Last updated: 12 January 2026
This privacy policy informs you about how we, Omnifact GmbH (“we”), process your personal data when you use our website and in the context of services initiated through it, in accordance with the European General Data Protection Regulation (GDPR).
Controller within the meaning of the GDPR
Omnifact GmbH
Hansaallee 154
60320 Frankfurt am Main
Represented by the management: Florian Reifschneider, Patrick Helmig
If you have any questions regarding data protection or wish to exercise your rights, you can contact us at any time at privacy@omnifact.ai.
Data Protection Officer: Wolfgang Thanner, securiserve, Seeshaupter Str. 17, D-82541 Münsing — Kontakt[at]securiserve.de
Purpose: When you access our website, technically necessary data is automatically transmitted by your browser to our server or the server of our hosting provider and stored in log files, in order to provide the website, ensure system security, and prevent misuse.
Data categories:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and functional provision of our website).
Our legitimate interest lies in the secure and uninterrupted provision of our website, as well as in the detection and prevention of attacks and misuse. Processing of log data is technically necessary for this purpose and is standard industry practice. Your interests are safeguarded because the data is only stored for a short period, is not used for marketing purposes, and is only examined in more detail when required (e.g., in the event of security incidents).
Retention period: Log files are generally stored for a period of up to 30 days and then deleted, unless longer retention is required to investigate security incidents.
Our website is hosted by a third-party provider, currently:
Netlify, Inc., 2325 3rd Street, Suite 296, San Francisco, CA 94107, USA.
As part of standard operations, Netlify, Inc. may log technical information such as your IP address, browser configuration, operating system and accessed resources in order to enable website delivery and ensure the security of the infrastructure.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our website).
Our legitimate interest consists in being able to operate our website securely, performantly and cost-effectively through a professional service provider. This requires the hosting provider to process certain technical data (e.g., IP address, access times). Your interests are safeguarded, as the hosting provider is contractually bound to comply with the GDPR, the data is processed only for specified purposes, and appropriate security measures are implemented.
Third-country transfer: Where data is processed in the USA, this is done on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR (Standard Contractual Clauses / DPA) and supplementary technical and organizational measures.
Further information on the data protection practices of Netlify, Inc. can be found at: https://www.netlify.com/privacy/
We use tools on our website to measure reach and analyze usage in order to improve and optimize our offering.
We use the privacy-friendly analytics service Plausible Analytics. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.
Characteristics of Plausible Analytics:
Data collected includes in particular:
IP addresses are not stored permanently; they are only processed in truncated / anonymized form for aggregated statistics.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and optimizing our website).
Our legitimate interest consists in anonymized reach measurement and the improvement of our online offering. Plausible operates without tracking cookies and without creating personal user profiles, so the level of interference is low. Your interests and fundamental rights are protected, as the data is only evaluated in aggregated form and is not used for the purpose of personalized advertising.
Where a consent management tool is used and you have given your consent, processing is additionally based on Art. 6(1)(a) GDPR.
Further information: https://plausible.io/privacy, https://plausible.io/data-policy
We additionally use PostHog for analyzing the usage of our website and, where applicable, our products. PostHog is a product and usage analytics tool that helps us understand which content and features are used and how frequently.
We deploy PostHog as a first-party solution; the data is processed via our own domain.
Data processed (pseudonymized):
Legal basis:
Our legitimate interest lies in analyzing user behavior in order to technically improve and optimize the content and features of our website and products. Processing is carried out on a pseudonymized basis, i.e., without direct reference to your person. Your interests are taken into account, as no profiling for advertising purposes beyond the analysis takes place, and you are not required to consent to the use of analytics cookies.
Retention period: Data is stored for as long as necessary for analysis and optimization purposes; the relevant cookie is generally valid for up to approximately 12 months (see the “Cookies” section for details).
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) exclusively for the technical integration of the Google Ads Conversion Tag. Google Analytics or other analytics tools are not operated via GTM. The Google Tag Manager itself does not store cookies and does not process personal data; it serves solely as a technical container for managing and delivering the Conversion Tag.
The Google Ads Conversion Tag integrated via GTM records whether users have completed a defined target action on our website after clicking on one of our Google Ads (e.g., form submission, registration).
We operate the Conversion Tag exclusively in Cookieless Mode: the consent parameter ad_storage is permanently set to denied. At no point are advertising cookies set or persistent user identifiers transmitted. The tag sends only anonymized Cookieless Pings to Google, which Google uses internally for statistical conversion modeling.
Data processed (anonymized):
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in measuring advertising effectiveness)
Our legitimate interest lies in the statistically valid measurement of the success of our advertising campaigns, in order to deploy advertising budgets efficiently and to further develop our online offering. Since only anonymized cookieless pings without persistent identifiers are transmitted, no individual user tracking is possible and no profiling is intended by us or Google. As no cookies are used, consent under Section 25 TDDDG is not required. Your interests do not outweigh ours in this processing context, as the data does not allow any inference about your identity.
Retention period: Since no cookies are set, no data is stored locally in the browser. The anonymized ping data is processed server-side at Google. Further information on data processing by Google can be found at https://policies.google.com/privacy.
When you register for or create an account on our platform via our website, we process personal data for this purpose.
Data categories:
Purpose:
Legal basis:
Our legitimate interest consists in ensuring the security and stability of our platform, detecting malfunctions, and preventing misuse. This requires limited logging of usage and system events. Your interests are protected, as the log data is limited to what is necessary, stored for a limited period, and not used for marketing purposes.
Retention period: We store your data for the duration of your user account. Upon termination of the contractual relationship, your data will be deleted, unless statutory retention obligations (e.g., under commercial or tax law — generally 6 to 10 years) apply. Technical log data within the platform is deleted in accordance with our security and deletion concept, generally after 6–12 months.
Third-country transfer: Where the Omnifact Platform uses services outside the EU/EEA (e.g., USA), data is only transferred under the conditions of Art. 44 et seq. GDPR (e.g., Standard Contractual Clauses / DPA, supplemented by additional protective measures where applicable).
When you fill out a form on our website to contact us or request a demo, we process the data you provide.
Data categories:
Purpose:
Legal basis:
Our legitimate interest lies in the efficient processing of incoming inquiries and the maintenance of customer and prospect relationships. The processing is necessary to respond to your inquiry and corresponds to your expectations when you contact us. Your interests are protected, as we only use the data you have provided yourself and do not use it for advertising purposes without a separate legal basis.
Retention period: We store your details for as long as necessary to process the inquiry. Where statutory retention obligations apply (e.g., under commercial or tax law), longer storage may occur.
Use of Netlify Forms (where applicable): For the technical capture and interim storage of form entries, we may use a service provided by Netlify, Inc. For further information about Netlify, Inc., please see the “Hosting” section.
For scheduling meetings with our sales team, we use HubSpot as a CRM and scheduling tool.
Data categories:
Purpose:
Legal basis:
Our legitimate interest consists in organizing our sales process efficiently, simplifying appointment scheduling and ensuring traceable documentation of communications. This is necessary to process inquiries in a structured manner and avoid duplication of effort. Your interests are protected, as only purpose-related contact data is processed, access is restricted on a role-based basis, and the data is not used for unsolicited advertising without a separate legal basis.
Third-country transfer: HubSpot may transfer data to third countries, in particular the USA. The transfer is carried out on the basis of appropriate safeguards (e.g., Standard Contractual Clauses / DPA pursuant to Art. 46 GDPR) and supplementary protective measures. Details can be found in HubSpot’s privacy policy.
As an alternative or supplement, we use the service Zapier for appointment scheduling.
Data categories:
Purpose:
Legal basis:
Our legitimate interest lies in providing a user-friendly and efficient online booking experience that reduces our internal workload while making it easy for you to choose an appointment. The processing of your contact data required for this is limited to what is necessary for scheduling purposes. Your interests are protected, as the data is not used for profiling beyond this purpose and is only stored for as long as required for appointment management.
Third-country transfer: Where Zapier transfers data to third countries (e.g., USA), this is done only in compliance with Art. 44 et seq. GDPR (in particular Standard Contractual Clauses and additional protective measures).
For scheduling meetings, the service Calendly may also be used. The provider is Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, GA 30363, USA.
When you click “Schedule a meeting” on our website and the Calendly integration is used, you will be redirected to a Calendly page or a Calendly window will be displayed. To schedule an appointment, the data you enter there is transmitted to Calendly and processed there.
Data categories:
Purpose:
Calendly uses cookies and similar technologies to technically enable appointment booking and to analyze the use of its service. This may involve the transfer of personal data to the USA.
Legal basis:
Our legitimate interest consists in the efficient organization of meetings and the avoidance of scheduling conflicts. Using Calendly significantly simplifies appointment scheduling for both us and you. Your interests are taken into account, as only the data necessary for scheduling is processed, additional tracking functions are optional and consent-based, and we have put in place appropriate data protection agreements with Calendly.
Further information on data processing by Calendly can be found at: https://calendly.com/privacy
On our website you will find buttons and links to our profiles on the social networks X (formerly Twitter), LinkedIn and YouTube. These are simple links only.
When you visit our website, no data is automatically transmitted to these providers. Only when you click on the respective button and thereby open the corresponding profile in a new tab / window will you be redirected to the page of the respective provider. From that point on, data processing is carried out by the respective platform operator under its own responsibility (e.g., IP address, technical data, and where applicable, association with an existing user account).
Further information:
The privacy policy and legal notice on this website also apply to these social media presences, where required.
For sending emails (e.g., system messages relating to registration, platform notifications, support responses, and where applicable, newsletters), we use the service Twilio.
Data categories:
Purpose:
Legal basis:
Our legitimate interest lies in the reliable and professional handling of email communication with users, prospects and customers. This requires the use of a specialized email service provider. Your interests are protected, as content is treated confidentially, appropriate security standards are maintained, and promotional content is only sent on the basis of a separate legal basis (in particular, consent).
Third-country transfer: Where Twilio transfers data to third countries (e.g., USA), this is done only on the basis of appropriate safeguards (e.g., Standard Contractual Clauses / DPA) and additional protective measures or an adequacy decision within the meaning of Art. 44 et seq. GDPR.
Retention period: Email content and communication data is stored for as long as necessary for the respective purpose (e.g., contract performance, support) and as required by statutory retention obligations. Newsletter recipient data is stored until you withdraw your consent or we discontinue the newsletter.
Cookies are small files stored on your end device. We distinguish between:
We use, among others, a cookie to store your language setting:
langLegal basis: Art. 6(1)(f) GDPR (our legitimate interest consists in being able to display our website stably and in the language you have selected. Storing the language setting is technically necessary for this purpose and significantly improves usability. Your interests are safeguarded, as the cookie contains only a simple setting, has no tracking function, and is generally deleted at the end of the session).
In connection with the use of Calendly for appointment bookings, additional cookies may be set on the domains of the respective providers (e.g., calendly.com). These are not displayed as cookies from our domain omnifact.ai, but are covered in the section on Calendly.
The Google Tag Manager itself does not set cookies and does not store any data in the browser. It functions exclusively as a technical container for delivering the Google Ads Conversion Tag. Since ad_storage is permanently set to denied, no cookies are set by the integrated Conversion Tag either. No local data storage in the browser takes place via GTM or the tags managed through it.
Where we obtain your consent for certain cookies or tools (e.g., via a cookie / consent banner), you may withdraw this consent at any time with effect for the future:
You may also configure your browser to notify you when cookies are set, to allow cookies only in individual cases, to exclude the acceptance of cookies, or to activate automatic deletion of cookies when the browser is closed. Please note that disabling cookies may restrict the functionality of this website.
In the context of the processing activities described above, we transfer personal data to the following categories of recipients:
Where processing takes place in countries outside the EU / EEA (in particular the USA), we ensure that appropriate safeguards within the meaning of Art. 44 et seq. GDPR are in place (e.g., Standard Contractual Clauses / DPA, adequacy decision), or we only use services that guarantee an adequate level of data protection.
We store personal data only for as long as necessary for the stated purposes or as required by law.
Examples:
Under the GDPR, you have in particular the following rights:
To exercise your rights, you may contact us at any time at privacy@omnifact.ai.
The provision of certain data is not required by law for the use of our website. However, failure to provide data may mean that:
For registration and use of our platform, certain details (e.g., name, email address) are required, as we would otherwise be unable to create a user account for you or fulfill the contract.
We do not use automated decision-making within the meaning of Art. 22 GDPR, nor do we carry out profiling with legal effect or similarly significant impact.
We reserve the right to update this privacy policy as necessary, for example in the event of changes to the legal framework, the technologies used, or our services. The version published on this page shall apply at any given time.