GDPR

Last updated: April 17, 2026

Our Commitment to GDPR

Otto Home is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We respect your rights as a data subject and are transparent about how we process your personal data.

Data Controller

Otto Home acts as the data controller for personal data collected through our website and services. For any data protection enquiries, contact our Data Protection Officer at dpo@ottohome.ai.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten").
  • Right to restriction of processing (Art. 18): You can request that we limit how we use your data.
  • Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You can object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making (Art. 22): You have the right not to be subject to solely automated decisions that significantly affect you.

Lawful Bases for Processing

We rely on the following lawful bases under GDPR Article 6:

  • Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies.
  • Contract (Art. 6(1)(b)): To deliver services you have subscribed to.
  • Legal obligation (Art. 6(1)(c)): For tax, accounting, and regulatory compliance.
  • Legitimate interests (Art. 6(1)(f)): For fraud prevention, security, and service improvement.

International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission.

Data Retention

We retain personal data only for as long as necessary for the purposes outlined in our Privacy Policy, or as required by law. After that period, data is securely deleted or anonymised.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

Submitting a Request

To exercise any of your GDPR rights, please contact us at dpo@ottohome.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.