Data protection

Privacy Policy

NASH Vertical Brands GmbH

As of: September 12, 2024

Contents

A) General
B) Name and contact details of the responsible person
C) Definitions
D) Data processing
E) Provision of the website and creation of log files
F) Use of cookies
G) Transfer of data
H) Sending advertising material
I) Newsletter by email
K) Registration and use of the customer account
L) Ordering process
M) Extinguishing concept
N) Delivery and payment service providers
O) Other recipients of data
P) Contact form and email contact
Q) Application via the career portal
R) Further processing operations
S) Marketing cooperations
T) Rights of the data subject
U) Data security
V) Currentness and changes to this privacy policy

A) General

The protection and security of your personal data is important to us. Our website therefore processes data exclusively in accordance with the EU General Data Protection Regulation (GDPR).

B) Name and contact details of the person responsible:

Regardless of how and for what reason you contact us, NASH Vertical Brands GmbH, we, the

NASH Vertical Brands GmbH

Schwarzottstraße 2a

2620 Neunkirchen
Austria

the person responsible.

As the controller, we are responsible for implementing information security and compliance with the principles of data processing in accordance with Art. 5 GDPR.

You can reach us as follows:

Email: info@nash.eu

C) Definitions

Our privacy policy is based on the terms used by the EU in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the most important terms in advance:

personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymization

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Person responsible

The controller is the company that decides on the purposes and means of processing personal data.

Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.

Third

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller or processor.

consent

Consent is any expression of will by the data subject, freely given and revocable at any time, in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she agrees to the processing of his or her personal data.

D) Data processing

Legal basis for the processing of personal data

The presentation of information about our products, promotions and competitions is based on the legitimate interest in providing you with interesting information about our business activities and follows Art. 6 (1) (f) GDPR as the legal basis.

Registration in the web shop and registration for the newsletter requires your voluntary and at any time revocable consent in accordance with Art. 6 (1) (a) GDPR, which we will obtain from you by referring again to this data protection declaration.

If you order one of our products, the necessary processing of your data is based on the fulfillment of the contractual obligation we have entered into with you, and is based on Art. 6 (1) (b) GDPR as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures, e.g., managing your shopping cart or transmitting data and content via the contact form.

E) Provision of the website and creation of log files

E-commerce platform Shopify

To operate our online store, we use Shopify, a service provided by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. This service provides an e-commerce platform through which we offer our products for sale. The data transmitted as part of your order is also stored on a server in the USA. For more information on data protection, please refer to Shopify's privacy policy at https://www.shopify.de/legal/datenschutz.

In the USA, there is a risk that access by US authorities is not legally limited to what is strictly necessary, that there are no court-approved authorizations for such access, and that those affected do not have effective legal remedies.

Data processing is based on your consent and follows Art. 49 (1) (a) GDPR. By agreeing to the use of cookies from this provider, you also consent to the processing of your data in the USA (Art. 49 (1) (a) GDPR).

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer or from the browser of the device used (in log files). This data is stored until automatically deleted. The following data is collected:

Information about the browser type and version used

Screen resolution

every page view

User's operating system

Information about the device category (mobile phone, desktop PC, tablet) and device information

IP address assigned by the user's Internet provider

Date and time of access

Websites from which the user's system accesses our website

This data will not be merged with other data sources. Furthermore, the data will be deleted after a statistical evaluation that can no longer be traced back to the website visitor, but no later than one year later.

Purpose of data processing

Storing data in log files is part of the normal operation of every website on the Internet and is done to ensure its functionality. The data also helps us optimize the website and ensure the security and stability of our information technology systems. Furthermore, the log files are used to restore lost entries in your shopping cart (e.g., in the event of a session loss).

F) Use of cookies

Description and scope of data processing

Our website uses cookies, small text files that are stored by the internet browser on your device when you visit a website. Cookies contain a characteristic string of characters that allows the browser to be uniquely identified when you visit the website again. The cookie is used to assign data stored on the web server to the accessing device, e.g., the device name.

Language settings
Items in a shopping cart
Log-in information

We also use cookies on our website to enable analysis of user browsing behavior in order to further improve the content and underlying technology.

When you visit our website, you are informed about the use of cookies for analysis purposes via a so-called cookie banner, and your consent to the processing of your personal data is obtained along with a reference to the privacy policy. You can revoke your consent at any time with effect for the future. You also have the option of preventing cookies from being stored on your computer by selecting the appropriate settings in your browser or by configuring your social media settings so that no cookies are placed during your visit. Details can be found in the respective processing procedures.

Duration of storage and possibility of removal

Cookies are stored on the user's device and then transmitted from there to our website. Session cookies are stored for 1440 seconds (24 minutes) after the browser is closed; permanent cookies are stored permanently. As a user, you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website's functions; in particular, the user may no longer be able to place orders.

Marketing, statistics and functional cookies

Marketing, statistical and functional cookies are partly provided by US providers. The European Court of Justice has not certified that the USA has an adequate level of data protection (C-

311/18, Schrems II). In particular, it is criticized that access by US authorities is not legally limited to the strictly necessary extent, no judicial

Authorizations for such access are anchored in the EU law, and EU citizens have no effective legal remedies against them. By agreeing to the use of cookies from these providers, you also expressly consent to the processing of your data in the USA (Article 49 (1) (a) GDPR). Since visits to our website are usually only occasional, the duration of your consent has been limited to one month. After that, the web server will ask you again to specify your preferences regarding the use of cookies. Regardless of this, you can change your selection at any time via "Privacy Settings" at the bottom of the page.

You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been stored can be deleted at any time.

deleted. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully utilize all of the website's functions. In particular, it may be that the user will not be able to place orders.

G) Transfer of data

Your personal data will only be transferred outside of NASH Vertical Brands GmbH if:

You have given your express consent to this in accordance with Art. 6 (1) (a) GDPR;

the transfer according to Art. 6 Para. 1 lit. f GDPR for advertising or marketing purposes within the scope of our business as an address publisher and direct marketing company (Section 151 of the Austrian Trade Regulation Act) is in our legitimate interest and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data. You have the option of objecting to our interest at any time and thus preventing the use of your data for direct marketing in the future; in the event that there is a legal obligation to transfer according to Art. 6 Para. 1 lit. c GDPR; as part of your order, e.g. for delivery by a freight forwarder or postal service provider in order to fulfill a contract with you in accordance with Art. 6 Para. 1 lit. b GDPR.

H) Sending advertising material by email

We also use your email address, collected as part of a sale, to send you information about our own products that are similar to those you have already purchased.

When your data is collected and each time you send it, you have the option to object to the use of your email address for this individual advertising.

If you enter your email address in the so-called "Robinson List" (ECG List), you are automatically excluded from receiving promotions and product information addressed to you personally. Further information can be found at

https://www.robinsonliste.de

https://sdv-konsumenteninfo.ch/robinsonliste/

https://www.wko.at/branchen/information-consulting/werbung-marktkommunikation/robinsonliste.html

If you would like to receive information about other products, competitions, raffles, and surveys, please sign up for our newsletter. You can find a link to sign up online in our webshop.

I) Newsletter by email

Description and scope of data processing

With your consent, you can subscribe to our newsletter, which will inform you about our current, interesting offers. The advertised goods and services are listed in the consent form.

We use the so-called double opt-in process to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this process is to verify your registration and, if necessary, to investigate any possible misuse of your personal data.

The only mandatory information required to receive the newsletter is your email address. Providing additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) (a) GDPR.

You can revoke your consent to receive the newsletter and unsubscribe from the newsletter at any time. You can do so by clicking on the link provided in each newsletter email, by email to info@nash.eu, or by sending a message to the contact details provided in the imprint.

To send our newsletter, we use the Klaviyo service provided by Klaviyo Inc., Boston, USA. The data you provide when subscribing to the newsletter (email address, name if applicable, IP address, date and time of your registration) will be transferred to a Klaviyo Inc. server in the USA and stored there. In the USA, there is a risk that access by US authorities is not legally limited to the strictly necessary extent, that there are no court orders for such access, and that those affected have no effective legal remedies.

For more information about Klaviyo's privacy practices, please visit: http://klaviyo.com/privacy/.

Please note that when we send the newsletter, we evaluate your user behavior. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluation, we link the data mentioned in Section 3 and the web beacons with your email address and a unique ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them, and use this to determine your personal interests.

Right of objection

You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact method, e.g., via info@nash.eu . The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed in full, and you may not be able to use all of its functions. If you display the images manually, the above-mentioned tracking will occur.

K) Registration and use of the customer account

Description and scope of data processing

On our website, we offer users the opportunity to register in our customer register (create a user account) by providing personal data, both when placing an order and without ordering products. The data is entered into an input mask, transmitted to us, and stored. Data will not be shared with third parties unless stated in this privacy policy. The following data is collected during the registration process: title, first name, last name, email address, street, house number, postal code, city, and country. Optional: date of birth and telephone number.

If you provide us with your date of birth (either in your user account or when choosing a payment method that cannot be processed without providing your date of birth), we will be able to congratulate you with a small gift.

At the time of registration, the user’s IP address and the date and time of registration are also collected.

As part of the registration process, the user’s consent to the processing of this data is obtained.

Legal basis for data processing

The legal basis for data processing is Art. 6 (1) (a) GDPR. If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for data processing is Art. 6 (1) (b) GDPR.

registration

Your consent when creating a user account is as follows: I consent to the storage of inventory data (name, address, email) and usage data (email address, password) in a customer database when creating a user account. This allows me to log in and place orders for future purchases using my email address and password without having to enter my data again. I can revoke this consent at any time with future effect by contacting NASH Vertical Brands GmbH by email at info@nash.eu and requesting the deletion of my user account. I can view my completed orders in my user account at any time for the duration of my user account.

Purpose of data processing

User registration is required to provide certain content and services on our website. User registration is required to fulfill a contract with the user or to carry out pre-contractual measures.

Possibility of revocation and removal

As a user, you have the option to cancel your registration at any time. You can have the data stored about you modified at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations do not prevent deletion.

L) Ordering process

Description and scope of data processing

As part of the ordering process, the processing of personal data is necessary to order the products you have placed in your shopping cart. If you are already registered, the data from your customer account will be processed. The same applies if you register during the ordering process. You can also order as a guest on our website. For this purpose, your title, first and last name, address, date of birth, and email address will be collected. In addition, the IP address of the accessing device, country, date and time of registration, and the source of the registration will be collected.

Orders can also be placed via our order hotline. When you call, we collect your title, first and last name, address, email address, and, if applicable, your date of birth and telephone number.

To place an order, you must provide your payment details.

In this context, the data will be passed on to our fulfillment service providers to fulfill our contractual obligations arising from the order and to payment service providers.

With your first order, you will also receive a “welcome letter” informing you about the possibilities available to you as a customer of the controller.

Legal basis for data processing, purpose of data processing

Since the ordering process aims to conclude a contract, the legal basis for processing is Art. 6 (1) (b) GDPR. The processing of personal data is necessary to process the user's order.

Occasional emails containing information about your account or the controller's products are sent on the basis of our legitimate interest in providing our customers with satisfactory information.

Duration of storage

The user's personal data will be used for the duration of the order processing and stored for the statutory retention periods or to fulfill statutory warranty claims. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

M) Extinguishing concept

We have a deletion policy that ensures that we only retain data for as long as it is necessary for the agreed purpose or as required by law.

Categories of those affected

Interested parties
Customers
Customers of our sales partners

Data deletion

Data from prospective customers: will be stored for four years. If no order is placed within this timeframe, the data will be automatically deleted. Interested customers have the option to object to this processing and request immediate deletion of their data.
Customer data: Purely online data (e.g. webshop username, social media identification, if available) or contact details: are stored for four years and are deleted if no further orders are placed within this period.
Contract data: will be stored for 10 years in accordance with statutory retention periods in order to be able to provide evidence to authorities (e.g. tax office).
Complaints: Unfortunately, even the best products occasionally experience defects. We strive to respond to complaints quickly and easily, but sometimes we must not register the caller as a customer until the item was purchased from a retail partner, but NASH is processing the complaint. In the event of a complaint, the rules stated in point 2 above apply accordingly.

N) Delivery and payment service providers

We forward your order data to our shipping and payment partners. Other service providers are sometimes involved in the processing itself.

Delivery and postal services, as well as payment service providers, act on our behalf, but for legal or procedural reasons, they themselves bear responsibility for the security and processing of your data. We also regularly review the privacy policies of these service providers to ensure that your data is adequately protected.

Below we describe our cooperation with our payment service providers:

Instant bank transfer

When paying using the "Sofortüberweisung" payment method, Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, handles the online payment. The technical processing is handled on behalf of Klarna Bank AG by the payment service provider SOFORT GmbH, a company of the Klarna Group, located at Theresienhöhe 12, 80339 Munich, Germany. When making the payment, you enter the authorisation holder, PIN/TAN, or other identification methods directly via Sofortüberweisung. We do not process or store this data under any circumstances!

The integration of Sofortüberweisung on our website is based on a contract or pre-contractual measures within the scope of your order. The legal basis for data processing is therefore Art. 6 (1) (b) GDPR.

Further details on Sofortüberweisung can be found at: https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/.

Further information on data protection for Sofortüberweisung can be found at: https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/1.0.0-Hc8j_NWsboZv3cW7lOUpKyih868AmCuV/SOFORT/

Paypal

When paying using the "PayPal" payment method, PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, handles the online payment. The forwarding of your data (name, address, email) to PayPal is part of the contract or pre-contractual measures within the scope of your order. The legal basis for data processing is therefore Art. 6 (1) (b) GDPR.

Information is obtained from various credit agencies to confirm your creditworthiness and identity. PayPal can provide you with the complete list of these recipients at any time. You can find PayPal's privacy policy at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

VISA/Mastercard

Based on your contract with VISA or Mastercard providers, you can make the payment directly with your credit card company. In this case, we do not store any data beyond the order and receive a credit transfer from the credit card company upon successful transaction.

Further details on data protection can be found at:

https://www.mastercard.de/de-de/datenschutz.html

https://www.visa.de/legal/global-privacy-notice.html

O) Other recipients of data (service providers)

In addition to our own employees, we use service providers for various purposes to perform parts of this data processing on our behalf. In these cases, a data processing agreement has been concluded with the service providers in accordance with Art. 28 GDPR, which precisely defines the obligations and individual processing steps, as well as all data categories processed. We regularly review the adequacy of the safeguards and the qualifications of the service providers.

We include the following categories of recipients in the processing:

Call center for receiving calls
IT service provider for the provision of a trouble-free and high-performance service
External recipients (“third parties”)

P) Contact form and email contact

Description and scope of data processing

When you use the online contact forms, we collect personal data (such as your name and email address) only to the extent you provide it. We use your email address only to process and respond to your inquiry. Your data will then be deleted unless you have consented to further processing and use.

Legal basis for data processing

The legal basis for the processing of data transmitted via the contact form or by sending an email is Art. 6 (1) (a) GDPR.

Duration of storage, possibility of objection and removal

The data submitted via the contact form will be deleted immediately after your questions have been answered, unless you expressly request further processing.

Q) Application (Career)

Purpose of data processing

We will use the data you provide us with as part of your application exclusively to conduct the application process. Your personal application data will be collected and processed exclusively for the purpose of filling positions within NASH Vertical Brands GmbH. Your personal data will generally only be forwarded to the internal departments responsible for the specific application process and to the individuals responsible for selection in the relevant departments. Your application data will not be used or shared with third parties for any other purpose.

Data collection

During the application process, in addition to your title, first and last name, the usual correspondence data such as postal address, email address and telephone numbers, application documents (cover letter, CV, training certificates, training and further education qualifications, employment references) will be processed. Only the employees of our Human Resources department have access to your data.

Legal basis

Data processing is carried out on the legal basis of Art. 6 (1) (b) GDPR (implementation of pre-contractual measures at the request of the data subject). Processing of special categories of personal data (e.g., health data) pursuant to Art. 9/10 GDPR only occurs if you have expressly consented for one or more specified purposes or if this is necessary for the exercise of rights or the fulfillment of obligations under labor law, social security law, or social protection law.

Storage period

Your personal application data will generally be deleted automatically six months after we receive your application. By this time, we must be able to provide evidence of proper equal treatment or equal status for the applicant. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly, voluntarily, and revocably consented to longer storage. Should your application lead to employment with us, your application data will subsequently continue to be stored and processed for the purpose of establishing, implementing, and terminating the employment relationship. In this case, you will be informed separately of this change of purpose.

Storage for future job postings

If we are unable to offer you a current vacancy, but believe that your application may be of interest for future job openings based on your profile, we will store your personal application data for twelve months, provided you expressly consent to such storage and use.

R) Further processing operations

As part of the further processing operations described below, your data will be disclosed to third parties, some of them outside the EU. As listed below, the disclosure will take place in countries with a lower, inadequate level of data protection, particularly in the USA. In particular, in the USA, there is a risk that access by US authorities is not legally limited to the strictly necessary extent, that no court authorization for such access is established, and that those affected have no effective legal remedies.

Google Analytics

Our website uses "Google Analytics," a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as browser type/version, operating system, referrer URL (previously visited page), IP address, and time of the server request, is typically transferred to a Google server in the USA and stored there.

This information is used to analyze internet and website usage, such as creating anonymized reports and graphs of page views and visits. The data is processed exclusively for market research, website optimization, and the provision of other services related to internet usage. This information may also be transferred to third parties if required by law, or if third parties process the data on our behalf. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymized so that they cannot be assigned to a specific user (IP masking).

For more information on data protection in connection with Google Analytics, please see the Google Analytics Help:

https://support.google.com/analytics/answer/6004245?hl=de.

Google Tag Manager

We use Google Tag Manager from Google on our website. This service allows website tags to be managed via an interface. Tags are small code elements on a website that are used, among other things, to measure traffic and visitor behavior, record the impact of online advertising and social channels, implement remarketing and audience targeting, and test and optimize the website. Google Tag Manager simply implements tags. Google Tag Manager follows a series of triggering rules that determine when these tags should be used on a website. When a user visits the website, the tags are triggered according to the configuration, and the corresponding cookies are loaded into their browser. This contains instructions as to which tags should be triggered. Using Google Tag Manager makes your use of our website faster and more efficient, as managing the correct tags speeds up our website. If Google Tag Manager has been deactivated at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented with Google Tag Manager.

The contractual partner uses suppliers in the USA.

Data processing can be revoked at any time with future effect.

Google Ads Conversion Tracking

We use Google's online advertising program "Google Ads" and, as part of this, the conversion tracking offered by Google. A conversion tracking cookie is stored on your computer when you click on an ad placed by us in the Google search or advertising network. These cookies expire after 30 days and are not used for personal identification. If you visit certain pages of our website while the cookie is valid, both we and Google can recognize that you clicked on an ad and were redirected to this page.

Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Ads customers' websites. The information collected using the conversion cookie is used to compile conversion statistics for us as an Ads customer. This tells us the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that could personally identify you as a user.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose – for example, by setting your browser to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com." Google's privacy policy on conversion tracking can be found here: https://policies.google.com/privacy?gl=de.

The contractual partner uses suppliers in the USA.

Data processing is based on your consent and complies with Article 49 (1) (a) GDPR. By agreeing to the use of cookies from this provider, you also consent to the processing of your data in the USA (Article 49 (1) (a) GDPR).

Google Remarketing (Adwords)

We also use Google's remarketing technology. This technology allows users who have already visited our website and shown interest to be retargeted with targeted advertising on the pages of the Google Partner Network. The advertising is displayed using cookies. These text files can be used to analyze user behavior when visiting the website and then use it to create advertising tailored to your interests.

When you conduct searches, visit other websites, or use other mobile apps, we use Google Remarketing to offer you targeted advertising based on your interests and needs. As a user, you benefit from personalized advertising on other websites. This is the only way we can continuously optimize our offerings to you.

Further information about Google Remarketing and Google’s privacy policy can be found at: https://www.google.com/privacy/ads/.

The contractual partner uses suppliers in the USA.

Data protection provisions regarding the application and use of Facebook

NASH Vertical Brands GmbH has integrated components of the company Facebook on its website.

Facebook is a social network that provides NASH Vertical Brands GmbH with so-called “Page Insights” in a joint processing according to GDPR Art. 26.

"Page Insights" are page statistics on "likes," post reach, and other topics that NASH Vertical Brands GmbH primarily uses on an anonymized basis. More information can be found at the following link: https://www.facebook.com/business/a/page/page-insights

Details on the joint processing between NASH Vertical Brands GmbH and Facebook can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.

This agreement states that Facebook is the primary controller. However, if you have any concerns about the security of our NASH Vertical Brands GmbH Facebook page, you can also contact us at any time using our privacy contact address, and we will forward your request to Facebook.

Since Facebook is a global social network, we have no influence on the technical and organizational aspects and can only influence the content relating to products and events of NASH Vertical Brands GmbH.

A social network is an internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences, or it can allow the internet community to provide personal or business-related information. Facebook allows users of the social network to create private profiles, upload photos, and network via friend requests, among other things.

The operating company of Facebook is Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) was integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific subpage of our website was visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject visits with each visit to our website by the data subject and for the entire duration of their stay on our website. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, e.g. the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website, provided that the data subject is logged in to Facebook at the time of accessing our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent this by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains which settings options Facebook offers to protect the privacy of the data subject. Furthermore, various applications are available that allow the suppression of data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Facebook Conversion Pixels

By using the Facebook Conversion Pixel service provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA), statistical data is collected that can be used to measure the success of a Facebook ad. In addition, anonymous data about your usage behavior is collected on the website in order to create usage-based online advertising for you. As a user, you benefit from personalized advertising on other websites. This is the only way we can continuously optimize our offering to you. You can find the privacy policy of Facebook Inc. here: https://www.facebook.com/about/privacy

If you are logged in to Facebook, you can object to the use of the conversion pixel using the following link: https://www.facebook.com/settings?tab=ads

Data processing can be revoked at any time with future effect.

AWIN for cookies to determine commission

We also use services from AWIN AG, HRB 75459, Eichhornstraße 3, 10785 Berlin and Landsberger Allee 104 BC 10249 Berlin, Germany (legal successor to Affilinet GmbH, Germany). To correctly record sales and/or leads, AWIN places a cookie on the customer's (visitor's) computer. This cookie is set by the domain parners.webmaster-plan.com or banners.webmasterplan.com. This cookie complies with the applicable data protection guidelines. The cookies used by AWIN are accepted in the standard settings of the Internet browser. If you do not wish to receive these cookies, please deactivate the acceptance of cookies from the corresponding domains in your Internet browser. AWIN tracking cookies do not store any personal data; they only store the ID of the referring partner and the serial number of the advertising material clicked on by the visitor (banner, text link, etc.), which are required for payment processing. The partner ID is used when a transaction is concluded to allocate the commission to be paid to the mediating partner.

Information about AWIN can be found at https://www.awin.com/de/rechtliches.

The contractual partner uses subcontractors in the USA.

AWIN partner program

We participate in the affiliate program of AWIN AG, HRB 75459, Eichhornstraße 3, 10785 Berlin, and Landsberger Allee 104 BC, 10249 Berlin, Germany. AWIN is the legal successor to "Digital Window" and "Zanox." By placing advertisements and links to AWIN, we receive advertising cost reimbursements according to the so-called affiliate system. AWIN uses cookies to trace the origin of the contract. Among other things, AWIN can recognize that you clicked the partner link on this website and subsequently concluded a contract with or through AWIN.

AWIN's complete privacy policy, as well as options for objection and other ways to assert your rights as a data subject, can be found at: https://www.awin.com/de/rechtliches.

The contractual partner uses subcontractors in the USA.

YouTube

Our website uses plug-ins from the YouTube website, which is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”).

On our website, we show videos from the NASH Vertical Brands GmbH YouTube channel. These are displayed in the YouTube video player. NASH Vertical Brands GmbH has no access to or control over these cookies or the data processed by YouTube. Additional cookies may be set by YouTube to enable the use of YouTube features on our website. For more information about these cookies, please visit the YouTube website at https://policies.google.com/privacy?hl=de.

DoubleClick(Campaign Manager) by Google

We use Google's DoubleClick (now Campaign Manager) to deliver ads that are relevant to users and prevent multiple ads from being shown to the same user. A cookie ID records which ads have already been shown in which browser. If a user visits the advertiser's website using the same browser after seeing a DoubleClick ad and purchases something there, this is recorded numerically. According to Google, DoubleClick cookies do not contain any personal information.

If you are registered and logged in to a Google service, Google can associate your visit with your account. Even if you are not registered with Google or logged in, there is a possibility that the provider will obtain and store your IP address.

You can prevent participation in this tracking process by suppressing third-party cookies in your browser, blocking cookies from www.googleadservices.com, using the browser plug-in http://www.google.com/settings/ads/plugin or by using restrictive cookie settings

For more information about DoubleClick, please visit http://support.google.com/adsense/answer/2839090

Google Optimize

We use functions of the web analytics service Google Optimize to analyze the use of various versions of our website in order to adapt the appearance to the needs and preferences of the visitor. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the European region, Google Ireland Ltd., Gordon House, Barrow Street 4, Dublin, Ireland, is the responsible contractual partner.

As a website operator, we fundamentally have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising. However, our contractual partner uses subcontractors in the USA. Therefore, data processing is based on your consent and complies with Art. 49 (1) (a) GDPR. By agreeing to the use of cookies from this provider, you also consent to the processing of your data in the USA (Art. 49 (1) (a) GDPR).

Tracify

Our webshop uses the services of Tracify, provided by

Tracify GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany.

Tracify is an analytics tool that helps us collect and analyze data about user behavior on our web shop.

Tracify collects certain data related to our Shopify webshop. This includes information about page views, clicks, purchases, shopping cart data, and user interactions. This data is used to provide us with insights into user behavior, optimize our webshop, and adapt our marketing strategies. Data processing is based on your consent. For more information on how user data is handled, please see Tracify's privacy policy: https://www.tracify.ai/pages/privacy-policy

Lucky Orange

Our web shop uses the services of "Lucky Orange," provided by Lucky Orange LLC, 8665 W 96th St Suite #100, Overland Park, KS 66212, USA. "Lucky Orange" is an analytics tool that helps us collect and analyze data about user behavior on our web shop.

"Lucky Orange" collects certain data related to our Shopify web shop. This includes information about page views, mouse movements, clicks, and screen recordings. This data is used to provide us with insights into user behavior, optimize our web shop, and adapt our marketing strategies. Data processing is based on your consent. By agreeing to the use of this provider's cookies, you also consent to the processing of your data in the USA (Article 49 (1) (a) GDPR).

"Cart Upsell" and "Free Gift Monster"

Our online store uses the "Cart Upsell" and "Free Gift Monster" apps from "MONSTER APPS LTD," 24-26 Arcadia Avenue, Lavender, London, N3 2JU, United Kingdom, to offer our customers upsell offers and free gifts. These apps may collect and process personal data to provide their features.

The data collected by "Cart Upsell" and "Free Gift Monster" may include shopping cart information, order history, product preferences, and contact information. This data is used to provide personalized offers and promotions tailored to the individual needs and interests of our customers. Data processing is based on your consent.

One Tree Planted, Inc

Our webshop uses the services of "OneTreePlanted," provided by One Tree Planted Inc., 145 Pine Haven Shores Rd #1000D, USA. "OneTreePlanted" is an organization dedicated to planting trees worldwide and allows our customers to purchase trees and make donations.

To facilitate your donation or purchase of trees, OneTreePlanted collects certain personal information, such as your name, email address, and payment information. This information is used to process your donation or purchase and to send you a confirmation.

Data processing is based on your consent. By agreeing to the use of cookies from this provider, you also consent to the processing of your data in the USA (Article 49 (1) (a) GDPR).

Ecology

Our webshop uses the services of "Ecologi," provided by Ecologi Action Ltd, Hikenield House, East Anton Court, Icknield Way, Andover, Hampshire, England, SP10 5RG. "Ecologi" is a platform that allows us to support tree planting and other sustainable projects through donations and carbon offsets.

To enable donations or carbon offsetting, "Ecologi" collects certain personal data such as your name, email address, and payment information. This data is used to process your donation or carbon offsetting and to send you a confirmation. Data processing is based on your consent.

S) Marketing cooperations

Description and scope of data transfer

Within the framework of marketing cooperations, your personal data will be forwarded to our business partner of the respective cooperation for special campaigns and specified purposes presented to you in advance and only with your express consent for this specific purpose, which can be revoked at any time.

Duration of storage

We will store the data collected for these advertising purposes for as long as the advertising purpose exists or until we receive notification of your revocation of your consent or your objection to the processing of your data for this purpose. The legality of the processing up to your revocation remains unaffected.

Legal basis

The legal basis for the transmission is your express consent in accordance with Art. 6 (1) (a) GDPR.

T) Rights of the data subject

Under the GDPR, you are entitled to the following statutory rights as a data subject, provided that the requirements are met:

Right to information about your data stored by us in accordance with Art. 15 GDPR

Right to rectification of inaccurate data in accordance with Art. 16 GDPR

Right to erasure of data stored by us in accordance with Art. 17 GDPR

Right to restrict the processing of data stored by us in accordance with Art. 18 GDPR

Right to revoke any consent you may have given us at any time in accordance with Art. 7 (3) GDPR; this means that we may no longer continue the data processing based on this consent in the future.

Right to data portability according to Art. 20 GDPR

Right to lodge a complaint with a competent supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for doing so that arise from your particular situation.

If you wish to exercise your right of objection, simply send an email to info@nash.eu

U) Data security

Your personal data is transmitted over the internet on our website using the SSL (Secure Socket Layer) security system. This technology offers a high level of security and is therefore also used by banks, for example, to protect data during online banking. We protect our website and other systems through appropriate, state-of-the-art technical and organizational measures against loss, destruction, access, alteration, or distribution of your data by unauthorized persons.

V) Currentness and changes to this privacy policy

This privacy policy is currently valid and dated September 2024. Due to the ongoing development of our website and the offers available thereon, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. You can access and print the current privacy policy at any time on the website under NASH Vertical Brands GmbH.

Razor set of 1

Data protection

Privacy Policy

Have an account?