Privacy Policy

ONYX Lifestyle System

Last updated: December 2025

1. Data Controller

The data controller responsible for processing your personal data is:

ONYX

Represented by: Tobias Günther Elsholz

Berlin, Germany

Email: tobias@onyx.berlin

2. What Data We Collect

When you complete our survey and sign up for ONYX, we collect the following personal data:

• Email address — to send you your Barrier Report, product updates, and raffle notifications
• Survey responses — to generate your personalized Barrier Report and improve our understanding of user needs
• Name (if provided) — to personalize communications
• Analytics data — anonymized page visits via Plausible Analytics (no cookies, no personal identification)

3. Purpose of Processing

We process your data for the following purposes:

(a) to deliver your personalized Barrier Report based on your survey responses; (b) to send you updates about ONYX product development and launch; (c) to enter you into the coaching raffle and notify you if you win; (d) to improve our services based on aggregated, anonymized survey insights; and (e) to comply with legal obligations.

4. Legal Basis for Processing

We process your personal data based on your consent (Article 6(1)(a) GDPR), which you provide by checking the consent box in our survey and submitting your information.

You may withdraw your consent at any time by contacting us at the email address above or by clicking the unsubscribe link in any of our emails. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Data Processors and Third Parties

To provide our services, we use the following third-party processors, all of which are bound by appropriate data processing agreements:

• Typeform / Tally — Survey hosting and data collection (EU-based or with appropriate safeguards)
• Plausible Analytics — Privacy-friendly website analytics (EU-hosted, no personal data collected, no cookies)
• Email service provider — For sending emails (e.g., Mailchimp, SendGrid, or similar with GDPR compliance)
• Vercel / Hosting provider — Website hosting

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy, or until you withdraw your consent, whichever comes first.

If you unsubscribe from our communications, we will delete your email address and associated data within 30 days, unless we are required by law to retain certain information for longer periods.

Anonymized survey data (with no personal identifiers) may be retained indefinitely for research and service improvement purposes.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access — You may request a copy of the personal data we hold about you.
• Right to Rectification — You may request correction of inaccurate or incomplete data.
• Right to Erasure — You may request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing — You may request that we limit how we use your data.
• Right to Data Portability — You may request your data in a structured, machine-readable format.
• Right to Object — You may object to processing in certain circumstances.
• Right to Withdraw Consent — You may withdraw your consent at any time.

To exercise any of these rights, please contact us at tobias@onyx.berlin. We will respond to your request within 30 days.

8. Right to Lodge a Complaint

If you believe that we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority.

In Berlin, Germany, the relevant authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219, 10969 Berlin

www.datenschutz-berlin.de

9. Cookies and Tracking

Our website (onyx.berlin) does not use cookies for tracking purposes. We use Plausible Analytics, a privacy-focused analytics service that collects anonymized, aggregated data without using cookies or collecting personal information.

No consent banner is required for this type of analytics under GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

All data transmission between your browser and our website is encrypted using HTTPS/TLS. Access to personal data is restricted to authorized personnel only.

11. International Data Transfers

We primarily process data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to US-based service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on the service provider's participation in recognized frameworks such as the EU-U.S. Data Privacy Framework.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

If we make material changes, we will notify you by email (if we have your email address) or by posting a prominent notice on our website. The "Last updated" date at the top of this policy indicates when it was most recently revised.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: tobias@onyx.berlin

Website: https://www.onyx.berlin

Address: Berlin, Germany

© 2025 ONYX. All rights reserved.