, which can be withdrawn at any time.

Service providers:
- REVIEWS.io 2020 GmbH
- SurveyMonkey Europe UC

H. Cookies and Similar Technologies

When you visit our website, cookies or similar technologies may be stored on your device. These technologies help store settings, preferences and functional data.

1. Categories of Cookies

- Essential cookies – Required for technical operation of the site
- Functional cookies – Enable features like maps, videos, or personalization
- Marketing cookies – Support personalization, advertising, tracking and analytics

We only use functional and marketing cookies with your explicit consent.

2. Storage Methods

Cookies – Small text files stored by your browser
- Session Storage – Temporary data storage during a single session (cleared when browser is closed)
- Local Storage – Persistent storage of preferences (remains until manually deleted)

3. Cookie Management

You can manage your cookie preferences at any time using the 'Privacy Settings' link in the footer of our website.

Country/region