Privacy Policy
Last updated: May 5, 2026
This Privacy Policy describes how Jonathan Blank & Tobias Lunkwitz GbR (operating as "WaveAtmos", "we", "us", or "our") collects, uses, and discloses your personal information when you visit waveatmos.com, use our services, or make a purchase (collectively, the "Services").
As a company based in Germany, we process your data in strict compliance with the European General Data Protection Regulation (GDPR) and applicable national data protection laws. For the purpose of these laws, Jonathan Blank & Tobias Lunkwitz GbR is the Data Controller.
1. Personal Information We Collect and Legal Basis
We only collect and process your personal data if we have a legal basis to do so under Art. 6(1) GDPR. Depending on how you interact with our Services, we process the following data:
-
Contact & Account Details: Name, email address, billing/shipping address, phone number, and password.
-
Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR).
-
-
Payment & Transaction Information: Credit card data (processed securely by external payment gateways), order history, and cart data.
-
Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR) and legal tax obligations (Art. 6(1)(c) GDPR).
-
-
Device & Usage Information: IP address, browser type, operating system, and interaction with our website.
-
Legal Basis: Legitimate interest in securing and optimizing our website (Art. 6(1)(f) GDPR) and, where applicable, your explicit consent (Art. 6(1)(a) GDPR).
-
-
Communication Data: Information you provide when contacting our support.
-
Legal Basis: Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).
-
2. Third-Party Tools and Service Providers
To provide, analyze, and market our Services, we use carefully selected third-party service providers. By interacting with our store, data may be shared with the following processors:
-
Shopify: Our store is hosted on Shopify Inc. They process your data (including payment and order details) to provide the e-commerce platform.
-
Klaviyo: We use Klaviyo for transactional emails and email marketing. If you subscribe to our newsletter, your data is processed based on your consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time.
-
Analytics Tools (Google Analytics, PostHog, Databuddy): These tools help us understand how users navigate our site so we can improve our workflow tools. They collect pseudonymized usage data. This processing only occurs if you grant explicit consent via our cookie banner (Art. 6(1)(a) GDPR).
-
Marketing & Affiliates (TikTok Pixel, Uppromote): We use TikTok Pixel for targeted advertising and Uppromote to manage our affiliate programs. Tracking via the Pixel only happens with your explicit consent (Art. 6(1)(a) GDPR).
-
Google Tag Manager: We use GTM to cleanly integrate and manage the software code of the tools mentioned above on our website.
3. Cookies and Consent Management
We use cookies and similar tracking technologies to ensure the functionality of our website, analyze traffic, and personalize content.
To give you full control over your data, we use the consent management tool C15T. When you first visit our site, the C15T banner allows you to explicitly accept or reject non-essential cookies (such as those used by Google Analytics, PostHog, or TikTok Pixel). You can change your preferences or withdraw your consent at any time through the consent settings on our website.
4. International Data Transfers
Some of our service providers (e.g., Shopify, Google, Klaviyo) are based outside the European Economic Area (EEA), primarily in the United States. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by utilizing recognized transfer mechanisms, such as the EU-US Data Privacy Framework or standard contractual clauses (SCCs) approved by the European Commission.
5. Security and Data Retention
We implement industry-standard security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure. We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements (e.g., German commercial and tax law dictates a retention period of up to 10 years for invoices and transaction data).
6. Your GDPR Rights
If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:
-
Right of Access: You can request a copy of the personal data we hold about you.
-
Right to Rectification: You can request that we correct inaccurate or incomplete data.
-
Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data, provided there are no conflicting legal retention requirements.
-
Right to Restrict Processing: You can ask us to temporarily suspend the processing of your data.
-
Right to Data Portability: You can request the transfer of your data to another party.
-
Right to Object & Withdraw Consent: You can object to data processing based on legitimate interests or withdraw your consent for marketing/analytics at any time.
To exercise any of these rights, please contact us at the email address below.
7. Complaints
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is the State Data Protection Commissioner of Schleswig-Holstein, Germany (ULD).
8. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
9. Contact Information
If you have questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us at:
Jonathan Blank & Tobias Lunkwitz GbR Berliner Str. 32 25451 Quickborn Germany Email: legal@waveatmos.com