Privacy Policy

1. Introduction

Welcome to oneLake GmbH (“we”, “our”, “us”). This Privacy Policy explains how we process personal data when you use our website and services, and what rights you have under the GDPR and German cookie law (TDDDG/TTDSG).

We process personal data only where permitted by law — for example to provide our services, to meet legal obligations, or where you have given consent.

2. Company Information (Controller)

Controller (Art. 4(7) GDPR): oneLake GmbH Goldammerweg 1, 44388 Dortmund, Germany

Contact for privacy inquiries: dataprotection@onelake.de

3. Data Collection

We collect personal data that you provide to us directly and data that is generated when you use our website.

3.1 Data you provide to us

Depending on the service, this may include:

Account and contact data (e.g., name, email address, phone number)
Billing data (e.g., address, invoice details)
Communication data (e.g., messages you send to support)

3.2 Data collected automatically when you use the website

When you visit our website, our servers automatically log:

IP address (stored only as long as technically necessary)
date and time of access
pages accessed
browser type and version
operating system
referrer URL These logs are used for security, stability, and error analysis.

We do not intentionally collect special categories of personal data (Art. 9 GDPR).

4. Purposes and Legal Bases of Processing

We process personal data for the following purposes and based on these legal grounds:

1. Providing our services and fulfilling contracts

Legal basis: Art. 6(1)(b) GDPR

2. Customer support and communication

Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR (legitimate interest in support)

3. Security, fraud prevention, and technical stability

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Legal basis: Art. 6(1)(a) GDPR and §25 TDDDG/TTDSG

Details in section 6.

We share personal data only when necessary and legally permitted.

5.1 Service providers (processors)

We use carefully selected service providers who process data on our behalf (Art. 28 GDPR), e.g., hosting and infrastructure providers. They may access data only to perform their services and are contractually bound to confidentiality.

5.2 Google Analytics 4

If you consent to analytics cookies, we use Google Analytics 4, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google processes analytics data on our behalf as a processor under Google’s Data Processing Terms.

6. Cookies and Tracking

6.1 Necessary cookies (always active)

We use necessary cookies to ensure the website works properly (e.g., security, basic functionality, and saving your cookie settings). These cookies are required and cannot be disabled.

Legal basis: §25(2) TDDDG/TTDSG (technical necessity) and Art. 6(1)(f) GDPR

6.2 Analytics cookies — Google Analytics 4 (optional)

We use analytics cookies only if you give consent in the cookie banner.

Purpose:

To measure and understand how our website is used (e.g., pages visited, interactions, device/browser information, approximate location) so we can improve performance and user experience.

We use Google Consent Mode (advanced).

If you do not consent, Google Analytics does not store cookies and sends only limited cookieless signals for aggregated measurement.

If you consent, Google Analytics stores cookies and processes analytics data normally.

Retention:

User-level analytics data: up to 14 months

Event-level data for detailed analyses (Explorations): up to 2 months Aggregated statistics may remain available longer.

Legal basis:

Art. 6(1)(a) GDPR and §25(1) TDDDG/TTDSG (consent)

You can withdraw consent at any time via Cookie Settings. Withdrawal does not affect processing carried out before withdrawal.

7. International Data Transfers

Google Analytics data may be transferred to Google LLC, USA.

Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). Where applicable, transfers rely on that adequacy decision; otherwise transfers are safeguarded using EU Standard Contractual Clauses (SCCs).

Further information is available in Google’s privacy information.

8. Security Measures

We implement appropriate technical and organizational measures to protect your data (Art. 32 GDPR), including encryption, access controls, and regular security updates.

If a data breach is likely to pose a high risk to your rights and freedoms, we will notify affected users and the competent supervisory authority as required by law.

You have the following rights:

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing based on legitimate interests (Art. 21 GDPR)
Withdrawal of consent at any time (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact: dataprotection@onelake.de

10. Privacy Disclosure for oneLake Services

Where we connect to Google APIs or similar services, we process user data only for the purposes you request and in line with Google API Services User Data Policy (including Limited Use requirements).

We do not share identified user data with third-party AI platforms. Where AI is used, any data shared is anonymized and aggregated unless you explicitly instruct otherwise.

11. Updates to this Privacy Policy

We may update this Privacy Policy to reflect changes in law or our services. The latest version is always available on our website. If changes are material, we will inform users appropriately.

For questions, contact dataprotection@onelake.de