Legal

Privacy Policy

Last updated: 12 March 2026

1. Data controller

Olea Office Ltd
[Address]
[Postcode City]
Germany

Email: datenschutz@oleaoffice.com

2. Processing overview

We process personal data in connection with our business as a provider of virtual office services (registered business addresses and digital mail handling). Key categories:

  • Identity data (name, address, contact details)
  • Contract data (services, terms)
  • Payment data (bank details, invoices)
  • Identification documents (ID for KYC verification)
  • Communication data (emails, postal mail)
  • Usage data (access logs, server logs)

We process your data based on the following GDPR legal bases:

  • Art. 6(1)(a) – Consent
  • Art. 6(1)(b) – Performance of a contract
  • Art. 6(1)(c) – Legal obligation
  • Art. 6(1)(f) – Legitimate interests

4. Website provision

When you visit our website, our systems automatically collect data from your device, including your IP address, date and time of request, browser type, and operating system.

Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest is ensuring the reliable operation of the website.

5. Contact

When you contact us by email or contact form, the data you provide is stored to process your enquiry. The legal basis is Art. 6(1)(b) or (f) GDPR.

6. Account & orders

To use our services, we collect:

  • First and last name, company name
  • Email address, phone number
  • Billing address
  • Selected location and plan

Processing is necessary for performance of the contract under Art. 6(1)(b) GDPR.

7. Payment processing

Payments are processed through Stripe, Inc. Payment data is transmitted directly to Stripe. We do not store complete credit card numbers.

Legal basis: Art. 6(1)(b) GDPR. More information: Stripe Privacy Policy.

8. Identity verification (KYC)

To fulfil our legal obligations (particularly under the German Anti-Money Laundering Act – GwG), we are required to verify your identity. We collect:

  • Copy of an identity document (ID card or passport)
  • Commercial register extract (for companies)

Legal basis: Art. 6(1)(c) GDPR in conjunction with GwG requirements.

9. Mail handling

As part of our digital mail handling service, we scan and digitise post addressed to your business address. Processing is based on the service contract under Art. 6(1)(b) GDPR.

Scans are stored encrypted and deleted after the end of the contract in accordance with our retention periods.

10. Cookies & tracking

Our website uses technically necessary cookies to ensure basic website functionality. We only use analytical cookies with your explicit consent under Art. 6(1)(a) GDPR.

11. Third-party services

We use the following third-party services:

ServicePurposeLegal basis
VercelWebsite hostingArt. 6(1)(f)
StripePayment processingArt. 6(1)(b)
MapboxMap displayArt. 6(1)(f)
SanityContent managementArt. 6(1)(f)

12. Your rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR) – right to information about processed data
  • Rectification (Art. 16 GDPR) – right to correct inaccurate data
  • Erasure (Art. 17 GDPR) – right to deletion, where no retention obligations apply
  • Restriction (Art. 18 GDPR) – right to restrict processing
  • Data portability (Art. 20 GDPR) – right to receive your data in a machine-readable format
  • Objection (Art. 21 GDPR) – right to object to processing
  • Withdrawal of consent (Art. 7(3) GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us at datenschutz@oleaoffice.com.

13. Data retention

We store your data only as long as necessary for the respective processing purpose or as required by statutory retention obligations:

  • Contract data: duration of the contract + statutory retention periods (up to 10 years per HGB/AO)
  • Invoice data: 10 years (§ 147 AO, § 257 HGB)
  • KYC documents: 5 years after contract end (§ 8 GwG)
  • Mail scans: until end of contract + 90 days
  • Server logs: 14 days

14. Data security

We employ technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews.

15. Changes to this privacy policy

We reserve the right to update this privacy policy to reflect changes in the legal landscape or our services. The current version is always available on this page.

Privacy Policy | Olea