Privacy Policy

1. General Information

The Privacy Policy of Oceanis Tech GmbH (“Oceanis”) provides essential information regarding the types of data collected from our users. It is available on our website (https://oceanis.io/privacy) and must be accepted by users during registration.

The user in this context is the individual reading and accepting the following terms contained in the Privacy Policy.

It provides an overview of the kind of personal data being collected, the manner in which this data is used or transmitted, and the way in which you may obtain information about the data provided to Oceanis Tech GmbH. Oceanis Tech GmbH considers it essential to establish high standards of data privacy protection for all its users and to continually improve these standards. It therefore adheres and complies with the applicable statutory requirements of the Federal Republic of Germany and the European Union in all data processing procedures.

Oceanis Tech GmbH reserves the right to update this Privacy Policy as needed to reflect legal, technical, or business developments. We will notify users of any material changes in an appropriate manner (e.g., via email or a notice on our website). The date of the last update is indicated at the end of this document.

2. Controller

As controller, Oceanis Tech GmbH is responsible for processing and use of your personal data. If you wish to partially or fully withdraw your consent to the collection, processing, or use of your data under this Privacy Policy, you may send an opt-out notice by letter or email to the following postal or email address, respectively:

Oceanis Tech GmbH
Alsterarkaden 12
20354 Hamburg
privacy@oceanis.io

3. Collection, Processing and Use of Personal Data

In order to provide you with our services, it is necessary for us to collect, process and use your personal data as specified below.

Personal data shall mean any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, in particular, information which can be traced back to your identity, such as your name, telephone number, mailing address or email address. Statistical data collected when users visit our website that cannot be directly linked to an individual’s identity is not considered personal data.

Oceanis Tech GmbH collects, stores and processes your data to offer a better user experience on its website and platform, and to provide its beneficial technical services. Oceanis Tech GmbH may also use your data for informational purposes, marketing, and fraud prevention. Oceanis Tech GmbH also collects, processes and uses personal data for identity verification.

We may share personal data with trusted third-party service providers that assist us in operating our website and platform (e.g., hosting services, payment processors, customer support tools). If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect your data.

4. Visiting the Oceanis Tech GmbH Website

Every time the website is used, Oceanis Tech GmbH collects the access data which your browser automatically transmits to make your visit possible. These access data comprise of:

IP address of enquiring device
Date and time of enquiry
Address of the website called up and of the website enquiring
Information on the browser and operating system used
Online identifiers (e.g. device identifiers, session IDs)

The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The legal basis for the foregoing processing is Article 6 para. 1 sentence 1 lit. b GDPR.

The access data is in addition saved in internal logfiles, for Oceanis Tech GmbH to develop its website further, on the legal basis of Art. 6 para 1 sentence 1 lit. f of the General Data Protection Regulation (GDPR). The legitimate interest is to further improve the Oceanis Tech GmbH website and the services offered through it. The information saved in the logfiles allows no direct conclusion to be drawn about you as a person, in particular the IP addresses are saved in only an abbreviated, anonymised format. Logfiles are stored for 30 days and then archived after anonymisation.

Website access logs are retained for security and troubleshooting purposes for a period of 6 months before being automatically deleted, unless required for legal or security investigations.

5. Registration via Oceanis Tech Platform

Users may register for the login area, in order to use the website’s and platform’s full range of functions. The following data is required for registration and is marked as mandatory:

Name of Company
First name and last name of the respective authorised person to represent the company
Email address of the respective authorised person to represent the company

For most users, we will also be requesting payment information to be filled in upon registration

Without the above data the registration is not possible. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. b GDPR. The personal data is stored in order to set up your user account and enable you to gain access to the Oceanis Platform.

If you wish to delete your user account and associated personal data, you may submit a request to contact@oceanis.io. Some data may be retained for legal, tax, or compliance purposes as required by applicable laws.

6. Potential and Active Investments

We collect, process and use personal data throughout the contractual term of the Oceanis Tech GmbH Platform usage and/or of the trust agreement, if applicable, for purposes of providing the technical services of the oceanis Platform. The Oceanis Tech GmbH Platform provides financial data and overviews. For these purposes, Oceanis Tech GmbH collects subscription application data under Article 6(1)(b) GDPR.

7. Identity verification

Entities subject to German Anti-Money Laundering legislation and similar national regulations must verify the identity and address of their customers. This process contributes to prevent the misuse of their services for unlawful activities such as identity theft, identity fraud or money laundering. Customer identity verification (commonly referred to as 'Know Your Customer' or 'KYC') is a legal requirement and a key component of risk management. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. c GDPR.

Identity verification data collected for compliance with Anti-Money Laundering (AML) regulations will be stored for a minimum of 5 years after account closure, as required by applicable laws. After this period, the data will be securely deleted unless otherwise required by law. This requirement is outlined in Section 8(4) of the German Anti-Money Laundering Act (Geldwäschegesetz – GwG).

8. Use of your Data for Marketing Purposes

Oceanis Tech GmbH processes your personal data to provide access to its services and may also use your data for marketing purposes. Based on Article 6(1)(f) GDPR, we may send you information via letter about products, services, and campaigns that might interest you. Our legitimate interest is to market our services. You may opt out of this at any time at no cost, other than standard transmission costs, by contacting us via the postal or email address listed in Section 1.

Additionally, we will use your personal data for email and SMS marketing only if you have provided explicit consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time via the unsubscribe link in marketing emails or by contacting us.

9. Newsletters

You can subscribe to the Oceanis Tech GmbH Newsletter to receive updates on our products and campaigns. A double opt-in process is required to confirm your email.

Upon confirmation, we store your email address, mobile number (WhatsApp), registration time, and IP address until you cancel your subscription. This data is used solely to send the Newsletter via Email or WhatsApp. You may cancel the Newsletter at any time via the unsubscribe link in each email or by contacting us.

Newsletter Tracking: We use tracking technologies to measure engagement (e.g., email opens, link clicks) under Article 6(1)(f) GDPR. If you do not want your interactions tracked, you can disable images in your email client or unsubscribe.

10. Notifications

In order to complete your registration as a user of the Platform and to be kept updated with the status of your investments amongst others, Oceanis Tech GmbH may using the addresses and phone number provided. Users are informed that unauthorised third parties can view, read, manipulate and/or delete electronically transmitted data.

Legal Basis for this is Art. 6 para.1 sentence 1 lit. b GDPR, as contacting you serves the purpose of our contractual relationship.

11. Market and Opinion Research

To enhance our services, we may use your data for statistical and market research purposes in anonymised form. Your responses to survey questions will not be published or disclosed to third parties without your consent. We will not store your responses to our surveys in combination with your email address or other personal data.

You may partially or fully opt out of your data being used for market and opinion research at any time by sending a written message to our postal address or email address, indicated in section 1 above. All survey emails automatically include a link to unsubscribe from further mailings.

The legal basis for this processing is our legitimate interest in business improvement under Article 6(1)(f) GDPR.

12. Use of Cookies

You are not required to accept the use of cookies to visit the Oceanis Tech GmbH website. However, please note that you may not be able to use certain site features if you disable the use of cookies.

12.1 General Information about Cookies

Cookies are small text files stored in your computer, cell phone or other device the first time you visit Oceanis Tech GmbH's website. They help to recognise you as a user for each following visit to the company website using the same device and web browser. Oceanis Tech GmbH uses cookies to optimize website functionality and improve your experience.

12.2 Cookies used by Oceanis Tech GmbH

Oceanis Tech GmbH uses cookies for:

Essential Cookies (login, security, session management) – No consent required.
Analytics & Marketing Cookies (Google Analytics, Hotjar, retargeting ads) – Consent required under EU ePrivacy Directive.

To note that information placed on the company website has been displayed to you so that on your next visit to it does not need to be displayed again. In this way Oceanis Tech GmbH wishes you to use its website in a convenient and individual way. These services are based on our legitimate interest and on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR

We further use cookies and comparable technologies of partners for analytical and marketing purposes.

12.3 Managing Cookies

You can configure your browser to reject cookies. If using a shared computer, we recommend logging out after each session.

12.4 Interest-based Advertising

In order to provide you with interesting and customised offers, we use retargeting technologies for personalised advertising. You can opt out via TRUSTe. If you delete cookies, you must reset your preferences.

12.5 Google Analytics

We use Google Analytics (Google LLC) to analyse website traffic. IP anonymisation is enabled to protect your privacy. You can prevent tracking via Google’s opt-out tool.

12.6 Hotjar

Hotjar is a technology service that helps better understand users’ experience and enable to build and maintain our services compatible with user feedback. We use Hotjar (Hotjar Ltd, Malta) to understand user behaviour. Hotjar collects data anonymously and is contractually prohibited from selling it. For details, see Hotjar’s Privacy Policy.

13. Security

Oceanis Tech GmbH has taken numerous security precautions to reasonably and adequately protect your personal data. Physical, technical and procedural protections are in place to secure its databases and restrict information access only to authorised individuals complying with this Privacy Policy. Sensitive data is sent to Oceanis Tech GmbH exclusively using encrypted transmission (SSL/TLS technology). Oceanis Tech GmbH performs regular security checks on its system to shore up potential weak spots and ward off attacks.

You should never share your passwords with unauthorised third parties and you should change them regularly. Every time you leave the Platform, you should log out of your session and close your browser window to prevent unauthorised users from accessing your oceanis user account.

13.1. Right of Access to Information

The user has the right at any time to require Oceanis Tech GmbH to provide information about the processing of his personal data. When providing the user with this information Oceanis shall explain the data processing and supply an overview of the data stored relating to that person. Should data stored with Oceanis be inaccurate or no longer up-to-date, the user enjoys the right to have these data corrected. The user can also require the erasure of his data, and should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted so that in the future it is only available for this statutory purpose. The user can also have his data processing restricted, or benefit from the right of data portability.

To exercise the rights as set out above, the user can communicate with the here-mentioned contact details at any time. This also applies should he wish to receive copies of guarantees for certification of an adequate data-protection level.

The user also has the right to object to the data processing based on Article 6 para.1 sentence 1 lit. e or f GDPR. Finally, he has the right to complain to a regulatory authority to which Oceanis Tech GmbH is subject. He can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Hamburg the competent regulatory authority is:

Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany

13.2. Right to withdraw consent and object to processing activities

Under Article 7 sec. 3 GDPR the user has the right at any time to withdraw any consent which has once been given, therefore preventing Oceanis Tech GmbH to continue the data processing. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The user has the right under Article 21 of the GDPR to object to the processing of data and to mention grounds relating to his particular situation that can speak in favour of his prevailing interests. Where personal data is processed for direct marketing purposes, the user has a general right of objection which will also be implemented by Oceanis Tech GmbH without stating reasons.

13.3 Right to Object to Processing

Users can object to data processing under Article 21 GDPR, particularly for direct marketing purposes.

13.4 Contacting Data Protection Authority

Users can file complaints with the Data Protection and Freedom of Information Authority in Hamburg: Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany

14. Retention of AML Data

Oceanis Tech GmbH retains personal data required under Anti-Money Laundering (AML) laws for 5 years after a transaction or account closure, as mandated by the German Money Laundering Act (GwG). After this period, the data is securely deleted unless other legal requirements apply.

15. Accessing the Privacy Policy

This Privacy Policy is available on all Oceanis Tech GmbH websites and may be updated periodically. You may print or download it using standard browser functions.

Information regarding data processing of applications

The following information shall give an overview about the processing of personal data when an applicant applies for a job at Oceanis Tech GmbH.

In case of a Job Application

1. Controller

Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:

Oceanis Tech GmbH („oceanis“)
Alsterarkaden 12
20354 Hamburg, Germany
Email: contact@oceanis.io

2. Processing of Personal Data

According to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For the application process Oceanis processes the data that the applicant makes available to us. This includes the following data:

name
address
email address
application documents (CV, engagement letter, etc)
position
interview notes
IP address, when you apply through the online application form

Furthermore, Oceanis processes the data that he makes available when contacted during the application process.

Oceanis may use other sources to process data from the applicant, e.g. recruiter, websites or other public available data such as profiles on social networking platforms.

3. Purpose and legal basis

We process your personal data for the purpose of the selection of job applicants.

The legal basis for data processing is Section 26 Federal Data Protection Act (BDSG) in conjunction with Article 6 para. 1 sentence 1 lit. b General Data Protection Regulation (GDPR) and Art. 88 GDPR. The legal basis for the processing of information that the applicant has given us voluntarily is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art. 88 GDPR, his consent. The legal basis for the use of the data from public available sources is Art. 6 para 1 sentence 1 lit. f GDPR. The legitimate interest is to receive an overview of the applicant’s background.

In the event an employment relationship is established, Oceanis will process the data for the performance of the employment contract according to Section 26 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. b GDPR.

If the applicant is interested in other positions within Oceanis or would like the company to store his data for future positions, the legal basis for processing data is Section 26 para 2 BDSG in conjunction with Art. 6 para 1 sentence 1 lit. a GDPR and Art 88 GDPR.

The processing of personal data may be necessary for the defence against claims from the application process, in line with the legal basis of Art. 6 para 1 sentence 1 lit. f GDPR. The legitimate interest is the burden of proof in a procedure.

4. Recipients, categories of recipients

Within Oceanis Tech GmbH, only the employees relevant to the application process have access to the applicant’s data. Oceanis may disclose personal data also to authorities and/or law enforcement authorities, when required by law or when necessary to protect Oceanis’s legitimate interests in accordance with applicable law.

5. Retention period

The applicant’s data will be deleted three months after the end of the specific application procedure. In case of expressed interest also in other positions, the data will be stored for up to 12 months from the last job offer or the last concrete expression of interest. Oceanis may be required to store the data for a longer period of time, if there is a longer legal retention period. If the applicant successfully starts working for Oceanis Tech GmbH, it will store the data for the duration of the employment relationship. The data processing for the purpose of the employment relationship is subject to other separately received set of terms.

6. Obligation to provide personal data

Applicants are required to provide data. Without entering data, an application is not possible.

7. Rights of the data subject

As a data subject you have several rights. For assertion of rights you can contact us:

Oceanis Tech GmbH („oceanis“)
Alsterarkaden 12
20354 Hamburg, Germany
Email: contact@oceanis.io

a. Access, rectification, erasure

In accordance with Art. 15 GDPR, the applicant may at any time obtain from the controller confirmation as to whether or not personal data concerning him is being processed, and where that is the case, access to his personal data. The information is provided free of charge. If the personal data is incorrect or incomplete, he has the right to correct and amend it (Art. 16 GDPR). The Applicant can request the erasure of hi personal data at any time, unless he is legally obliged or entitled to the further processing of his data (Art. 17 GDPR). If the legal requirements are met, he can demand a restriction on the processing of his personal data (Art. 18 GDPR).

b. Right to object

The applicant may object to data processing in accordance with Art. 21 GDPR. Oceanis Tech GmbH will then stop processing his data. This is not the case if Oceanis can prove compelling reasons worthy of protection, which outweigh the applicant’s rights.

c. Right to data portability

Upon request, Oceanis Tech GmbH will provide the applicant with hi personal data transmitted by him in a standard machine-readable data format (Art. 20 GDPR).

d. Right to withdraw consent

If the applicant has given us his consent to process personal data, he can withdraw it at any time with future effect without affecting the legality of the processing carried out on the basis of the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to Oceanis before the GDPR was valid, i.e. before 25 May 2018.

e. Right to lodge a complaint

The applicant has the right under Article 77 GDPR to lodge a complaint with the supervisory authority if he believe that the processing of personal data concerning him violates the GDPR. In Hamburg the competent regulatory authority is: