Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally or contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This applies only insofar as no other information is provided for the following processing operations.

"Personal data" means any information relating to an identified or identifiable natural person.

Server log files

You can visit our websites without providing any personal information. Every time you access our website, usage data is transmitted by your internet browser to us or our web host / IT service provider and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. Processing is carried out on the basis of Art. 6 (1) (f) GDPR based on our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our services.

Your data will be transferred to Canada, among other locations. An adequacy decision by the EU Commission is in place for data transfers to Canada.

Contact

Responsible Party

Feel free to contact us. The party responsible for data processing is: Simon Kocadag Maksim Paskevic GbR, WendelHiplerstraße 14, 74613 Öhringen Germany, 015736152059, infonordhalla.gmail.com

Initial customer contact via email

If you contact us proactively for business purposes via email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to handle and respond to your contact inquiry. If the contact is made for the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of a quote) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.

If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR.

We will only use your email address to process your inquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form

When you use the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of data processing is to establish contact. If the contact is intended for the implementation of pre-contractual measures (e.g., consultation regarding purchase interest, preparation of a quote) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.

If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR.

We will only use your email address to process your inquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing for applications via email

Interested site visitors can apply by email for vacancies advertised on our website. In this context, we only collect your personal data to the extent provided by you. This includes your contact details (e.g., name, email address, phone number), information regarding your professional qualifications and education, details of professional training, and performance-related records. The purpose of data processing is to establish contact and to make a decision regarding the establishment of an employment relationship with you. Providing this data is necessary to carry out the application process. The processing of your personal data is carried out on the basis of Art. 6 Para. 1 lit. b GDPR in conjunction with Section 26 Para. 1 BDSG for the implementation of pre-contractual measures (undergoing the application process as the initiation of an employment contract). (Optional addition for applicant pool) Insofar as you have given us consent to process personal data for inclusion in our applicant pool, e.g., by ticking a checkbox, processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, such as information on the degree of severe disability, this is done on the basis of Art. 9 Para. 2 lit. b. GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard. We store your personal data for as long as is necessary for the decision on your application. Your data will then be deleted after six months at the latest, provided you have not consented to further processing and use. If an employment relationship is established following the application process, the data provided will be further processed for the purposes of carrying out the employment relationship on the basis of Art. 6 Para. 1 lit. b GDPR in conjunction with Section 26 Para. 1 BDSG and subsequently transferred to the personnel file.

Collection and processing when sending images via email

You have the option to send us images via email in connection with the order of a personalized product. By submitting your images, we may collect your personal data (depiction of identifiable persons) only to the extent provided by you. The data processing serves the purpose of creating personalized products. The submitted image serves as a template for the product and is used for this purpose (e.g., T-shirt printing). Processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you. Your data will not be passed on to third parties. We use the image you provide only within the scope of service provision. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Orders

Collection, processing, and disclosure of personal data for orders

When you place an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order as well as for handling your inquiries. Providing this data is required for the conclusion of the contract. Failure to provide it will mean that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (b) GDPR and is necessary for the performance of a contract with you.

Your data will be shared, for example, with your chosen shipping companies and dropshipping providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to the absolute minimum.

Your data will be transferred to Canada, among other locations. An adequacy decision by the EU Commission is in place for data transfers to Canada.

Reviews Advertising

Data collection when writing a comment or a review

When commenting on or reviewing an article or post, we collect your personal data (name, email address, comment text) only to the extent provided by you. The processing serves the purpose of enabling comments/reviews and displaying them. For the purpose of verifying your review, we also collect the following data: order number, customer number. By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent until the withdrawal. Your personal data will then be deleted.

When your comment is published, only the email address you provided will be made public.

Shopauskunft Customer Review

We use the "shopauskunft.de" review tool from Händlerbund Management AG (Torgauer Straße 233 B, 04347 Leipzig; "Shopauskunft") for our website.

After your order, we would like to ask you to rate and comment on your purchase with us. For this purpose, we will contact you by email using the "Rechtssichere Bewertungsanfrage (RBA)" (Legally Secure Review Request) technical system. In doing so, we process your order data (order number/invoice number, purchase value, and shipping costs) as well as your email address. If necessary, we also use this data for the purpose of verifying your review. Processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR with your consent, provided you have expressly agreed to the transfer of your data and the receipt of the review request. You can revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. Further information on data protection when using Shopauskunft can be found at: https://www.shopauskunft.de/privacy-policy.

Google Customer Reviews website logo

The Google Customer Reviews website logo from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") is integrated into our website. The purpose of this integration is to display the number and results of the reviews we have received via Google to date and to promote participation in this program. Google uses cookies to display the logo on our website and to show you personalized advertisements on Google. This may involve processing your IP address and transmitting it to Google. Your data may be transferred to the USA. There is no adequacy decision by the EU Commission for the USA. Data transmission is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://privacy.google.com/businesses/controllerterms/.

The processing of your personal data is based on Art. 6 Para. 1 lit. f GDPR, arising from our overriding legitimate interest in the optimal marketing of our offers by displaying customer reviews already received. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. You can disable personalized advertising in your Google Ad Settings. Instructions on how to do this can be found at https://support.google.com/ads/answer/2662922?hl=de.

Alternatively, you can prevent the use of third-party cookies by visiting the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ and following the additional opt-out information provided there.

For more information on the terms of service and data privacy when using Google Customer Reviews, please visit https://www.google.com/shopping/customerreviews/static/tos/de/1_01_tos.html as well as under https://policies.google.com/privacy?hl=en

Use of your personal data for sending postal advertising

We use your personal data (name, address), which we received in the course of selling a product or service, to send you advertising by mail, provided you have not objected to this use. The provision of this data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in direct marketing. You can object to this use of your address data at any time by notifying us. The contact details for exercising your right to object can be found in the legal notice.

Use of email address for sending newsletters

Regardless of contract processing, we use your email address exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until withdrawal. To do so, you can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Use of email address for sending direct advertising We use your email address, which we received in connection with the sale of a product or service, for the electronic transmission of advertising for our own products or services that are similar to those you have already purchased from us, provided you have not objected to this use. The provision of the email address is required for the conclusion of the contract. Failure to provide it will result in no contract being concluded. Processing is carried out on the basis of Art. 6 (1) (f) GDPR based on our overriding legitimate interest in direct marketing. You can object to this use of your email address at any time by notifying us. The contact details for exercising your right to object can be found in the legal notice. You can also use the link provided for this purpose in the promotional email. No costs other than the transmission costs according to the basic rates will be incurred for this.

Inventory Management

Use of an external inventory management system

We use an inventory management system for contract processing as part of order processing. For this purpose, your personal data collected during the ordering process will be transmitted to Billbee GmbH, Arolser Str. 10, 34477 Twistetal.

Payment service provider

Using PayPal

We use the PayPal payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.

All PayPal transactions are subject to the PayPal Privacy Statement. You can find it at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Using PayPal Express

We use the PayPal Express payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used for this purpose. These cookies enable the recognition of your browser.

The processing of your personal data is based on Art. 6 Para. 1 lit. f GDPR, arising from our overriding legitimate interest in providing a customer-oriented range of various payment methods. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Further information on data processing when using the PayPal Express payment service can be found in the corresponding privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_US#Updated_PS.

Using PayPal Checkout

We use the PayPal Checkout payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR.

Credit card via PayPal, Direct Debit via PayPal & “Pay Later” via PayPal

For individual payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received regarding the statistical probability of a payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical methods, which incorporate address data among other factors. Your legitimate interests will be considered in accordance with legal provisions. The data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in protection against payment default when PayPal makes advance payments.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying PayPal. The provision of data is necessary for the conclusion of the contract with your desired payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.

Third-party provider

When paying via a third-party provider's payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. To execute this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Local third-party providers may include, for example:

- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main

Invoice purchase via PayPal

When paying via the "Purchase on Account" method, the data required for payment processing is first transmitted to PayPal. To facilitate this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Ratepay may perform a credit check based on mathematical-statistical methods (probability or score values) using credit agencies according to the process already described above. The data processing serves the purpose of credit assessment for contract initiation. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in protection against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies Ratepay uses can be found at https://www.ratepay.com/legalpayment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

For more information on data processing when using PayPal, please refer to the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Using the payment service provider Stripe

We use the Stripe payment service provided by Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the chosen payment method. This processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Stripe reserves the right to obtain a credit report based on mathematical-statistical methods using credit agencies if necessary. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received regarding the statistical probability of a payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may include probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical methods, which include address data in their calculation. Your legitimate interests will be considered in accordance with legal requirements. The data processing serves the purpose of credit checking for contract initiation. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR based on our overriding legitimate interest in protection against payment default when Stripe provides advance performance.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying Stripe.

Providing this data is required to conclude the contract using your preferred payment method. Failure to provide it will mean that the contract cannot be completed with the selected payment method. All Stripe transactions are subject to the Stripe Privacy Policy. You can find it at https://stripe.com/en/privacy

Using the payment service provider Mollie

We use the payment service provider Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") for payment processing on our website. The purpose of data processing is to offer you various payment methods through payment processing via the payment service provider Mollie. If you have chosen one of the payment options from the payment service provider Mollie, the data required for payment processing will be transmitted to Mollie. This includes your payment details (for example, bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address details, and information about the product or service you have purchased from us. This data processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR. Further information on data processing when using the payment service provider Mollie can be found in their corresponding privacy policy. https://www.mollie.com/en/privacy

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide on their acceptance individually, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

You can find information on how to manage (including disable) cookies for the most popular browsers via the links below:

Chrome: https://support.google.com/accounts/answer/61416?hl=en

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Safari: https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Strictly necessary cookies

Unless otherwise stated in the following privacy policy, we only use these technically necessary cookies for the purpose of making our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after switching pages.

The use of cookies or similar technologies is based on Section 25 (2) TTDSG. The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR, stemming from our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our services. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

Ad Tracking

Using the Facebook Pixel

We use the "Custom Audiences" remarketing feature from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland "Facebook") on our website. Meta Platforms Ireland and we are joint controllers for the collection of your data and the transmission of this data to Facebook when the service is integrated. This is based on an agreement between us and Meta Platforms Ireland regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be found at https://www.facebook.com/legal/controller_addendum accessible. Thereafter, we are specifically responsible for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR regarding the correct technical implementation and configuration of the service, and for compliance with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights pursuant to Art. 15 - 20 GDPR, complying with the security requirements of Art. 32 GDPR regarding the security of the service, and fulfilling the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects the obligations of Meta Platforms Ireland under the joint processing agreement. The application serves the purpose of targeting website visitors with interest-based advertising on the Facebook social network. For this purpose, the Facebook remarketing tag has been implemented on the website. Through this tag, a direct connection to the Facebook servers is established when visiting the website. This transmits information to the Facebook server about which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalized, interest-based Facebook Ads. Your data may be transferred to the USA. There is no adequacy decision by the EU Commission for the USA. Data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://www.facebook.com/legal/EU_data_transfer_addendum.

The processing of your personal data is based on Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in targeting site visitors with interest-based advertising. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. You can deactivate the "Custom Audiences" remarketing function here. Further information on the collection and use of data by Facebook, your rights in this regard, and options for protecting your privacy can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/.

Use of Google Ads Conversion Tracking

We use the online advertising program "Google Ads" on our website and, as part of this, conversion tracking (evaluation of visitor actions). Google Conversion Tracking is an analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

When you click on an advertisement served by Google, a conversion tracking cookie is placed on your computer. These cookies have limited validity, do not contain any personal data, and therefore are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Consequently, there is no possibility that cookies can be tracked across the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics. This allows us to see the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag. However, we do not receive any information that allows users to be personally identified. Your data may be transmitted to Google LLC servers in the USA. There is no adequacy decision by the EU Commission for the USA. Data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adscontrollerterms/.

The processing of your personal data is based on Art. 6 (1) (f) GDPR due to our overriding legitimate interest in addressing site visitors with targeted, interest-based advertising. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

You can disable personalized advertising in your Google Ad Settings. Instructions on how to do this can be found at https://support.google.com/ads/answer/2662922?hl=en

Alternatively, you can prevent the use of cookies by third-party providers by visiting the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ and implement the additional opt-out information provided there. You will then not be included in the conversion tracking statistics. Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/

Using Google AdSense

We use the AdSense function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The purpose of data processing is to rent out advertising space on the website and to target website visitors with interest-based advertising. This function displays personalized, interest-based advertisements from the Google Display Network to visitors of the provider's website. In doing so, Google uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. There is no adequacy decision by the EU Commission for the USA. Data transmission takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adscontrollerterms/. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

The processing of your personal data is based on Art. 6 (1) (f) GDPR due to our overriding legitimate interest in addressing site visitors with targeted, interest-based advertising. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.

You can permanently disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=en. Alternatively, you can prevent the use of cookies by third-party providers by visiting the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ visit the site and implement the additional opt-out information provided there. For more details and Google's privacy policy, please visit: https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/

Using the Pinterest Tag

We use the Pinterest Tag from Pinterest Europe Limited (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland "Pinterest") on our website. This application is used for the purpose of targeting website visitors with interest-based advertising on the Pinterest social network. To this end, the Pinterest conversion tag has been implemented on the website. This tag establishes a direct connection to the Pinterest servers when you visit the website. This transmits information to the Pinterest server about which of our pages you have visited. Pinterest assigns this information to your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalized, interest-based Pinterest ads. If you reach our website via a Pin on the Pinterest social network, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data, and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the Pin and were redirected to that page. The information obtained with the help of the conversion cookie is used to create conversion statistics and thus to optimize our website. The following information, among others, may be processed: total number of users who clicked on one of our Pins and were redirected to our website, subpages visited on our website (e.g., category or product pages), search queries on our website, your shopping cart contents, and completed transactions. Your data may be transmitted to the USA. There is no adequacy decision by the EU Commission for the USA. Data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-dataprotection/standard-contractual-clauses-scc_en.

The processing of your personal data is based on Art. 6 Para. 1 lit. f GDPR out of our overriding legitimate interest in targeting site visitors with interest-based advertising. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. You can deactivate personalized advertising in the personalization settings on Pinterest or via the AdChoices website optout.aboutads.info. You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. Further information on the collection and use of data by Pinterest, your rights in this regard, and options for protecting your privacy can be found in Pinterest's privacy policy at https://policy.pinterest.com/en/privacy-policy

Plugins and Miscellaneous

Using the authorized.by badge

We use the “authorized.by badge” from Stayble Market GmbH (Theresienstraße 66, 80333 Munich; “Stayble Market”) on our website.

Data processing is used for the purpose of displaying and confirming our status as an authorized partner of the manufacturers we represent.

To display the badge, it is necessary to transmit data (e.g., IP address, device type, operating system, browser type) to Stayble Market when the website is accessed.

This data processing is carried out on the basis of Art. 6 (1) (f) GDPR based on our overriding legitimate interest in the optimal marketing of our range and in proving that we are an authorized partner of the manufacturers we distribute. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR. Further information on data protection at Stayble Market can be found at: https://www.authorized.by/en/privacy-policy/

Data Subject Rights and Retention Period

Storage duration After complete contract processing, the data is initially stored for the duration of the warranty period, then stored in accordance with statutory retention periods, particularly under tax and commercial law, and then deleted after the period has expired, provided you have not consented to further processing and use.

Rights of the data subject

Provided that the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: the right to access, rectification, erasure, restriction of processing, and data portability. Furthermore, under Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR, as well as to processing for the purpose of direct marketing.

Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful.

You can file a complaint with, among others, our responsible supervisory authority, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg Königstrasse 10 a

70173 Stuttgart

Tel.: +49 711 6155410

Fax: +49 711 61554115

Email: poststelle@lfdi.bwl.de

Right of withdrawal

If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation. Once an objection has been made, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you may object to this processing at any time by notifying us. Once an objection has been made, we will stop processing the data concerned for the purpose of direct marketing.

last update: 29.11.2022

 

Privacy Policy

Use of our AI chatbot (nordBot)

1. What is nordBot and why do we identify it as an AI system?

On our website nordhalla.de, we use an AI-based chatbot named nordBot . This bot is controlled by an artificial intelligence system — it is not a human and does not respond manually. nordBot is based on the language model OpenAI GPT-4o, which understands your entered messages and automatically generates responses.

In accordance with Article 50 of the EU Artificial Intelligence Act (AI Act), which applies from August 2, 2026 fully applies, providers of AI systems that interact with natural persons are required to clearly label this interaction as AI-supported. We are already implementing this requirement.

nordBot helps you with general questions about our products and services, checking your order status, handling returns and complaints, and connecting you to our human customer service team. nordBot does not make any legally binding decisions regarding your contract or your rights (no automated decision-making within the meaning of Art. 22 GDPR).

2. Controller

The controller within the meaning of the GDPR for data processing by nordBot is:

Maksim Paskevic Simon Kocadag GbR

represented by the partners: Maksim Paskevic, Simon Kocadag

Wendel-Hipler-Straße 14

74613 Öhringen

Germany

Phone: 015736152059

Email for privacy inquiries: infonordhalla@gmail.com

VAT ID No.: DE356721186

3. Which data is being processed?

3.1 Automatically collected data

When you open or use nordBot, the following data is automatically processed:

• Anonymized IP address: Your IP address is converted into an anonymized value using a cryptographic process (FNV-1a hash). This value is used to detect and limit abuse (rate limiting). The original IP address is not stored.

• Technical Identifier (User ID): When you first access the chatbot, a randomly generated technical identifier is stored in your browser (localStorage). This identifier is specific to your browser and device, contains no personal information, and is used exclusively for usage limiting and conversation assignment.

• Session ID: A temporary identifier is generated for each individual conversation, which technically distinguishes one conversation from the next.

• Date and time of the message.

• Language settings (German or English) that you selected in the chatbot.

3.2 Data entered by you

All text you enter into the chat window will be submitted for processing. Depending on the nature of your request, this may include:

• General Questions about our products, shipping, returns

• Order numbers, to check your order status

• Your name and email address, if you would like assistance from our support team

• Descriptions of complaints or defects

• Photos (JPEG, PNG, GIF, WebP, max. 5 MB) that you can upload for claims

Please do not enter any sensitive data into the chat, which are not necessary for the request — specifically no passwords, full payment details (credit card numbers, etc.), or ID data. nordBot does not require this information.

3.3 Order data from Shopify (only for order inquiries)

If you provide an order number, nordBot will retrieve the following data for that order via the Shopify interface:

• Order number, Order date, Total amount, Currency

• Payment and delivery status

• Ordered products (Description, Quantity, Price)

• Shipping tracking number and tracking URL

This data will be used exclusively to respond to your specific inquiry and will not be stored separately.

4. For what purposes is the data processed?

Your data will be used exclusively for the following purposes:

• Responding to your inquiry by the AI language model (GPT-4o)

• Checking your order status via the Shopify interface

• Support for returns, complaints, and cancellations

• Transfer to human customer service via email (if necessary)

• Abuse Prevention and Usage Limits (Rate limiting based on anonymized IP and user ID)

• Quality Assurance through internal logging of requests and responses

5. Legal basis for processing

You give your consent by clicking the button "Agree & start chat" in the chat window. You can withdraw this consent at any time with effect for the future (see Section 9).

6. Recipients and Third-Country Transfers

For technical processing, your data will be transmitted to the following external service providers. All service providers have been carefully selected and are contractually obligated to comply with data protection regulations.

6.1 OpenAI (USA) — AI Processing

OpenAI, LLC, 3180 18th St., San Francisco, CA 94110, USA

Your conversation inputs (message text, chat history) and any retrieved order data will be transmitted to the OpenAI API to be processed by the model GPT-4o to generate a response. Additionally, your inquiries are converted into vectors (embedding model: text-embedding-3-small) for semantic search within our knowledge base.

Important: OpenAI uses none data transmitted via the API for training its models. This is contractually regulated in OpenAI's Data Processing Agreement (DPA).

Data transfer to the USA is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46 para. 2 lit. c GDPR.

6.2 Google Workspace (EU) — Logging and Email

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

We use Google Workspace with activated European data regionThe storage and processing of your data takes place exclusively within the European Union. No transfer to third countries occurs.

• Google Sheets: Conversations (date, session ID, user ID, question, answer, anonymized IP) are logged for internal quality assurance and usage limitation purposes.

• Gmail (SMTP): When you request support from our team, an email containing your details (name, email address, description, and photo if applicable) will be forwarded to our customer service via our Gmail integration.

6.3 Supabase (EU — Frankfurt) — Knowledge Base

Supabase Inc. — Database server hosted in Frankfurt am Main, Germany (AWS Region eu-central-1)

To search our product knowledge base, your query is transmitted to our Supabase database as a numerical vector (no readable text) and compared with stored vectors. No identifying raw data is stored in Supabase. All data processing takes place within the European Union — no third-country transfer.

6.4 Shopify (Canada) — Order Data

Shopify Inc., 150 Elgin St., Ottawa, Ontario K2P 1L4, Canada

For order inquiries, order data is retrieved via the Shopify Admin API (read-only access, no payment data). Canada has a Adequacy decision of the EU Commission pursuant to Art. 45 GDPR.

6.5 Hostinger (Lithuania / EU) — Processing Server

Our n8n automation platform is hosted on servers in Hostinger International Ltd. hosted in Lithuania (EU). Processing takes place within the European Union — no third-country transfer.

7. Storage duration

Note: For server-side stored data (Google Sheets, Gmail), data will be deleted once the purpose for processing no longer applies or upon request (see Section 10).

8. Consent and Logging

Before nordBot processes your messages, a notification window will appear where you must actively click the button "Agree & start chat" have to click. Only then will communication with the chatbot be activated.

The time of your consent is logged in order to comply with our obligation to provide proof in accordance with Art. 7 Para. 1 GDPR.

9. Withdrawal of your consent

You can withdraw your consent to use nordBot at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to that point.

Cancellation options:

• Clear the browser data (localStorage) for nordhalla.de in your browser settings — nordBot will display the consent dialog again upon your next visit

• Send an email to infonordhalla@gmail.com with the subject line "Revocation of nordBot consent" — we will then also delete logs stored on the server that are assigned to your user ID

10. Your rights as a data subject

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You have the right to request information regarding the data we have stored about you.

• Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate data.

• Right to erasure (Art. 17 GDPR): You can request the deletion of your data (“Right to be forgotten”).

• Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you have the right to request the restriction of processing.

• Right to data portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format.

• Right of withdrawal (Art. 21 GDPR): You have the right to object to processing based on legitimate interests.

• Right of withdrawal (Art. 7 Para. 3 GDPR): You can withdraw your consent at any time (see Section 9).

To exercise your rights, please contact: infonordhalla@gmail.com

You also have the right to lodge a complaint with the competent data protection supervisory authority:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstraße 20, 70173 Stuttgart

www.baden-wuerttemberg.datenschutz.de

11. No automated decision-making

nordBot does not make any automated decisions that have legal or similarly significant effects on you (Art. 22 GDPR). The chatbot provides information and recommendations — final decisions regarding refunds, returns, or similar processes are always made by our human team.

12. Note on data entry

Please enter into the chat only the data necessary for your request. In particular, you should provide the following data not enter into the chat:

• Passwords or login credentials

• Full credit card numbers or other payment data

• ID details or Social Security numbers

• Medical or other particularly sensitive information

For payments and secure logins, please use only the designated secure areas of our website.

As of: March 28, 2026