Data protection

Data Protection Information

Welcome to our website and thank you for your interest. In the text below we inform you about how we handle your personal data when you use our website. In this connection, “personal data” means all data that can be used to identify you personally.

 

1. Party responsible for the data processing

The controller of the data processing on nuzz.de, as defined in the General Data Protection Regulation (GDPR), is:

 

Acht & Zwanzig GmbH

Loßburger Straße 28

72250 Freudenstadt

Person in charge: Antje M. Gerhold

[email protected]

 

We reserve the right to modify or update this data protection information at any time, while taking into consideration the currently applicable data protection regulations.

 

2 Purposes of the data processing, type of data and legal bases

2.1 Data when viewing our website

2.1.1 Log files

You can visit our web pages without providing information about yourself.

Each time our website is accessed, information is sent from the particular internet browser of your particular end device to the server of our website and is temporarily stored in log files. The data sets that are processed in the course of this action do not allow any direct conclusion about your identity and no direct conclusion is drawn by us, either.

The legal basis for processing the IP address is Article 6 (1)(f) of the GDPR. Our legitimate interest is derived from our need to ensure smooth establishment of a connection and easy use of our website, and our need to evaluate the system’s safety and stability.

The data are stored and are then deleted after the above-mentioned objectives have been achieved. The standard deadlines for deletion depend on the criterion of necessity.

 

2.1.2 Cookies

At the current time, the only cookies that are used are ones that are necessary for website's function. Additional information can be found below.

 

2.2 Establishment, implementation and/or termination of a contract

 

2.2.1 Data processing during formation of a contract

If you register with us (as a guest or through a customer account) and enter a contract with us, we will process data that are necessary for entering, implementing or terminating a contract with you. Such data include:

  • First name, last name
  • Billing and delivery address
  • Email address
  • Telephone number

The legal bases for this data processing are subparagraphs (a) and (b) of Article 6 (1) of the GDPR. In other words, you are providing us with the data based on the current contractual relationship between us (e.g., management of your customer account, settlement of a purchase contract). For the purpose of processing your email address in the event of a purchase through our website, because of legal requirements in the German Civil Code (BGB), we are also required to send you an electronic order confirmation (Article 6(1)(c) of the GDPR).

We store the data that has been collected for processing the contract up until expiration of the legal or possible contractual warranty and guarantee rights. After this period has ended, we retain, for the legally required periods of time, the information about the contractual relationship that is required under commercial law and tax law. During this time period, these data are processed again only in the event of a review by financial authorities.

The following data processing activities are necessary in order to process a purchase contract on our website:

Your payment data are shared with the payment service providers that process the payment(s). We share information about your delivery address with logistics companies that we have commissioned. In order to ensure that the goods are delivered in accordance with your wishes, we send your email address to the logistics company that we have commissioned and/or to partners who undertake the delivery. These companies will contact you prior to the delivery in order to coordinate details of the delivery. The respective data are only forwarded for the respective purposes and are deleted after the delivery has been accomplished.

 

2.2.2 Transfer of data to third parties

In order to operate our website and to establish and fulfill contracts with our customers, we work together with service providers, such as IT service providers (for operating the online store), logistics companies (e.g., DHL) and payment service providers (e.g., PayPal). As a basic principle, these service providers are only allowed to process your data under special conditions. To the extent that we hire these service providers as data processors, the service providers get access to your data only in the scope and only for the time period that is necessary for performance of the respective service. We only transfer your data if this is allowed under German or European data protection law.

We work together with logistics service providers/transport companies for the purpose of delivering merchandise that has been ordered. The following data can be transmitted to these parties for the purpose of delivering or announcing the delivery of the ordered goods: first name, last name, mailing address, email address, telephone number.

The legal basis for this processing is Article 6(1)(b) of the GDPR.

For the purpose of fiduciary debt collection, we reserve the right to transmit the data necessary for bill collection to a collection service if you should fail to pay outstanding invoices or installments despite repeated warnings. The legal basis for this is Article 6(1)(b) of the GDPR.

To a large extent, our data is processed with the assistance of IT service providers, who provide us with online shop functionalities, storage space and processing capacity in data processing centers, and who also process personal data on our behalf. These service providers process data either exclusively in the EU or guarantee a level of data protection that is necessary in order to comply with the applicable laws in the EU and in Germany.

The legal bases for transmitting the data to IT service providers are subparagraphs (a), (b), (c) and (f) of Article 6(1) of the GDPR.

 

2.2.3 Payments

We process your payment information for the purpose of settling payments -- for example, if you purchase and/or use a product and/or service via nuzz.de. Depending on the type of payment, we forward your payment information to third parties (such as PayPal).

The legal bases for this data processing are subparagraphs (a), (b) and (f) of Article 6(1) of the GDPR.

2.2.3.1 Payment via PayPal

Selecting payment via PayPal at nuzz.de triggers the forwarding of your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), as part of payment processing.

The legal bases for this data processing are subparagraphs (a), (b) and (f) of Article 6(1) of the GDPR.

PayPal is an online payment processor. If you select “PayPal” as your payment option during the ordering process in our online store, you will initiate automated transfer of data to PayPal. When you select this payment option, you are giving your consent to the necessary transmission of personal data for the purpose of payment processing.

As a general rule, the personal data transmitted to PayPal consist of first name, last name, address, email address, the content of your shopping cart and, if appropriate, other data that are necessary for payment processing.

Data are transmitted for the purpose of payment processing and fraud prevention. Under certain circumstances, the personal data transmitted to PayPal will be transmitted to credit agencies. This transmission serves the purpose of checking identity and creditworthiness.

As circumstances require, PayPal may pass on the personal data to affiliates and service providers or to subcontractors, if this is necessary in order to fulfill contractual obligations or if the data are to be processed on our behalf.

You have the option to revoke, at any time, your consent for PayPal to handle personal data. Revocation of consent has no effect on personal data that absolutely must be processed, used or transmitted for the processing of payments (in accordance with the contract). 

The applicable data protection provisions of PayPal can be accessed at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

2.2.3.2 Payment via direct online banking transfer (Klarna, Giropay) and credit card (Mastercard/Visa)

These payment options are provided based on the services of the payment service provider Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Niederlande), a Dutch bank, which is supervised by the Central Bank of the Netherlands (www.dnb.nl).

When you select this payment option, you are giving your consent to the necessary transmission of personal data for the purpose of payment processing.

You´ll find the privacy statement of Mollie B.V. here: https://www.mollie.com/en/privacy

 

Payment via direct online banking transfer Klarna Sofort

If you select Klarna Sofort as your payment option during the ordering process in our online store, you will be transferred automatically to the platform provided by Klarna. There you will be asked to enter the name/ the BIC of your bank. This triggers the entering of the login area of Klarna, where you are asked to login with your online banking data. The information will be encrypted and transferred to your bank. With the entering of your TAN the payment will be authorized. For security reasons each TAN can only be used once.
After the execution of the payment NuZz obtains a confirmation of the transaction and you´ll receive a confirmation of the payment. The goods purchased can then be shipped. You´ll find the privacy statement of Klarna here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

To process your order NuZz, the Acht & Zwanzig GmbH receives the following data via the payment process with Klarna Sofortüberweisung: name, account number/IBAN, BLZ/BIC, subject, amount and date, which is also visible in the account statement.

 

Payment via direct online banking transfer (Sofortüberweisung) Giropay

If you select Giropay as a payment option, you´ll be transferred to Giropay, where you´ll be provided with the opportunity to select your bank out of the list of participating banks. In case your bank participates in Giropay, you´ll be transferred to the online banking platform of your bank. There, you´ll login as usually and initiate the transfer. The transfer template is already filled. You authorize the payment by entering a TAN.  Giropay serves as an intermediary and does not receive your data. Personal and security relevant data (Login name, PIN, TAN) remains in the secured dialogue between you and your bank´s online banking platform. You´ll find the privacy statement of Giropay here:  https://www.giropay.de/rechtliches/datenschutzerklaerung/

 

Via the payment process with Giropay, NuZz/ the Acht & Zwanzig GmbH only receives the data which is reflected in the account statement: name, account number/IBAN, BLZ/BIC, subject, amount and date.  

 

 

Payment via credit card (Mastercard / Visa)

Selecting payment via Mastercard or Visa at www.nuzz.de triggers the forwarding of your payment data to Mollie B.V. as part of payment processing.

If you select Mastercard or Visa as a payment option, you´ll receive the opportunity to enter your credit card information and to confirm the payment. Your credit card information is not stored by us but transmitted directly via an encrypted connection to Mollie B.V. and stored and processed according to the rules and requirements of German or European data protection law and the Payment Card Industry Data Security Standard (PCI-DSS).

 

 

2.3 Data processing for advertising purposes

 

2.3.1 Newsletter

On our website we may possibly offer you the opportunity to sign up for our newsletter. In order to ensure that no errors occur during entry of the email address, we use the “double opt-in process”: After you have entered your email address and have given your consent to receive our newsletter, we will send a confirmation link to you at the address that was entered. Your email address will not be entered into our mailing list for distribution of our newsletter until you click on this confirmation link. The legal basis for this data processing is Article 6 (1)(a) of the GDPR.

Notice of right of revocation

You can revoke your consent at any time, effective in the future, by sending a notice to [email protected].

 

2.3.2 Advertising by mail

We have a fundamental interest in using the personal data that you have provided also for advertising by mail. The data will not be passed on to third parties. The legal basis for using personal data for marketing purposes is Article 6 (1)(f) of the GDPR.

Notice of right of revocation

You can revoke your consent at any time, effective in the future, by sending a notice to [email protected]. We would like to point out that in exceptional cases, advertising might temporarily be sent even after receipt of the objection, because some lead time is necessary here for technical reasons. That does not mean that your revocation was not implemented.

 

2.4 Cookies for optimization of the website

Cookies are small text files that are automatically created by your browser and that are stored on your end device (laptop, tablet, smart phone, etc.) when you visit our site. Cookies do not harm your end device, do not contain viruses, Trojan horses, or other malware. Data that arises in connection with the specific end device that is used is put in the cookie. This does not mean, however, that we get direct knowledge of your identity as a result. Most of the cookies that we use are deleted after the end of the browser session (“session cookies”). These cookies make it possible for us to offer you a shopping cart display covering the entire site, in which you can see how many items are currently in your shopping cart and how high your current billable amount is.
We use cookies on the basis of Art. 6(1)(f) of the GDPR (legitimate interest in optimizing our offerings). Certain cookies are used exclusively on the basis of your consent (Article 6(1)(a) of the GDPR).

Of course, you can set up your browser so that it does not put cookies in your end device.  The Help function in the menu bar of most web browsers will explain to you how you can keep your browser from accepting new cookies, how you can arrange for your browser to be notified when you receive a new cookie, and how you can delete all previously received cookies and block all further ones. If you deactivate the placement of cookies in the internet browser that you use, under certain circumstances some functions of our website may not be usable to their full extent.

In order to deactivate cookies in your browser, proceed as follows:

In Internet Explorer:
1. Select the “Internet options” item in the “Tools” menu.
2. Click on the “Privacy” tab.
3. Now you can configure security settings for the internet zone. Here, you [click on the “Advanced” button and then] specify which cookies should be accepted or rejected, if any.
4. Click “OK” to confirm your settings.

In Firefox:
1. Select the “Options” item in the settings menu.
2. Click on “Privacy & Security.”
3. In the drop-down menu, select the entry, “Apply according to user-defined settings.”
4. Now you can specify whether cookies should be accepted, how long you want to keep these cookies, and can add exceptions regarding the websites to which you would always or never like to give permission to use cookies.
5. Click “OK” to confirm your settings.

In Google Chrome:
1. Click on the Chrome menu in the browser’s symbol tab.
2. Now select “Settings.”
3. Click on “Advanced” to display additional settings.
4. Under “Data Protection,” click on “Content settings.”
5. Under “Cookies,” you can specify the following settings for cookies:
• Delete cookies
• Block cookies in the standard manner
• Delete cookies and website data in the standard manner after quitting the browser
• Allow exceptions for cookies from particular websites or domains

 

2.5 Social Media Plugin

On nuzz.de we integrated a plugin of the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA („Instagram“), identifiable by the “Instagram - Button” on our website.

If you click on the "Instagram - Button" when logged into your Instagram account, you can link our pages with your Instagram profile. Thereby Instagram is able to relate your visit on our website to your Instagram account. We do not have knowledge about the content of the data transmitted and how it is used by Instagram. For further information please see the privacy statement of Instagram: https://instagram.com/about/legal/privacy

 

 

2.6 Customer account / user account

In order to make it as easy as possible for you, we offer you permanent storage of your personal data in a password-protected customer account or user account.

Creation of a customer account is voluntary. If you create a customer account, your data collected here are processed on the basis of Article 6(1)(b) of the GDPR. After a customer account is established, no additional data needs to be entered. Moreover, you can view the information about you that is saved in your customer account and can change it at any time.

In order to establish a customer account, you have to enter a self-selected password in addition to the information that is queried during placement of an order. Together with your email address, this password serves the purpose of accessing your customer account. Please handle your personal access information in a confidential manner and, in particular, do not make it accessible to any unauthorized third party. At the end of a session, please actively log off.

You have the option to delete your customer account at any time. However, please note that, if you have placed an order with us, this action will not cause the data visible in the customer account to be deleted at the same time. Your data will be deleted after expiration of the obligation to preserve records that applies to us under commercial and tax law. The legal bases for this additional data processing are subparagraphs (c) and (f) of Article 6(1) of the GDPR.

 

2.7 Other data actively provided by you

Entry of optional data

If it is possible to enter optional personal data on our website (for example, a second telephone number), we ask you to please review on your own which data you would like to disclose to us. We need the fields that are designated as mandatory in order to process the current inquiry or process your order. Data above and beyond that are voluntary and are used for optimizing our service offerings and possibly also for statistical purposes.

Product evaluations / comments

In various places on nuzz.de, you have an opportunity to publish your own content (product evaluations and comments, for example). For such places, we process the personal information that you have voluntarily entered for this purpose.

Establishing contact

When you contact us (via email /contact form, telephone, or regular mail), we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your inquiry.

The legal bases for the above-mentioned instance(s) of data processing are subparagraphs (a)(b)(c) and (f) of Article 6(1) of the GDPR.

 

2.8 Automated decision-making

We abstain from automated decision-making and profiling.

 

3. Your Rights

As a data subject, you are entitled to assert your rights in respect to us at any time. If the statutory prerequisites are met, these include the following rights: 

  • Right to obtain information about your personal data that has been stored by us (Article 15 of the GDPR): In particular, you can demand information about the purposes of the processing, the categories of personal data, the categories of recipients to whom you data has been or will be disclosed, the planned duration of storage, the origin of your data to the extent that it was not directly collected from you;
  • Right to have inaccurate data corrected and to have accurate data amended so that it is complete (Article 16 of the GDPR);
  • Right to order deletion of your data that is stored by us (Article 17 of the GDPR), unless statutory or contractual retention periods or other legal obligations or rights to further storage must be complied with;
  • Right to limit processing of your data (Article 18 of the GDPR), if the accuracy of the data is disputed by you; if the processing is unlawful, but you are declining deletion of it; if the controller no longer needs the data, but you do need it for the purpose of asserting, exercising or defending legal claims; or if you have filed an objection to the processing pursuant to Article 21 of the GDPR;
  • Right to data portability, pursuant to Article 20 of the GDPR, in other words, the right to obtain selected data about yourself that is stored by us, in a structured, commonly used and machine-readable format, and to request transmission to another controller;

  • Right to lodge a complaint with a supervisory authority, pursuant to Article 77 of the GDPR. As a rule, for this purpose you can turn to the supervisory authority of your usual residence or workplace, or of our company headquarters.

  • Right to object/revoke consent pursuant to Article 21 of the EU GDPR
    • Right to object

      Under the conditions of Article 21(1) of the GDPR, an objection can be made to the data processing on grounds relating to the particular situation of the data subject.
The above general right to object applies to all processing purposes that are described in this data protection information document and that are processed on the basis of Article 6(1)(f) of the GDPR. As distinguished from the special right to object that is directed at data processing for advertising purposes, under the GDPR, we are only obligated to implement this kind of general objection if you cite grounds for this of major importance (such as possible danger to life or health).

 

  • Right to revoke

      To the extent that we process data on the basis of consent that you have given, you have the right to revoke the consent you have given at any time. Revocation of consent does not invalidate the data processing that took place on the basis of the consent up until the time of revocation.

 

You can assert the above-mentioned rights in a written communication to us sent by regular mail or by email to [email protected].

In order to process your written application, we are obligated to check your identity carefully. We request your understanding of the fact that we reserve the right to request additional information or proof of identity. This also serves the purpose of protecting your data from unauthorized access by third parties. 

We would like to point out to you that we reserve the right not to process inquiries that arrive unreasonably often or without appropriate proof of identity. We will inform you about that in writing.

 

4. Data security

All data personally conveyed by you, including your payment data, will be transmitted to you via the usual, secure Standard SSL (Secure Sockets Layer). You can recognize a secure SSL connection by the “s” added to the “http” (in other words by “https://...”) in the address bar of the browser or by the lock symbol.

Please accept cookies to help us improve this website Is this OK? Yes No More on cookies »