icon

Privacy policy

1 General information

1.1 Controller

The responsible legal entity is:

Nexaro GmbH
Mühlenweg 17–37, 42275 Wuppertal
Phone: +49 202 564 7979
Email: info@nexaro.com

1.2 Data Protection Officer

To contact the data protection officer(s) of the Controller, please write to:

Nexaro GmbH
Die Datenschutzbeauftragte
Mühlenweg 17–37, 42275 Wuppertal
Email: dataprotection@nexaro.com

1.3 Principles of personal data processing

Your data will be protected within the scope of the applicable legal regulations. In the following you will find information on the collection of personal data on the company website, including the Nexaro online shop, available on the Internet at www.nexaro.com (hereinafter referred to as the website).

1.3.1 Purpose and scope of processing

The protection of your personal data on our website is important to us. We only process our users’ personal data insofar as it is necessary for the provision of a functional website as well as our content and services.

1.3.2 Legal bases

The processing of our users’ personal data is carried out with your consent or based on legal permission. Insofar as we obtain consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing.

In the processing of personal data required for the fulfillment of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) of the GDPR. This also applies to processing operations that are necessary to carry out measures precedent to the contract.

Insofar as the processing of personal data is necessary to fulfill a legal obligation incumbent upon us, the legal basis is Article 6(1)(c) of the GDPR.

In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Article 6(1)(d) of the GDPR.

If the processing is necessary to safeguard a legitimate interest of our company or third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh this interest, the legal basis for processing is Article 6(1)(f) of the GDPR.

1.3.3 Erasure of data and storage time

We process and store your personal data for as long as and to the extent necessary for the fulfillment of the respective purposes. If your data is no longer required for the purposes mentioned or if the legal basis for data processing is no longer applicable, this data will be regularly erased. This is done taking into account existing statutory retention periods (e.g. Article 257 of the HGB [German Commercial Code], Article 147 of the AO [German Tax Code]) as well as, inter alia, obligations under the German Commercial Code (Article 89b of the HGB).

1.3.4 Recipients or categories of recipients

If this is necessary for the provision of the website or the processing activities indicated in item 2, we will transmit your data to the following categories of recipients: Customer account managers, payment service providers, financing partners, logistics partners, postal service providers, credit bureaus, call centers, IT providers, debt collection agencies, tax consultants, lawyers.

For the purposes of postal advertising and market research, we may also transmit your address data to affiliated companies if you have not objected to this.

If we process data in a third country or this is done in the context of the use of third-party services or the disclosure or transmission of data to third parties, this is only done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special conditions of Article 44 et seq. of the GDPR are present. This means that the data is processed, e.g., on the basis of special guarantees such as the officially recognized establishment of a level of data protection corresponding to the EU or compliance with officially recognized specific contractual obligations ("standard data protection clauses").

1.4 Rights of data subjects

You may assert the following rights against us, e.g., by e-mail to info@nexaro.com

1.4.1 Revocation of declaration of consent

If you have given us your consent to process your personal data, you may revoke this at any time, e.g., by e-mail to info@nexaro.com. A revocation shall not affect the legality of the processing performed up to that point.

1.4.2 Right to object and objection to advertising

In the case of personal data processing on the basis of Article 6(1)(f) of the GDPR, you have the right to object in accordance with Article 21 of the GDPR:

Right to object according to Article 21 of the GDPR

In accordance with Article 21 of the GDPR, you have the right to object to the processing of data on grounds relating to your particular situation at any time.

We will then no longer process this data unless it is possible to prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. However, this does not apply if your objection is directed against the processing for the purpose of advertising.

In the event of a substantiated objection, the data will be erased.

In the case of automated decision making (including profiling), you also have the right to express your opinion on automated decision making and to have this decision forwarded to us for manual verification of correctness.

1.4.3 Other rights

In addition to the right to revoke your consent given to us and the right to object in the case of processing of your personal data on the basis of a legitimate interest, you have the following rights if the respective legal requirements have been met:

  • Right of access in accordance with Article 15 of the GDPR, which includes but is not limited to requesting information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period and the origin of your data if it has not been collected directly from you;
  • Right to rectification of incorrect data or completion of correct data in accordance with Article 16 of the GDPR;
  • Right to erasure of your data stored by us in accordance with Article 17 of the GDPR if there are no legal or contractual retention periods or other legal obligations or rights to further storage which are to be observed by us;
  • Right to the restriction of your data processing in accordance with Article 18 of the GDPR if the correctness of the data is disputed by you; the processing is unlawful but you object to erasure; the Controller no longer needs the data but you need it for asserting, exercising or defending legal claims or you have filed an objection against the processing in accordance with Article 21 of the GDPR;
  • Right to data portability according to Article 20 of the GDPR, i.e., the right to receive selected data stored by us about you in a common, machine-readable format, or to request its transmission to another controller;
  • Right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your usual location or workplace or our company headquarters.

2 Processing of personal data

2.1 Provision of the website

When our website is accessed, data and information is automatically transmitted from the terminal and is stored in log files.

The following data is collected: Name of your Internet service provider, browser type/version, the website from which you visit us, and the websites you visit with us, the time of the server request and the full IP address of the requesting computer.

Such log files generally do not contain complete IP addresses or other data that allow for any association with you. This information is evaluated for statistical purposes and is then erased. Deviating provisions shall only apply if necessary for the documentation of legal acts of the user, e.g., to register for a customer account or to subscribe to the newsletter.

2.2 Consent management

As part of the use of cookies and related web technologies, we use a consent management service (content management). It enables us to obtain and manage any consent of users when visiting our website.

The following data is processed: Consent / refusal of consent, referrer URL, device information, user settings, consent ID, date and time, consent type, template version, language.

The legal basis for this processing is Article 6(1)(c) of the GDPR.

For more information on the use of cookies and related web technologies, see item 3.

2.3 Online shop

We provide the Nexaro online shop on our website. As part of the order processing and as part of customer support if applicable, we process your personal data to execute the contract: Salutation; company name or last name, first name; postal address; e-mail address; date of birth; optional: different delivery address.

The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.

2.3.1 Online shop customer account

We offer you the possibility to create a customer account and use the associated functions of the online shop on our website.

For this purpose, we process the following personal data: Salutation; company name; last name, first name; postal address; VAT identification number; password; information on the delivery address; phone number and e-mail address.

As a registered user, you also have the possibility to change the address data stored about you at any time and to trigger the dissolution of the customer account.

The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.

2.3.2  Disclosure of data to payment service providers and logistics partners

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you opt for a payment method offered through the payment service provider Shopify Payments, the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, handles the payment.

For the purpose of payment processing, we transmit the following data to the respective payment service provider: Company name, last name, first name; postal address; credit card number, account number if applicable, bank code, invoice amount, currency and transaction number, order data.

Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this.

For more information on Shopify Payments' privacy policy, please click here. For data protection information about Stripe Payments Europe Ltd., click here.

We additionally transmit the following data to our logistics partners and postal service managers for the purpose of delivering the shipment of ordered goods: Company name, last name, first name; postal address; e-mail address; content of the shopping cart.

The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR. Our legitimate interest is payment processing or the delivery of goods.

2.3.3 Fraud prevention

As part of the ordering process, we process your data for the execution of the contract for possible fraudulent and/or abusive behavior. In doing so, we check identity details, addresses and, if applicable, credit card information as a fraud prevention measure and to ensure the deliverability of the selected goods.

The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. The legitimate interest is to identify and prevent fraudulent and/or abusive activities.

2.3.4 Protection against sanctions

We are obliged to match order data with personal sanction lists / embargoes in order not to provide any listed persons with economic or financial resources and to ensure compliance with foreign trade law.

The legal basis for the processing of data within order processing is Article 6(1)(c) of the GDPR.

2.3.5 Credit check

If we make an advance performance by delivering goods on the basis of the payment method selected by you, we will process the data entered by you in the context of the ordering process with the aim of achieving a decision in this respect on the establishment, execution or rejection of a contractual relationship.

This involves transmitting your company data and invoice data (company name; legal form; business address; representatives, contacts and contact details; invoice data) to Creditsafe Deutschland GmbH (Schreiberhauer Str. 30, 10317 Berlin – Creditsafe) for an assessment of the risk of payment default. As part of the credit check, we will receive information on past payment behavior and on the assessment of the risk of payment default based on scoring. The scoring is based on a mathematical-statistically recognized and proven method in which your aforementioned inventory data as well as any payment experience data are used at different weights. The described score procedure is carried out in accordance with the data protection requirements. The calculated score value is not transmitted to us as a mere number but is encrypted using predefined parameters. Depending on this information, we will then accept or reject an uncertain payment method that you have chosen in the order process.

For detailed information about Creditsafe within the meaning of Article 14 of the GDPR, i.e., information on the business purpose for purposes of data storage, on the data recipients, on the right of self-inquiry, on the right to erasure or correction, etc., please visit here.

The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR. Our legitimate interest is to prevent default.

2.4 Making appointments online

Our website offers you the opportunity to request an appointment for the product presentation; among others, it can be used to make online appointments during trade fairs. We process the personal data from the input mask to exclusively process your request.

This data is: Title, company name, position, last name and first name, postal address, e-mail address, telephone number, booked appointment (date, time and place), customer group.

The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. Our legitimate interest is to process your request.

2.5 Contact

We provide you with a contact form on our website that can be used to contact us electronically. We process the personal data from the input mask to exclusively process your request. In the event of making contact by e-mail, the necessary legitimate interest in the processing of data also applies in this respect.

If you use this method of contacting us, the data entered in the input mask will be transmitted to us and stored. This data is: Title, company name, last name and first name, postal address, e-mail address, telephone number, subject area, information on your interest.

Alternatively, you may also contact us via the customer hotline or e-mail address provided by us. In this case, the personal data that you voluntarily transmit in the context of the telephone call or with the e-mail will be processed.

The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. Our legitimate interest is it to process your request.

2.6 Newsletter

You can subscribe to the free newsletter by entering your e-mail address on our website. Your e-mail address will be sent to us when you register for the newsletter; we use a double opt-in procedure for the registration process.

The legal basis for the processing of data within order processing is Article 6(1)(a) of the GDPR. The text of the statement of consent reads:

"[ ] Yes, I would like to regularly receive the latest information in the newsletter about Nexaro products and services. I can revoke this consent at any time with effect for the future, I can find the link to manage my consent at the end of every newsletter issue."

2.7 Advertising

If you have concluded a contract with us, we will treat you as an existing customer. In strict compliance with the legal requirements for advertising, we may process your data for the purpose of advertising in order to inform you in this way about our offers, products and services via our customer account managers, by telephone, via e-mail communication or by mail.

In such cases, we process your postal contact details or your e-mail address or telephone number if applicable.

The legal basis for data processing is, insofar as you have given us your consent, Article 6(1)(a) of the GDPR or Article 6(1)(f) of the GDPR. Our legitimate interest is providing existing customers with our advertising.

You can object to the processing of your data for the purpose of advertising at any time for the future – also by e-mail to: info@nexaro.com.

2.8 Third-party content

2.8.1 Google Maps

With your consent, we use the Google Maps map service on our website. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

For more information on this service, please visit our Consent Management.

2.8.2 YouTube Video

We integrate YouTube content in our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you access a page on our website that has an embedded video, a connection to the Google servers is established. If you have a Google account and are logged into it, this information is assigned to your Google account. You can prevent this by logging out of your Google account before visiting our website. For further information on data processing and data transmission by Google, please go here.

The legal basis for the provision of YouTube content on our website is Article 6(1)(1)(f) of the GDPR. Our legitimate interest is providing third-party content.

2.9 Web analysis

2.9.1 Google Analytics

With your consent, we use Google Analytics on our website to analyze it. Google Analytics is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

For more information on this service, please visit our Consent Management.

2.9.2 Google Signals

With your consent, we use Google Signals on our website in order to obtain cross-device information about your visit to our website. Google Signals is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

For more information on this service, please visit our Consent Management.

2.9.3 Hotjar

With your consent, we use the analysis service Hotjar on our website. Hotjar is a service of Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta (Hotjar).

For more information on this service, please visit our Consent Management.

2.10 Third-party advertising

With your consent, we use the advertising services of third parties.

For more information on these services, please visit our Consent Management.

3 Cookies

On our website, we use cookies and related technologies to provide you with the best possible website experience. Basic and useful functions of our website cannot be realized without the use of cookies.

A cookie is a small file that stores Internet settings. It is loaded by the Internet browser when you first visit a website. The next time this website is accessed, the cookie and the information stored in it are transmitted either to the website that generated it (first-party cookie), or to another website to which it belongs (third-party cookie). In this way, the website recognizes that it has already been visited with this browser. Other web technologies are used for similar purposes, so we also refer to these technologies as "cookies".

Most of the cookies we use are deleted from your hard disk after the end of the browser session (session cookies). Other cookies remain on your computer and allow us to recognize your computer again on your next visit (permanent cookies).

When you visit our website, you have the opportunity to inform yourself about the type of cookies we use and to accept or reject their use. Without your prior consent, we only use cookies that are absolutely necessary. Moreover, you can manage your settings in this regard at any time by clicking the red button at the bottom left corner.  If you have given us your consent, any later revocation no longer affects the legality of the access made up to the revocation or the storage made up to that point.

Most Internet browsers also allow you to manage the use of cookies, e.g., to accept or reject all cookies or to only accept certain cookies. You may also set your browser to inform you about the placement of cookies. You can find the options for managing and deleting cookies via the documentation integrated in the respective browser.

In addition, individual service providers also offer separate possibilities for deactivating the respective cookies.
If cookies are deactivated for our website, not all functions of the website may be used in full.

4 Note on security

We will protect your data against unauthorized access, loss and destruction by technical and organizational measures. Our security measures are continuously improved in line with the technological developments.

Last updated: September 1, 2022