Privacy Policy

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Olymaris Digital Transformation Agency
Owner: Mariam Zamani
Rochlitzer Straße 1
09217 Burgstädt
Germany

Email: contact@olymaris.com
Phone: +49 (0) 157 382 218 79
Website: https://www.olymaris.com
Product website: https://www.olycars.app

For data protection queries you can contact us at the above details and, where required by law, at the contact details of our data protection officer.

This Privacy Policy explains how we process personal data when you visit our website, create and use an account, manage vehicle information, use our subscription-based services, or interact with our AI-based assistant and dashboard.

We process personal data in accordance with the GDPR, the German Federal Data Protection Act (BDSG) and, for the use of cookies and similar technologies, the German Telecommunications-Telemedia Data Protection Act (TTDSG), in each case to the extent applicable.

• Account data: name, email address, login credentials, language and display preferences.
• Profile and vehicle data: information you provide about your vehicles, usage patterns, service history and other details relevant for generating maintenance recommendations.
• Usage data: interactions with the dashboard and chatbot, support requests, subscription status, logs of feature use and timestamps.
• Technical data: IP address, device identifiers, browser type and version, operating system, time and date of access, and similar log data.
• Payment-related data: information processed by our payment service provider (e.g. Stripe) in connection with subscription fees. We typically receive only limited payment information (e.g. last four digits of a card, token, status) and do not store full card numbers on our systems.

We do not intentionally process special categories of personal data within the meaning of Art. 9 GDPR (e.g. health data), and ask you not to enter such information into free-text fields.

We process personal data for the following purposes:

• Provision of the Service: creating and managing user accounts, providing the dashboard, chatbot, maintenance suggestions and related features (Art. 6(1)(b) GDPR – performance of a contract and pre-contractual measures).
• Billing and payments: handling subscription fees and invoicing (Art. 6(1)(b) and (c) GDPR – performance of a contract and compliance with legal obligations, for example tax and accounting rules).
• Security and abuse prevention: detection and prevention of misuse, fraud, attacks on our systems and enforcement of our Terms of Service (Art. 6(1)(f) GDPR – legitimate interests).
• Product improvement: analysis of aggregated and pseudonymised usage data to improve stability, usability and performance of the platform (Art. 6(1)(f) GDPR – legitimate interests).
• Marketing and communication: information about product updates and offers, where permitted by law, and based on your consent where required (Art. 6(1)(a) and (f) GDPR).
• Cookies and analytics: operation of strictly necessary cookies based on our legitimate interests and, for any non-essential cookies (e.g. analytics), on your express consent (Art. 6(1)(a) and (f) GDPR in conjunction with Sections 25(1) and 25(2) TTDSG).

We use carefully selected service providers, such as hosting providers, Firebase (for authentication and database services), email and support tools, and payment processors, to deliver and support the Service. These providers act as processors subject to contractual obligations under Art. 28 GDPR and may only process data on our documented instructions.

When personal data is transferred to countries outside the EU/EEA, we rely on appropriate safeguards such as adequacy decisions of the European Commission or standard contractual clauses pursuant to Art. 46 GDPR, unless an exception under Art. 49 GDPR applies.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by statutory retention periods. As a rule, account and profile data are stored for the duration of your contractual relationship with us.

If you permanently delete your account, we will remove or irreversibly anonymise personal data that is no longer required, unless we are legally obliged or entitled to further storage (for example, for defence of legal claims or compliance with retention duties).

Subject to the conditions of applicable law, you have the following rights with respect to your personal data:

• right of access (Art. 15 GDPR);
• right to rectification (Art. 16 GDPR);
• right to erasure (Art. 17 GDPR);
• right to restriction of processing (Art. 18 GDPR);
• right to data portability (Art. 20 GDPR);
• right to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR);
• right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR).

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. For our operations in the Free State of Saxony, Germany, the competent authority is the data protection supervisory authority of the State of Saxony.

We use technically necessary cookies to operate the website and provide core functionality such as authentication and security. These cookies are essential and cannot be disabled in our systems.

We only place non-essential cookies (e.g. for analytics or marketing) if you have given your prior consent via our cookie banner. You can withdraw or adjust your choices at any time via the cookie settings or your browser settings. Further details can be found in our separate Cookie Policy.