Sign inPurchase now

Privacy Policy

Version 1.0 Thank you for your interest in data protection in connection with omniac (hereinafter referred to as "Service") and the related app and website. We want you to feel comfortable and safe when using our Service, and to know that one of the things that sets us apart is our commitment to protecting our customers' data.

Changes in the law or in circumstances relating to data processing may necessitate changes to this privacy policy. We will keep you informed of any significant changes.

1. Overview

Below we inform you about the processing of your personal data in connection with the use of the Service, including our website and app used in this context, and about your rights under the General Data Protection Regulation (GDPR).

Personal data is information that identifies you or could identify you directly or indirectly. The statutory basis for data protection is, in particular, the GDPR.

2. Controller

Unless otherwise indicated below, the controller (Article 4 no. 7 GDPR) for the data processing detailed in the following is:

Schwarz Cyber Technologies GmbH
Stiftsbergstraße 1 74172 Neckarsulm, Germany E-mail: info@omniac.de

(hereinafter "we", "us").

3. Details of the Data Processing

3.1. Using our Website

3.1.1. Purposes and Legal Bases

When using our website, the browser used on your end device will – automatically and without any action on your part – send

  • the IP address of the end device;
  • the date and time of access;
  • the name and URL of the requested file;
  • the data volume transmitted;
  • the website/application from which the access occurred (referrer URL);
  • the browser and, where relevant, the operating system of your Internet-enabled end device; and
  • the name of your Internet service provider

to our website server and be stored temporarily in a log-file for the following purposes:

  • to ensure a fault-free connection;
  • to ensure the comfortable use of our website/application; and
  • to analyze system security and stability.

The legal basis for this data processing is Article 6(1) sentence 1(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website. In addition, we base data processing on Article 6(1) sentence 1(b) GDPR, insofar as we process your data in order to make the website available to you and thus to be able to fulfill our agreement with you.

3.1.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients.

The website is operated on our behalf on servers of IT service providers. Your personal data may be made available to these service providers for support and maintenance purposes.

3.1.3. Storage Time/Criteria for Determining Storage Time

The log files are stored for 7 days.

3.2. Using Our App

3.2.1. Purposes and Legal Bases

When you use our app, the following information about you and the device you are using is collected and processed:

  • your IP address;
  • the date and time of access;
  • the client request;
  • the http response code; and
  • the data volume transmitted.

In addition, when you use our app, the app version used and the mobile device from which you start our app are collected and processed.

We process the aforementioned data in order to provide you with the app and to be able to perform our agreement with you. We process your personal data in this context on the basis of Article 6(1) sentence 1(b) GDPR. Since the processing also serves our legitimate (and overriding) interest in providing the Service you have requested, we also base the data processing on Article 6(1) sentence 1(f) GDPR.

3.2.2. Recipients/Categories of Recipients

In some cases we use service providers, in particular IT service providers, to process your data. The companies acting on our behalf are bound by our instructions with regard to the processing of your personal data and process this data on our behalf.

3.2.3. Storage Time/Criteria for Determining Storage Time

We delete or anonymize your personal data as soon as it is no longer required for the purposes of the processing as set out above.

If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, we will store your data in accordance with data protection provisions beyond the end of your use of the app for as long as storage is required by law or as long as this is necessary for the purposes.

3.3. Use of Our Service

You can use our Service via our app or our website.

3.3.1. Purposes and Legal Bases

As part of the ordering and registration process for the Service, we process the following data about you in particular:

  • information that you provide when ordering the Service, in particular regarding the subscription you require (e.g., term);
  • your first and last name;
  • company e-mail address;
  • your postal code;
  • your country of residence;
  • confirmation that you are using the Service as a private individual; and
  • depending on the payment for the subscription, your billing address.

You must also verify your e-mail address using a code that we will send to the e-mail address you provide. We will also assign you a customer ID. Depending on whether the function is used, you can also either assign a master PIN or set up FaceID, which we then use to check your login to the app.

As part of the use of the Service, we process in particular the data that you enter, such as your name, your e-mail address, your telephone number, your credit card number, your IBAN and your ID card number, and want to be monitored to detect if it becomes compromised. You can change the data to be monitored at any time. In order to be able to carry out the monitoring (technically), we assign you and the data to be monitored a special and unique code number.

For the monitoring, which is mainly carried out by our service provider Constella Intelligence, Inc., we transfer your data – depending on the areas of the Internet to be monitored – in a hashed and sometimes also in an encrypted form. We will then also make your data available to the aforementioned service provider in these formats. If it detects that data has been compromised, e.g., on the deep/dark web, it can hash the affected data with the same algorithm and determine whether the data you entered for monitoring is affected by the compromise. For other areas of the Internet, in particular the "surface web", it can also temporarily disable the encryption to actively check whether the data you have entered has been compromised.

If it detects compromised data, the service provider informs us and we can send you an alert (see below). For this purpose, and in order to be able to determine that you have changed the data to be monitored, we store your data to be monitored in hashed form and in masked form, in which we replace some letters with an X. We do not store your data as real ID data (Klardaten) in this context.

You can decide whether you want to receive notifications (e.g., about compromised data) by e-mail and/or push notification. If you enter an e-mail address or a mobile phone number for communication or monitoring purposes, we will verify this by sending you a confirmation link by e-mail or a code by text message, which you must click on or enter.

If we detect that your data has been compromised, you will receive an alert. In particular, this contains information about the compromised data and information about the compromise (e.g., where it was found). If necessary, the alert may also contain data from you that you have not selected to be monitored, but which we have found in connection with compromised data of yours that was to be monitored. The alert lists your data in masked form, where some of the letters have been replaced by an X.

In addition, the alert contains a classification of the criticality of the compromise, which is determined by the sensitivity of the compromised data and the time of the compromise. The alert also contains recommendations for action that you can report back as "completed". Based on the classification of the compromise and the recommendations for action that were contained in (previous) alerts and that you have not reported back as "completed", we calculate an individual security score that is communicated to you as part of the alert.

We process the aforementioned data in order to provide you with the Service and thus to be able to perform our agreement with you. We process your personal data in this context on the basis of Article 6(1) sentence 1(b) GDPR. Since the processing also serves our legitimate (and overriding) interest in providing the service you have requested, we also base the data processing on Article 6(1) sentence 1(f) GDPR.

In addition, we process data about your subscription/order for the service in order to be able to comply with our obligations under tax and commercial law. The basis for this is Article 6(1) sentence 1(c) GDPR.

3.3.2. Recipients/Categories of Recipients

In some cases we use service providers to process your data. The companies acting on our behalf are bound by our instructions with regard to the processing of your personal data and process this data on our behalf.

In providing the Service, Schwarz Digital GmbH & Co. KG, Schwarz IT KG and Constella Intelligence, Inc. act for us as service providers bound by instructions as follows:

  • Schwarz Digital GmbH & Co. KG assists us above all in coordinating the contractual partners;
  • Schwarz IT KG primarily provides us with storage capacity, database systems and technical support. It also assists us in creating the code number assigned to you and your data and in creating alerts.
  • Widas ID GmbH assists us in particular in the ordering and registration process. It operates an identity and access management service that we use in this context.
  • Constella Intelligence, Inc. (hereinafter "Constella") primarily assists us in monitoring your data with regard to compromises in certain areas of the Internet. In particular, Constella checks whether data you have selected for monitoring has been published there. In the event of a compromise, Constella will provide us with information on this and assist us in preparing the alert to you. Constella uses other (sub)processors for this purpose, who primarily provide storage capacity and technical support.

3.3.3. Data Transfers to Recipients in Third Countries

As our service provider Constella has its registered office in the USA, data relating to you will be transferred to a country outside the European Union and the European Economic Area within the meaning of Article 44 et seq. GDPR. To ensure suitable guarantees for this data transfer, we have entered into the EU standard contractual clauses issued by the European Commission with Constella. The EU standard contractual clauses can be found here, for example: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

3.3.4. Storage Time/Criteria for Determining Storage Time

We delete or anonymize your personal data as soon as it is no longer required for the purposes of the processing as set out above. As a rule, we therefore store your personal data for the duration of your subscription or use of the Service and after its termination, as long as all related claims are time-barred.

If you remove data or contact details to be monitored during an ongoing subscription, we will usually delete them without undue delay. If you cancel your subscription, we will generally delete the data you selected for monitoring after 30 days. In this case, the customer account, including the data entered during registration, will not be deleted, but you can delete it separately.

If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, we will store your data in accordance with data protection provisions beyond the end of your use of the Service for as long as storage is required by law or as long as this is necessary for the purposes.

3.4. Payment and Management of the Subscription

3.4.1. Purposes and Legal Bases

The purchase of a subscription for our service is currently only possible via our app and takes the form of an "in-app purchase". The operator of the respective app marketplace (for the Apple Store: Apple Distribution International Limited in Hollyhill, Cork, Republic of Ireland; for the Google Play Store: Google Ireland Limited in Gordon House, Barrow Street, Dublin 4, Ireland) processes the purchase, in particular your payment for the subscription you have selected. To do this, it uses the payment method that you have stored in the respective app marketplace and selected for the subscription.

To enable the operator to process the purchase, we provide it with the following information about you in particular:

  • information that you wish to purchase a subscription to the Service; and
  • the subscription you have chosen.

Once the payment process is completed, it only informs us that you have purchased a specific subscription and made the payment for it.

Subsequently, the management (in particular the renewal) and termination of the subscription are also carried out via the corresponding app marketplace. In such cases, we only receive information from the respective operator that you have changed a subscription (e.g., extended it and made a payment for it) or terminated it.

We are not responsible for data processing by the operator of the respective app marketplace in connection with the purchase, management and termination of the subscription. This applies in particular to the processing of your data by the operator to process your payment.

We transmit the aforementioned data to the operator of the app marketplace relevant to you for the purpose of enabling you to purchase and manage (e.g., renew or terminate) your desired subscription to our Service as part of an in-app purchase. The transmission is necessary for us to perform the agreement with you for the use of our Service and your agreement with the operator of the app marketplace. The basis for this is Article 6(1) sentence 1(b) GDPR.

Since it is also necessary to safeguard our legitimate (overriding) interest in entering and performing the agreement with you for a subscription to our Service and to safeguard the legitimate (overriding) interest of the operator of the app marketplace in performing the agreement with you for payment processing and management of the subscription, the data processing is also based on Article 6(1) sentence 1(f) GDPR.

In addition, we process data about your subscription/payment for the Service in order to comply with our obligations under tax and commercial law. The basis for this is Article 6(1) sentence 1(c) GDPR.

3.4.2. Recipients/Categories of Recipients

In some cases we use service providers to process your data. The companies acting on our behalf are bound by our instructions with regard to the processing of your personal data and process this data on our behalf.

For the payment and management of the subscription, Schwarz Digital GmbH & Co. KG and Schwarz IT KG act for us as service providers bound by instructions as follows:

  • Schwarz Digital GmbH & Co. KG assists us above all in coordinating the contractual partners.
  • Schwarz IT KG primarily provides us with storage capacity, database systems and technical support.

We also pass on your personal data to the operator of the app marketplace relevant to you as described in more detail above. If you are using our iOS-based app, this is Apple Distribution International Limited in Hollyhill, Cork, Republic of Ireland. If you are using our Android-based app, this is Google Ireland Limited at Gordon House, Barrow Street, Dublin 3, Ireland.

3.4.3. Storage Time/Criteria for Determining Storage Time

We delete or anonymize your personal data as soon as it is no longer required for the purposes of the processing as set out above. As a rule, we therefore store your personal data for the duration of your subscription or use of the Service and after its termination, as long as all related claims are time-barred.

If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, we will store your data in accordance with data protection provisions beyond the end of your use of the Service for as long as storage is required by law or as long as this is necessary for the purposes.

3.5. Communication via E-mail/Customer Service

3.5.1. Purposes and Legal Bases

We process personal data that you provide by e-mail (in particular you e-mail address) as part of your query for the purpose of handling your query. If necessary, we will also request data from you to confirm your identity.

The legal basis for this data processing as part of initiating or performing a contract, in particular in connection with the Service, is Article 6(1) sentence 1(b) GDPR. Otherwise, the legal basis for this is Article 6(1) sentence 1(f) GDPR. Our legitimate interest arises from the interest in responding to your customer queries so that customer satisfaction is promoted.

3.5.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients.

Your personal data may be made available to IT service providers for support purposes. When communicating via e-mail/customer service, Schwarz Digital GmbH & Co. KG, Schwarz IT KG, Netlution GmbH and Lidl Kundenservice GmbH & Co. KG act for us as service providers bound by instructions as follows:

  • Schwarz Digital GmbH & Co. KG assists us above all in coordinating the contractual partners.
  • Schwarz IT KG primarily provides us with storage capacity, database systems and technical support, including answering customer queries.
  • Netlution GmbH and Lidl Kundenservice GmbH & Co. KG assist us to answers customer queries.

3.5.3. Storage Time/Criteria for Determining Storage Time

The data will be stored for 90 days after your query has been closed. From experience, no further responses are expected after this time.

If you assert legal claims, your data will be stored for three years after your query has been completed, starting at the end of the calendar year, to prove that we have fulfilled any legal claims.

3.6. Processing for the Assertion, Exercise or Defense of Legal Claims and in the Case of Takeovers

3.6.1. Purposes and Legal Bases

Insofar as this is necessary in individual cases, we will also process the data about you mentioned in this privacy policy in order to assert and exercise legal claims, to defend ourselves against legal claims and, insofar as this is necessary, in connection with corporate transactions, e.g., if parts of the company are to be sold.

The legal basis for data processing in the context of initiating or performing a contract, in particular in connection with the Service, is Article 6(1) sentence 1(b) GDPR. Otherwise, the legal basis for this is Article 6(1) sentence 1(f) GDPR. The purposes of data processing listed above constitute our legitimate interest.

3.6.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients. In particular, this may include other companies to which company shares are (or are to be) sold, persons and bodies that assist us in asserting and exercising legal claims or defense against them or are involved in the proceedings taking place in this context, and authorities.

3.6.3. Storage Time/Criteria for Determining Storage Time

We delete or anonymize your personal data as soon as it is no longer required for the purposes of the processing as set out above and we may not process it for other purposes.

If your data is required for longer due to statutory retention periods, we will store your data in accordance with data protection regulations for as long as is required by law.

3.7. Advertising: Newsletters and Push Notifications

3.7.1. Purposes and Legal Bases

If you consent to receiving our newsletter and push notifications in our app, we will process the data specified in the declaration of consent, in particular

  • the e-mail address you have provided; and
  • information about the device you are using

to send you advertising for products, services, promotions and cooperations from us by e-mail to the e-mail address you have provided and push notifications in the app.

The legal basis for this data processing is your consent pursuant to Article 6(1) sentence 1(a) GDPR. You can withdraw your consent at any time with effect for the future via the link at the end of each newsletter, by e-mail to datenschutz@mail.schwarz or via the customer account.

To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you grant your consent, we will send you a confirmation code. Your e-mail address will not be added to our distribution list until you enter this confirmation code.

We also process the following data to document your consent and to defend our rights:

  • IP address of the end device used for registration;
  • date and time of registration and e-mail verification;
  • registration and deregistration source; and
  • newsletter history.

The legal basis for this data processing is Article 6(1) sentence 1(f) GDPR. The purposes listed above constitute our legitimate interest.

3.7.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients.

For our newsletter, we use IT service providers to process personal data on our behalf.

3.7.3. Storage Time/Criteria for Determining Storage Time

If the confirmation link is not clicked within 48 hours, your data will be deleted in connection with the sending of advertising by newsletter/push notifications.

As soon as you withdraw your consent, we will no longer process your data for the purpose stated here and will generally delete it if we are not permitted to process it for another purpose.

As proof of your consent, the required data will be stored for three years, starting at the end of the calendar year in which you withdraw your consent.

4. Use of Cookies and Similar Technologies

4.1. Cookies

When cookies and similar technologies are used to process usage data (in particular local storage and special identifiers when using our app, e.g., advertising IDs such as the identifier for advertisers), files are stored locally on your end device when you visit our website or use our app, in which information is stored in connection with the end device you are using, or we use these technologies to access information stored on your end device. This does not, however, mean that we will immediately become aware of your identity.

4.1.1. Purposes, Types of Data and Legal Bases

The use of cookies and similar technologies to process usage data serves the following purposes:

Technically necessary: These are cookies and similar technologies that are necessary for you to use our Services (for example, to correctly display our website, including the language, font and color, provide the functions you request to remember your settings, such as your selection regarding cookies and similar technologies and to record you signing in or to fill your shopping cart when making online purchases).

Technically necessary cookies and other technologies categorized as "technically necessary" are used on the basis of section 25 (2) no. 2 of the German Telecommunications and Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG). Data is subsequently processed based on our legitimate interests pursuant to Article 6(1) sentence 1(f) GDPR.

Based on the purpose pursued, the following types of personal data are processed and the following cookies and similar technologies are used in particular:

  • user inputs, in order to remember inputs across multiple sub-pages;
  • authentication data to identify a user after signing in, enabling you to access authorized content on subsequent visits (e.g., access to your customer account);
  • security-related events (e.g., identifying repeat failed sign-in attempts);

An information overview of the cookies and similar technologies used, the storage periods and any integrated third-party providers in this category can be found in our Cookie Policy.

4.1.2. Storage Time/Criteria for Determining Storage Time

The storage period for cookies can be found in our Cookie Policy.

If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn.

If "session" is entered in the "expiration" column, the cookie will be stored for the duration of your visit to the site. The cookies saved locally are deleted as soon as you end the session or close your browser.

5. Obligation to Provide Your Data

Unless otherwise indicated above, you are under no statutory or contractual obligation to provide your personal data to us.

Nevertheless, some data is processed for technical purposes as soon as you access our website or our app and use the associated services. The only way to prevent your data from being processed is to stop accessing our website and using our app and/or the respective services.

Insofar as personal data is required for the processing of a query from you, a possible entry of an agreement or other services on our part, in particular the provision of the Service, we may also not be able to process your query, enter into an agreement with you or provide other services if you do not provide this data. In particular, we can only monitor data for compromises as described within the scope of our Service if you provide it to us.

6. Your Rights as Data Subject

If the data processing is carried out on the basis of consent granted under Article 6(1) sentence 1(a) or Article 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

Under Article 15(1) GDPR, you have the right to access information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the basis of processing is Article 6(1) sentence 1(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will only be processed thereafter if we can demonstrate compelling legitimate grounds for the processing which override your interests in the objection.
If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21(2) GDPR.

No automated decision-making, including profiling, takes place.

To exercise your rights as a data subject, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

7. Contact the Data Protection Coordinator

For further questions concerning the processing of your data or the exercise of your rights, please contact the competent data protection coordinator of the controller at:

E-mail: datenschutz@mail.schwarz