Olymam

Privacy Policy – olymam

This page informs you in accordance with the GDPR & BDSG.

1. Controller

Olymaris
Rochlitzer Straße 1
09217 Burgstädt
Germany

2. General Information

Protecting your personal data is important to us. We process your data exclusively on the basis of the applicable laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This privacy policy informs you which data we collect, how we process it, and what rights you have.

3. Purposes of Processing

We process personal data exclusively for the following purposes:

  • Provision and operation of the app/website “olymam”
  • User management and performance of the contract
  • Improvement of technical security
  • Communication with users
  • Compliance with legal obligations

4. Collected Data and Legal Bases

4.1 Technical Usage Data

When using our app/website, the following data are processed automatically:

  • IP address (anonymized after 24 hours)
  • Date and time of access
  • Browser and operating system used

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical provision and security).

  • Operation of the app/website – Art. 6(1)(b)/(f) GDPR
  • User management – Art. 6(1)(b) GDPR
  • Security measures – Art. 6(1)(f) GDPR
  • Communication – Art. 6(1)(b)/(f) GDPR
  • Legal obligations – Art. 6(1)(c) GDPR

4.2 Data Categories & Notes

  • Technical data: IP address (anonymized after 24h), date/time, browser/OS
  • Customer data: Name, email, login – stored exclusively as hashed values
  • Communication data: Emails, support inquiries

Important Note

All personal data/images are stored fully as hashes (irreversible encryption). Neither the provider nor the technical team has access to plaintext data. Reversing hash values back to original data is technically impossible.

Implementation of Your Rights

  • Access: Information about stored hash values and data categories
  • Rectification: Replacement of old hashes with new ones (upon submission of new plaintext data)
  • Erasure: Complete removal of the hash value
  • Data portability: Original data can be provided again
  • Restriction: Blocking of the hash value until clarification

No disclosure to third parties: No transfer of personal data to third parties takes place unless required by law or expressly approved by you.

5. Cookies and Tracking Technologies

5.1 Legal Basis

Since 1 December 2021, Section 25 TDDDG (formerly TTDSG) regulates the use of cookies.

5.2 Technically Necessary Cookies

We only use strictly necessary cookies that are essential for operation:

  • Session management
  • Login status
  • Security functions

Legal basis: § 25(2) no. 2 TDDDG and Art. 6(1)(f) GDPR

5.3 No Marketing Cookies

We do not use tracking or marketing cookies without prior consent.

6. Use of Artificial Intelligence (AI)

Where AI-supported systems are used as part of our services (e.g., chatbots, automated text generation), this is done in compliance with the EU Artificial Intelligence Act (EU AI Act). There is no automated decision-making producing legal effects within the meaning of Art. 22 GDPR.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (interest in innovative, secure features).

I. Scope & Risk Classification

  • Use in accordance with Regulation (EU) 2024/1689 (the “EU AI Act”)
  • Systems with unacceptable risk (e.g., social scoring, biometric mass surveillance) are prohibited

II. Transparency & Labelling

  • Notice when users interact with an AI system
  • AI-generated content is labelled accordingly
  • For GPAI models: public summary report on the training dataset

III. Risk Management & Security

  • Processes pursuant to Art. 9 EU AI Act (data quality, bias testing, human oversight)
  • For GPAI with potential systemic risk: additional checks, safety protocols and reporting obligations

IV. Training & Competence

Personnel using AI systems must possess sufficient AI competence.

V. Liability & Sanctions

Breaches of the EU AI Act may result in significant fines (up to 7% of worldwide annual turnover or a maximum of EUR 35 million).

VI. Ongoing Compliance

We only use AI services that comply with the requirements of the EU AI Act and regularly review compliance. Changes to the AI services used or to data-processing procedures are updated promptly and communicated transparently.

7. Recipients & International Transfers

  • Hosting: Strato (Germany, EU)
  • Analytics services: analytics.google.com

No transfer to third countries without appropriate safeguards (Art. 44 et seq. GDPR). No disclosure to third parties unless required by law.

8. Storage Period

  • Technical data: 24 hours (then anonymized)
  • Contract-relevant data: 6–10 years (statutory retention periods)
  • Support inquiries: 12 months

9. Data Security

  • SSL/TLS encryption
  • Regular security updates
  • Hashing of sensitive data
  • Minimization of data storage
  • Anonymization of IP addresses

10. Data Subject Rights

  • Access, rectification, erasure, restriction
  • Data portability
  • Objection
  • Withdrawal of consent
  • No automated decision-making (Art. 22 GDPR)

11. Complaint

Competent data protection supervisory authority:

Saxon Data Protection and Transparency Officer
Devrientstraße 1, 01067 Dresden
Phone: +49 351 85471-101

12. Changes

This statement will be updated as necessary and published.

Last updated: November 2025 — Version: 1.05

These Terms and Conditions and this Privacy Policy take into account the current requirements of the GDPR, TDDDG and the EU AI Act.