openUC2 GmbH Privacy Policy
This Privacy Policy describes how your personal information is collected, used, and shared when you use or make a purchase from shop.openuc2.com/. The following information provides an overview of what happens to your personal data when you visit our shop. Personal data refers to any data that can be used to identify you personally.
1. Data Collection in Our Shop
Who is responsible for data collection in this shop?
Data processing in this shop is carried out by the shop operator. Their contact details can be found in the legal notice of this shop.
How do we collect your data?
Some data is collected when you provide it to us — for example, data you enter in an order form. Other data is collected automatically by our IT systems when you visit the shop, primarily technical data such as browser type, operating system, or time of page access.
What do we use your data for?
Some data is collected to ensure the shop functions correctly. Other data is used to fulfill orders (processing payments, shipping, invoicing). Additional data may be used to analyze user behavior and improve our services.
What rights do you have regarding your data?
You have the right at any time to obtain free information about your stored personal data, its origin, recipients, and purpose. You also have the right to request correction, blocking, or deletion of this data. You may contact us at any time at the address given in our legal notice. You also have the right to lodge a complaint with the competent supervisory authority.
2. General Information and Mandatory Disclosures
Data Protection
The operators of this shop take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this shop, various personal data is collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
Notice Regarding the Responsible Party
The party responsible for data processing in this shop is:
openUC2 GmbH
represented by the Managing Director
Dr. Benedict Diederich
Hans-Knöll-Straße 6
07745 Jena
Phone: +49 176 721 431 83
Email: hello@openuc2.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You may revoke consent already given at any time. An informal email to us is sufficient. The lawfulness of data processing carried out before the revocation remains unaffected.
Right to File Complaints with Regulatory Authorities
In the event of GDPR violations, affected persons have the right to lodge a complaint with a supervisory authority. The competent authority is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to Data Portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. If you request direct transfer to another responsible party, this will only be done to the extent technically feasible.
SSL/TLS Encryption
This shop uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests you send to us. You can recognize an encrypted connection by the address bar changing from http:// to https:// and the padlock icon in your browser.
Encrypted Payments in the Shop
When you make a purchase and submit payment data (e.g. account number for direct debit), this data is required for payment processing. Payment transactions via common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via encrypted SSL/TLS connections.
3. Hosting
External Hosting Provider (Odoo)
This shop is hosted by an external service provider. Personal data collected in this shop is stored on the host servers, including IP addresses, contact requests, metadata, communications, contract data, names, page access logs, and other data generated via the shop.
We use the following as our shop platform:
Odoo S.A.
Chaussée de Namur 40
B-1367 Grand-Rosière
Belgien
Website: https://www.odoo.com
The host is used in the interest of a secure, fast, and efficient provision of our online services (Art. 6(1)(f) GDPR). For more information about Odoo data protection, see:
https://www.odoo.com/legal/privacy
Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with the above provider, ensuring that personal data of our shop visitors is processed only according to our instructions and in compliance with the GDPR.
4. Data Collection in Our Shop
Cookies
Our shop pages use cookies. Cookies do not harm your computer and do not contain viruses. They help make our shop more user-friendly, efficient, and secure. Cookies are small text files stored on your device by your browser.
Most of the cookies we use are known as ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit.
You can configure your browser to notify you about cookies and allow them only on a case-by-case basis, block them in certain cases or entirely, or automatically delete them when closing the browser. Disabling cookies may limit the functionality of this shop.
Cookies required for electronic communication or for providing specific features you have requested (e.g. shopping cart) are stored on the basis of Art. 6(1)(f) GDPR.
Server Log Files
The shop provider automatically collects and stores information in server log files that your browser transmits to us. These include:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data will not be combined with other data sources. The legal basis for data processing is Art. 6(1)(f) GDPR.
5. Orders and Contract Processing
Order Data
When you place an order in our shop, we collect the following personal data to fulfill the purchase contract:
- Name and address (shipping and billing address)
- Email address
- Phone number
- Payment information (e.g. credit card number, PayPal address)
- Ordered products and order history
We use this data exclusively to fulfill the contract: payment processing, shipping, invoicing, and customer communication. The legal basis is Art. 6(1)(b) GDPR.
Sharing Data with Third Parties
We share your personal data with third parties only where necessary for contract fulfillment, such as shipping companies or payment providers. Data is never shared for advertising purposes without your explicit consent.
The legal basis is Art. 6(1)(b) GDPR.
Storage of Order Data
Customer data is deleted after full completion of the contract or termination of the business relationship. Statutory retention periods (in particular commercial and tax obligations of up to 10 years) remain unaffected.
6. Payment service providers
PayPal
We offer PayPal, amongst other options, for payment processing. The provider of this payment service is PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When you pay via PayPal, the payment details you enter are transmitted to PayPal. The transmission of your data to PayPal is based on Article 6(1)(b) of the GDPR (performance of a contract) and on our legitimate interest in a secure and efficient payment process (Article 6(1)(f) of the GDPR).
PayPal reserves the right to carry out a credit check based on mathematical and statistical methods. PayPal uses the result to decide whether to make the respective payment method available.
You have the option to object to data processing by PayPal at any time. Blocking this may result in PayPal no longer being available as a payment method.
Further information on data protection at PayPal:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Bank Transfer (SEPA)
When you pay by bank transfer, you provide us with your bank details (IBAN, BIC, account holder name). We use this data exclusively to process the payment and do not share it with third parties except where required for fulfillment (e.g. our bank).
The legal basis is Art. 6(1)(b) GDPR. Payment data is deleted after the transaction is completed, subject to statutory retention obligations (particularly tax and commercial law requirements of up to 10 years).
Note: When you make a bank transfer, your IBAN is visible to us as the recipient. It will not be shared with third parties for advertising purposes.
7. Analysis tools
Google Analytics
This shop uses Google Analytics (with your consent), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar tracking technologies to analyze your use of the shop.
Information generated by cookies about your use of this shop is generally transmitted to and stored on Google servers in the USA. We have enabled IP anonymization in Google Analytics, so your IP address is truncated by Google within EU member states prior to transmission.
You can prevent the collection and processing of cookie-generated data (including your IP address) by Google by downloading and installing the browser plugin available at:
https://tools.google.com/dlpage/gaoptout
Weitere Informationen zum Umgang mit Nutzerdaten bei Google Analytics finden Sie in der Privacy Policy von Google:
https://policies.google.com/privacy?hl=de
The legal basis is Art. 6(1)(a) GDPR (consent).
Use of Hotjar
We use the analytics service Hotjar, provided by Hotjar Ltd., to better understand how users interact with our website and to improve the user experience.
Hotjar allows us to analyze user behavior such as mouse movements, clicks, scrolling activity, and general navigation patterns. This information helps us identify usability issues and optimize our website.
Hotjar is only activated after you have given your explicit consent by clicking “I agree” in our cookie banner. If you choose “Only essentials”, Hotjar will not be used and no data will be collected through this service.
The legal basis for processing your personal data in this context is your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). You may withdraw your consent at any time with effect for the future.
Hotjar uses cookies and similar technologies to collect information about your device and interaction with our website. The data collected may include anonymized IP address, device type, browser information, geographic location (country only), and usage data.
We have concluded a Data Processing Agreement (DPA) with Hotjar to ensure that your data is processed in compliance with applicable data protection laws.
For more information about how Hotjar processes personal data, please visit:
https://www.hotjar.com/legal/policies/privacy/
You can opt out of Hotjar tracking at any time by visiting:
https://www.hotjar.com/legal/compliance/opt-out
8. Your Rights
Access, Blocking, Deletion
Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and purpose of processing, as well as the right to correction, blocking, or deletion. Please contact us at any time for questions regarding personal data.
Objection to Promotional Emails
We hereby object to the use of contact data published in our legal notice for sending unsolicited advertising material. We reserve the right to take legal action in the event of such unsolicited communications, e.g. spam emails.
9. Dispute Resolution
We are willing to participate in dispute resolution proceedings before a consumer arbitration board. The competent body is the General Consumer Arbitration Board of the Centre for Arbitration e.V. (Zentrum für Schlichtung e.V.), Strassburger Strasse 8, 77694 Kehl am Rhein, Germany.
Website: https://www.verbraucher-schlichter.de
10. Validity of this Privacy Policy
This Privacy Policy is currently in force and is dated February 2026. As our shop and the services we offer continue to develop, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current version of the Privacy Policy can be viewed at any time on our shop at
https://shop.openuc2.com/privacy.
11. Contact
General: hello@openuc2.com
Support: support@openuc2.com
Sales: sales@openuc2.com