Data protection
Privacy Policy
Thank you for your interest in our website. As a member of the Association of Secure and Reputable Online Shop Operators (Verein sicherer und seriöser Internetshopbetreiber e. V.), the protection of your personal data is of utmost importance to us. Below, we inform you transparently and in easily understandable language about, among other things, data collection and its scope, how your data is used, and what rights you have.
You have the right to obtain information free of charge at any time regarding the origin, recipient(s), and purpose of your stored personal data. You also have the right to request the correction, restriction, or deletion of this data, as well as its transfer. If you have any questions about this or about data protection in general, you can contact the person responsible for data processing at any time. The person responsible for data processing is named in section 1 of this privacy policy. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can find detailed information about your rights and further explanations in section 6 of this privacy policy.
Your data will be collected, stored, and processed in accordance with the relevant legal regulations. Personal data is any type of data that can be used to identify you as an individual.
1.) Who is responsible for data processing?
In accordance with the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, the controller is a natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (names, contact details, etc.).
The entity responsible for data processing on this website is:
Nordwelt-Versand GmbH
Oliver Bode
At the windmill 1
31079 Sibbesse
E-mail: nordwelt-versand@nordwelt-versand.de
2.) What data is collected and processed on our website?
2.1.1 Automated data collection:
Each time you access our website, our system automatically collects data and information from the computer system of the accessing device in so-called server log files. Some of this data is technically necessary to display our website to you. This data is not combined with data from other sources. The following data is collected:
- The pages accessed
- Browser types and versions used
- The operating system used by the accessing system
- The website from which an accessing system reaches our site
- The date and time of access to the page
- The internet service provider of the accessing computer
- The Internet Protocol (IP) address used
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits us to process data in the case of a legitimate interest. Our legitimate interest in this case is the reliable and error-free operation of our website. No other processing of this data takes place.
2.2 Collection of personal data
2.2.1 Data collection and processing when opening a customer account and during contract processing
Creating a customer account on our website is entirely voluntary. Registration is not a prerequisite for entering into a contract. Data is collected only to the minimum extent necessary; mandatory fields are clearly marked. You can delete your customer account at any time, free of charge. To delete your account, please contact the data controller, whose contact details are provided in section 1 of this privacy policy.
We use your data only for the purpose for which you registered or for contract processing. The legal basis for data processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR), which permits us to process data when this is necessary for the performance of a contract with you or for taking steps prior to entering into a contract.
The collected customer data will be blocked after completion of the order, termination of the business relationship or deletion of your customer account and deleted after the expiry of tax and commercial law retention periods, unless you have consented to further use of your data.
2.2.2 Data collection and processing when using our email address or contact function
When you contact us via email or the contact form, we store your data until your message has been processed. Required fields in the contact form are clearly marked. The data is used solely for processing your request and will be deleted once your request has been processed. The legal basis for this data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits us to process data when we have a legitimate interest. In this case, our legitimate interest is responding to your message or processing your request.
For emails or messages submitted via the contact form (if available) aimed at initiating a contract, the statutory retention periods under commercial and tax law of 10 years from the end of the calendar year in which the data was collected apply. After these periods have expired, the data is routinely deleted, unless it is still required for initiating or fulfilling the contract, or we have a legitimate interest in continuing to store it. The legal basis for this data processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR), which permits us to process data when this is necessary for the performance of a contract with you or for taking steps prior to entering into a contract.
2.2.3 Newsletter function, data processing and right to object.
2.2.3.1 You have subscribed to our newsletter:
When you subscribe to our free newsletter, data from the registration form will be transmitted to us. Required fields are indicated accordingly and are limited to the necessary minimum (email address). During the registration process, your consent for the processing of your data will be obtained, and you will be referred to this privacy policy. The legal basis for data processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which permits us to process your data if you have given your consent.
The data will not be shared with third parties but will be used exclusively for sending newsletters. You can unsubscribe from the newsletter (withdraw your consent) at any time for the future. Each newsletter contains an unsubscribe link, or you can unsubscribe directly via our website. Of course, you can also unsubscribe directly to the data controller, whose contact details are provided in section 1 of this privacy policy. After unsubscribing from the newsletter, your data will be deleted unless you have consented to further use or we have reserved the right to further use it (as explained below in section 2.2.3.2), which is permitted by law.
2.2.3.2 When we send newsletters to our existing customers
If you have purchased goods or services on our website and provided your email address, we may use it to send you a newsletter, unless you have objected. In such cases, the newsletter will only contain direct advertising for similar goods or services from our product range. The legal basis for sending the newsletter following the sale of goods or services is Section 7 Paragraph 3 of the German Unfair Competition Act (UWG). The legal basis for data processing is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR), which permits us to process data in the case of a legitimate interest. Our legitimate interest in this case is to send you personalized advertising. You can object to the use of your data for this purpose at any time with effect for the future. To object, please contact the data controller, whose contact details are provided in Section 1 of this Privacy Policy.
2.3 Transfer of data to third parties for the purpose of contract fulfillment
2.3.1 Transfer to shipping service providers in general and credit institutions
For payment processing and, if applicable, for the delivery of goods, we pass on personal data to service providers (third parties) to the minimum extent required, insofar as this is necessary for the execution of the contract.
If we pass on your data to a shipping service provider (such as DHL, DPD, UPS, Hermes or GLS), the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.
When we pass on your payment details to the commissioned credit institution, the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.
2.3.2 Disclosure of email address and/or telephone number to shipping service providers
2.3.2.1 DHL
If your goods are delivered by the shipping provider DHL, and you have expressly consented to the transfer of your email address during the ordering process, it will be forwarded to DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn) for the purpose of notifying you of the delivery or coordinating the delivery date. The legal basis for this data processing is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which permits us to process your data if you have given your consent. If you do not consent to the transfer of your email address, delivery will be carried out in accordance with the conditions of section 2.3.1 of this privacy policy. In this case, notification of the delivery or coordination of the delivery date by DHL will not be possible.
You can withdraw your consent to data processing at any time for the future. To do so, please contact the data controller (named in section 1 of this privacy policy) or the shipping provider directly.
2.3.3 Payment service providers
On our website, you can choose from various payment service providers. Below, we inform you about which data is shared and the legal basis for this:
2.3.3.1 PayPal/PayPal Plus
If you choose this payment service provider, the data required for payment will be transferred to PayPal (PayPal Europe, S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which permits us to process data if you have given your consent, and Article 6(1)(b) of the GDPR, which permits us to process data if this is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you choose PayPal Plus payment methods such as "Credit Card," "Invoice," "Direct Debit," or "PayPal Installments," PayPal reserves the right to obtain credit information about you. A credit report may contain scoring values (probability values). These scoring values are based on a scientifically recognized mathematical-statistical procedure. Your address data is also (but not exclusively) included in the calculation of the score values.
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits the processing of data in the case of a legitimate interest. In this case, the legitimate interest is to verify your identity and/or creditworthiness.
You can object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use, and transfer your personal data if this is necessary for the contractual processing of payments by PayPal, is legally required, or is requested by a court or authority.
If you wish to object to the use of your data or to notify us of changes to the data stored, you can contact PayPal directly. You can also find further information about PayPal's privacy policy at the following web address:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
3.) What are cookies and what data is processed?
3.1 Cookies set by our website
Our website uses cookies. Cookies are text files that are stored in or by your web browser on your computer. We use cookies to make our website more user-friendly. Some elements of our website require that the browser be identifiable even after a page change. This is necessary, for example, to save and transmit the items in your shopping cart or your login information. Most of the cookies we use are "session cookies," which are automatically deleted when you close your browser. Some cookies remain stored on your device and allow us to recognize you on your next visit (persistent cookies). These are automatically deleted after a predetermined period. You can find more detailed information about individual cookies in your browser settings.
The legal basis for data processing is either Article 6(1)(a) of the General Data Protection Regulation (GDPR), which permits us to process data if you have consented to the processing, or Article 6(1)(b) of the GDPR, which permits us to process data if this is necessary for the performance of a contract with you or for taking steps prior to entering into a contract, or Article 6(1)(f) of the GDPR, which permits us to process data in the case of a legitimate interest. Our legitimate interest in this case is to offer you a technically flawless and functionally optimized website.
If we store other cookies (for example, from partner companies or to analyze your browsing behavior) on your device, we will inform you about this in detail below.
You can configure your browser to notify you when cookies are being set and then allow them only on a case-by-case basis. You can also generally block cookies or accept them only in specific situations. Furthermore, you can configure your browser to delete cookies after closing the browser window. The available settings vary depending on the browser. Help with the settings (for the most common browsers) can be found at the following links:
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you do not accept cookies, the functionality of our website may be significantly limited.
3.2 Comment functions on our website
For this function, your comment, (if provided) your username (nickname), the time of posting, your IP address, and your email address will be stored. Your data will be stored until the content you commented on has been completely deleted (or had to be deleted for legal reasons). We reserve the right to delete comments that have been reported as unlawful by third parties.
The legal basis for storing and processing your comment, username, and the time of its creation is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which permits us to process this data if you give us your consent. You have the right to withdraw your consent to data processing at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
The legal basis for processing your IP address and email address is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits us to process this data in cases of legitimate interest. Our legitimate interest in this case is to be able to take action against you in the event of legal violations such as defamation or propaganda. We need your email address to contact you if your comment is reported as unlawful by a third party.
3.3 Web analytics/marketing
3.3.1 Google Analytics <
We use the Google Analytics analysis tool on our website. The provider of this analysis tool is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies." Cookies are small text files that are stored on your computer and thus enable an analysis of your use of the website. This analysis data is usually transmitted to a Google server in the USA and stored there.
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits us to process data in the case of a legitimate interest. Our legitimate interest in this case is to analyze user behavior in order to optimize our services and advertising.
Please note that Google Analytics on this website has been extended with the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). By activating IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage.
The IP address transmitted by your internet browser as part of Google Analytics will not be merged with other Google data.
You can prevent cookies from being stored by adjusting your internet browser settings accordingly. However, we would like to expressly point out that in this case you may not be able to fully use all the functions of this website.
You can prevent data collection by Google Analytics by clicking the following link and downloading the tool offered there: https://tools.google.com/dlpage/gaoptout?hl=de
You can also prevent data collection by Google Analytics by clicking on the following link, which will set an opt-out cookie that prevents the collection of your data on future visits to this website: Deactivate Google Analytics.
You can also find further information about Google's privacy policy at the following web address:
https://support.google.com/analytics/answer/6004245?hl=de
3.4 Google Maps
We use Google Maps (API) on our website. Google Maps allows us to visually display interactive maps. Google Maps shows you our location on the map.
The provider of this tool is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you access websites that integrate Google Maps, user data, such as your IP address, is transmitted to Google servers in the USA, stored there, and analyzed. If you have a Google account and are logged in, this data will be associated with your account. To prevent this association, you must log out of your Google account beforehand. Regardless of whether you are logged in or not, a user profile will be created by Google in any case.
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR), which permits Google to process data in the case of a legitimate interest. In this case, the legitimate interest is the display of personalized advertising and/or the optimization of Google Maps.
If you wish to prevent this data transmission because you do not agree to it, you can completely deactivate Google Maps by disabling "JavaScript" in your browser settings. Please note that the virtual map displaying our location will then also no longer function.
Furthermore, you have the right to object to the creation of user profiles by Google. To exercise this right, please contact Google directly.
Furthermore, the privacy policy and terms of service of Google and Google Maps apply:
https://www.google.com/intl/de_US/help/terms_maps.html
https://policies.google.com/privacy?hl=de&gl=de
4.) How is the data backed up?
Personal data is transmitted exclusively via an encrypted SSL or TLS connection. This applies to messages sent via our contact form, as well as to data relating to your order and payment transactions. Encryption prevents your sensitive personal data from being intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the browser's address bar begins with "https://" (and by the padlock icon in the browser bar).
The data stored in the systems of our website is password-protected and cannot be viewed by unauthorized third parties.
Data transmission on the internet, for example when sending an email, is not 100% secure and may have security vulnerabilities in some cases.
5.) How long will the personal data be stored?
How long we store your personal data depends, among other things, on the respective statutory retention periods. For messages sent via our contact form and/or our email address, your data will be deleted after processing is complete, unless we have a legitimate interest in continuing to store it.
The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After these periods have expired, the data is routinely deleted, unless it is still required for initiating or fulfilling a contract, or we have a legitimate interest in continuing to store it.
6.) What rights do you have vis-à-vis the data controller?
Below we list the rights you have under the General Data Protection Regulation (GDPR) vis-à-vis the data controller. The data controller is named in section 1 of this privacy policy. If your personal data is processed, you are a "data subject" within the meaning of the General Data Protection Regulation (GDPR).
6.1 Your right to information pursuant to Article 15 of the General Data Protection Regulation (GDPR)
You can request information from the data controller as to whether your personal data is being processed. If such processing is taking place, you can also request information about the following: the purposes for which this personal data is being processed; the categories of personal data being processed; the recipients or categories of recipients to whom your personal data has been or will be disclosed; the planned storage period for your personal data or, if no specific information is available, the criteria used to determine that storage period; the existence of a right to rectification or erasure of your personal data, the existence of a right to restriction of processing by the data controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the State Data Protection Commissioner of the federal state in which we are based – addresses and links can be found [here/on our website]). here ; all available information about the origin of the data if the personal data are not collected from the data subject (i.e., you); the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether your personal data is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation (GDPR) relating to the transfer.
6.2 Your right to rectification pursuant to Article 16 of the General Data Protection Regulation (GDPR)
You have the right to immediate rectification and/or completion from the data controller if the processed personal data concerning you is inaccurate or incomplete.
6.3 Your right to erasure pursuant to Article 17 of the General Data Protection Regulation (GDPR)
You can request that the data controller delete your personal data without undue delay, and the data controller is obliged to delete such personal data without undue delay where one of the grounds listed in Article 17(1) of the GDPR applies.
The right to erasure does not apply insofar as processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
6.4 Your right to restriction of processing pursuant to Article 18 of the General Data Protection Regulation (GDPR)
You have the right to request from the data controller the restriction of processing while the accuracy of the personal data concerning you is being verified, you object to the erasure of the personal data and request the restriction of their use instead, the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
6.5 Your right to information pursuant to Article 19 of the General Data Protection Regulation (GDPR)
If you have asserted your right to rectification, erasure or restriction of processing against the data controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
They have the right to be informed about these recipients by the data controller.
6.6 Your right to data portability pursuant to Article 20 of the General Data Protection Regulation (GDPR)
You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the data controller to whom the personal data have been provided, where technically feasible.
This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right to data portability must not infringe upon the rights and freedoms of other persons.
6.7 Your right to withdraw consent declarations pursuant to Article 77 of the General Data Protection Regulation (GDPR)
You have the right to withdraw your consent to data processing at any time with effect for the future. In the event of withdrawal, the data concerned will be deleted immediately, unless there is a legal basis for processing that does not require consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.8 Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performing, a contract between you and the controller, is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms and legitimate interests have been taken.
With regard to the cases mentioned in 6.8.1 and 6.8.3, the data controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
6.9 Your right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the General Data Protection Regulation (GDPR).
+++++++++++++++++++++++++++++
6.10 Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The data controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
+++++++++++++++++++++++++++++
