Data Protection Policy

We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws applicable to us. This privacy policy provides you with comprehensive information about the processing of your personal data by nicionlineshop.com and the rights to which you are entitled.

Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address.

Data is anonymous if no personal reference to the user can be established.

Your Rights as Data Subject

First of all, we would like to inform you here about your rights as a data subject. These rights are standardized in Art. 15 – 22 EU GDPR. This includes:

  • The right to information (Art. 15 EU GDPR),
  • The right to erasure (Art. 17 EU GDPR),
  • The right to rectification (Art. 16 EU GDPR),
  • The right to data portability (Art. 20 EU GDPR),
  • The right to restrict data processing (Art. 18 EU GDPR),
  • The right to object to data processing (Art. 21 EU GDPR).

To assert these rights, please contact us through the contact options provided on our website. The same applies if you have any questions about data processing in our company or wish to withdraw your consent. You also have the right to lodge a complaint with a data protection supervisory authority.

Rights of Objection

Please note the following in connection with rights of objection:

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is associated with direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally.

In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.

When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with. The legal basis for data processing arises in particular from Art. 6 EU GDPR.

We use your data to initiate business, to fulfill contractual and legal obligations, to implement the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent to data processing may also constitute a data protection authorization provision. Before you give your consent, we will inform you about the purpose of the data processing and your right of withdrawal.

Disclosure to Third Parties

We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the Data / Categories of Recipients

Within our company, we ensure that only those persons receive your data who need it to fulfill contractual and legal obligations.

In certain cases, service providers support our specialist departments in fulfilling their tasks. These include hosting, store programming, payment processing, credit checks, newsletters, and shipping. The necessary data protection contracts have been concluded with all service providers.

Third Country Transfer / Intention to Transfer to a Third Country

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual relationship, is required by law, or if you have given us your consent to do so.

We do not transfer your personal data to any service provider outside the European Economic Area.

Storage Duration of the Data

We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g., German Commercial Code, German Fiscal Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

Secure Transmission of Your Data

We use appropriate technical and organizational security measures to protect the data stored by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The exchange of data to and from our website is encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols. It is also possible to use alternative communication channels (e.g., by post).

Data Collection and Processing on Our Website

We collect and process the following data when you visit our website:

  • Name of the internet service provider
  • Information about the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your Internet service provider
  • Information about the websites you visit on our site, including date and time
  • Access status / HTTP status code

For reasons of technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6(1)(f) EU GDPR. After 7 days at the latest, anonymization takes place by shortening the IP address so that no reference to the user is established.

Contact Form / Contact by E-mail (Art. 6 para. 1 lit. a, b EU-GDPR)

There are contact forms on our website that can be used to contact us electronically. If you contact us via these forms, the data you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.

Order Process in the Webshop (Art. 6 para. 1 lit. b EU-GDPR)

We process the data you provide during the ordering process only to fulfill or process the contractual relationship, unless you consent to further use.

The principle of data economy and data avoidance is observed in that you only have to provide us with the data that we absolutely need to execute the contract or fulfill our contractual obligations or that we are legally obliged to collect.

Your IP address is also processed for technical reasons and for legal protection. Without this data, we will unfortunately