Effective date: 2026-05-18
Omniscale GmbH & Co. KG
Moltkestraße 6a
26122 Oldenburg
Germany
Email: support@omniscale.com
We operate our own services and systems exclusively on servers located within the European Union. Where we use external service providers, such as payment or support providers, personal data may be processed outside the EU in the cases described below.
We do not use tracking, marketing or advertising services.
We only disclose personal data where this is necessary for contract performance, payment processing, handling support requests, the secure operation of our services, or compliance with legal obligations.
Part A - Website and Customer Account
When you access our website, the following data is processed:
This processing is carried out for the technical operation of the website, to ensure IT security, to analyse errors and to detect misuse.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in operating our website securely and reliably, preventing misuse and investigating technical faults.
Server log data is deleted no later than after 90 days.
As a general rule, IP addresses are stored in truncated form as early as possible. Only in justified individual cases, for the purpose of detecting, limiting and preventing unlawful or abusive use, may access data temporarily be processed with the full IP address. This data is processed exclusively for this purpose and deleted without undue delay once the purpose no longer applies.
When a customer account is registered and used, we process the following data:
This processing is carried out for contract performance, the provision and administration of the customer account, and billing.
The provision of data required for registration, the customer account, the contract and billing is necessary for entering into and performing the contract. Without this data, we cannot provide a customer account or perform the contract.
The legal basis is Art. 6(1)(b) GDPR.
In connection with billing and statutory obligations, recipients of data may in particular include tax advisers, banks, payment service providers and external accounting and billing service providers, where such providers are used.
Billing data is subject to statutory retention obligations and is stored for a period of 10 years. The legal basis for this is Art. 6(1)(c) GDPR.
Customer accounts may be deleted upon request, provided that there are no ongoing contractual relationships, statutory retention obligations or legitimate retention interests preventing deletion.
Data that must be retained for commercial or tax law reasons remains stored until the relevant retention period has expired.
We use only technically necessary session cookies. These are required to provide the login function and to maintain authenticated sessions.
No processing takes place for tracking, marketing, advertising or profiling purposes.
These cookies are used on the basis of Section 25(2) of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz - TDDDG). Where personal data is processed by technically necessary cookies, this is done on the basis of Art. 6(1)(b) GDPR when using the customer account, and otherwise on the basis of Art. 6(1)(f) GDPR.
We may use Stripe for payment processing. The provider for users in Europe is Stripe Payments Europe, Limited.
As part of payment processing, the following data is transmitted to Stripe:
The provision of the data required for payment processing is necessary for the performance of paid services. Without this data, payment cannot be processed.
Stripe generally processes this data as an independent controller in connection with payment processing. Further information on data processing by Stripe is available at: https://stripe.com/privacy
The legal basis is Art. 6(1)(b) GDPR.
Personal data may also be processed in third countries, in particular the United States. Stripe bases the relevant data transfers on its participation in the EU-U.S. Data Privacy Framework. Further information is available at: https://stripe.com/legal/data-privacy-framework
When you contact us, in particular in connection with support requests or other business communication, we process the data provided in order to handle and respond to your request and, where necessary, to take pre-contractual measures or to manage the existing contractual relationship.
We use Help Scout as a processor for handling communication.
The following data is processed:
Providing information when contacting us is voluntary. However, without the information required to handle the matter, in particular contact details and the content of the request, we may be unable to process the request, or may only be able to do so to a limited extent.
Communication data is generally stored only for as long as necessary to handle the request, conduct further correspondence, or take pre-contractual measures or manage the contractual relationship. Where the communication contains information relevant to the contract or to tax law, longer storage may be required under statutory retention obligations.
The legal basis is Art. 6(1)(b) GDPR where the processing is necessary to take pre-contractual measures or to perform a contract. In all other cases, the processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient handling of incoming requests and business communication.
Help Scout is provided by Help Scout PBC. Personal data may also be processed in third countries, in particular the United States. Help Scout PBC bases the relevant data transfers on its participation in the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework. Further information is available at:
https://www.helpscout.com/company/legal/privacy/
https://www.helpscout.com/company/legal/dpa/
Part B - API and Map Services, including WMS and Tile Services
We process technical access and operational data generated when our services are used in order to provide, secure and maintain our services under our own responsibility as controller.
The respective customer decides how to integrate our services into its own offering and is responsible for the lawfulness of any related data processing within its own area of responsibility. This includes, in particular, compliance with any information obligations towards data subjects in connection with the customer’s offering. Our own responsibility as controller for the processing described above remains unaffected.
When our API and map services are used, the following data is processed:
This processing is carried out to provide the requested content, to ensure the secure and reliable operation of the services, to analyse errors and to detect misuse.
No processing takes place for tracking, marketing, advertising or profiling purposes.
No cookies are set when using the API and map services.
The legal basis is Art. 6(1)(b) GDPR where the processing is necessary for the performance of our contract with the respective customer. Where technical access data of end users is processed, the processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in operating our services securely and reliably, preventing misuse and providing the requested content.
Server log data is deleted no later than after 90 days.
As a general rule, IP addresses are stored in truncated form as early as possible. Only in justified individual cases, for the purpose of detecting, limiting and preventing unlawful or abusive use, may access data temporarily be processed with the full IP address. This data is processed exclusively for this purpose and deleted without undue delay once the purpose no longer applies.
For billing purposes, we permanently store only aggregated access counts per API key.
The aggregated access counts are assigned to the respective customer account or API key. Individual accesses, IP addresses or personal usage profiles are not stored permanently.
The legal basis is Art. 6(1)(b) GDPR.
Part C - General Data Protection Information
We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to protect personal data against loss, unauthorised access, unauthorised alteration and unauthorised disclosure.
Data is transmitted in encrypted form using TLS.
Our systems are protected by appropriate measures for access restriction, system security and ensuring availability.
We operate our own services and systems exclusively on servers located within the European Union. Where we use external service providers, such as payment or support providers, personal data may be processed outside the EU in the cases described in this Privacy Policy.
Data subjects have the right to:
Data subjects also have the right to lodge a complaint with a data protection supervisory authority.
Where processing is based on Art. 6(1)(f) GDPR, data subjects have the right to object pursuant to Art. 21 GDPR.
Automated decision-making, including profiling, does not take place.
We reserve the right to amend this Privacy Policy where necessary, in particular in the event of technical changes or changes in legal requirements.