Privacy policy
1 General information
1.1 Controller
The following legal entity is the Controller:
Nexaro GmbH
Mühlenweg 17–37, 42275 Wuppertal
Phone: +49 202 564 7979
Email: info@nexaro.com
1.2 Data Protection Officer
To contact the Controller’s Data Protection Officer(s), please write to:
Nexaro GmbH
Die Datenschutzbeauftragte
Mühlenweg 17–37, 42275 Wuppertal
Email: dataprotection@nexaro.com
1.3 Principles of personal data processing
Your data will be protected within the scope of the applicable legal regulations. Information on the processing of personal data within the context of the online services, which include Nexaro's company website and online shop, available on the Internet under www.nexaro.com (hereinafter also referred to in short as the "Website") and the Nexaro HUB, available on the Internet under hub.nexaro.com (hereinafter also referred to as the "Platform"), can be found below.
1.3.1 Purpose and scope of processing
We take the protection of your personal data very seriously. As a rule, we only process personal data insofar as it is necessary to provide our content and services within the framework of a functional infrastructure.
1.3.2 Legal bases
Our users’ personal data is processed subject to your consent or based on a legal authorization. Where we obtain consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing.
When processing personal data required for the fulfillment of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations that are necessary to carry out precontractual measures.
If the processing of personal data is necessary to fulfill a legal obligation incumbent upon us, the legal basis is Article 6(1)(c) GDPR.
Should vital interests of the data subject or another natural person require personal data to be processed, the legal basis is Article 6(1)(d) GDPR.
If the processing is necessary to safeguard a legitimate interest of our company or third party and the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh this interest, the legal basis for processing is Article 6(1)(f) GDPR.
1.3.3 Erasure of data and storage time
We process and store your personal data for as long as and to the extent necessary for the fulfillment of the respective purposes. If your data is no longer required for the purposes mentioned or if the legal basis for data processing is no longer applicable, it will be erased on a regular basis. This is done taking into account existing statutory retention periods (e.g. Article 257 of the German Commercial Code (HGB), Article 147 of the German Fiscal Code (AO)) as well as, inter alia, obligations under the German Commercial Code (Article 89b HGB).
1.3.4 Recipients or categories of recipients
We will transmit your data to the following categories of recipients if this is necessary for the provision of our content and services and the processing activities indicated below:
Customer account managers, payment service providers, financing partners, logistics partners, postal service providers, order processors, credit bureaus, call centers, IT providers, debt collection agencies, tax consultants, lawyers.
We may also transmit your address data to affiliated companies for the purposes of postal advertising and market research if you have not objected to this.
If we process data in a third country or this is done in the context of the use of third-party services or the disclosure or transmission of data to third parties, this is only done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special conditions of Article 44 et seq. GDPR are present. This means that the data is processed, e.g., on the basis of special guarantees such as the officially recognized establishment of a level of data protection corresponding to the EU or compliance with officially recognized specific contractual obligations (“standard data protection clauses”).
1.4 Rights of data subjects
You may assert the following rights against us, e.g., by email to info@nexaro.com
1.4.1 Revocation of declaration of consent
If you have consented to our processing of your personal data, you may revoke this at any time, e.g., by email to info@nexaro.com. A revocation shall not affect the legality of the processing performed up to that point.
1.4.2 Right to object and objection to advertising
Where personal data is processed on the basis of Article 6(1)(f) GDPR, you have the right to object pursuant to Article 21 GDPR:
Right to object pursuant to Article 21 of the GDPR
Under Article 21 GDPR, you have the right to object at any time to the processing of data on grounds relating to your particular situation.
We will then no longer process this data unless it is possible to prove compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims. However, this does not apply if your objection is directed against processing for advertising purposes.
In the event of a substantiated objection, the data will be erased.
In the case of automated decision-making (including profiling), you also have the right to express your point of view on automated decision-making and to have this decision forwarded to us for manual verification of its correctness.
1.4.3 Other rights
In addition to the right to revoke your consent granted to us and the right to object in the case of processing of your personal data on the basis of a legitimate interest, you have the following rights if the respective legal requirements have been met:
- Right of access in accordance with Article 15 GDPR, which includes but is not limited to requesting information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data if it has not been collected directly from you;
- Right to rectification of incorrect data or completion of correct data in accordance with Article 16 GDPR;
- Right to erasure of your data stored by us in accordance with Article 17 GDPR if there are no legal or contractual retention periods or other legal obligations or rights to further storage which are to be observed by us;
- Right to the restriction of your data processing in accordance with Article 18 GDPR if the correctness of the data is disputed by you; the processing is unlawful but you object to erasure; the Controller no longer needs the data but you need it for asserting, exercising, or defending legal claims or you have filed an objection against the processing in accordance with Article 21 GDPR;
- Right to data portability according to Article 20 GDPR, i.e., the right to receive selected data stored by us about you in a common, machine-readable format, or to request its transmission to another controller;
- Right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your usual place of residence or workplace or of our company headquarters.
2 Cookies
We use cookies and related technologies within the scope of our online services to provide you with the best possible service. Fundamental and useful functions of our Website cannot be realized without the use of cookies.
A cookie is a small file that stores Internet settings. It is loaded by the Internet browser when you first visit a website. The next time that website is accessed, the cookie and the information stored in it are transmitted either to the website that generated it (first-party cookie) or to another website to which it belongs (third-party cookie). In this way, the website recognizes that it has already been visited with this browser. Other web technologies are used for similar purposes, so we also refer to those technologies as “cookies.”
Most of the cookies we use are deleted from your hard disk after the end of the browser session (session cookies). Other cookies remain on your computer and allow us to recognize your computer again on your next visit (permanent cookies).
When you visit our online services, you have the opportunity to inform yourself about the type of cookies we use and to accept or reject their use. Without your prior consent, we only use cookies that are absolutely necessary. In addition, you can manage your settings at any time via the red button at the bottom left. If you have given us your consent, any subsequent revocation will not affect the legality of the access made up to the revocation or the storage made up to that point.
Most Internet browsers also allow you to manage the use of cookies, e.g., to accept or reject all cookies or to only accept certain cookies. You may also set your browser to inform you about the setting of cookies. You can find the options for managing and deleting cookies via the documentation integrated in the respective browser.
In addition, individual service providers also offer separate options for deactivating the respective cookies.
If cookies are deactivated for our Website, it may no longer be possible to use all functions of the Website in full.
3 Processing of personal data within the scope of the online services
3.1 Provision of online services
Data and information is automatically transmitted from the user’s device each time our online services are accessed. The following data is processed:
Name of your Internet service provider, browser type/version, the website from which you visit us and the websites you visit with us, the time of the server request, and the full IP address of the requesting computer.
This data is not generally saved. Varying provisions only apply if necessary for the documentation of legal acts, e.g., within the scope of registering for a customer account, concluding a contract, or subscribing to the newsletter.
3.2 Consent management
We use a consent management service (Consent Management) as part of the use of cookies and related web technologies. This enables us to obtain and manage any consent granted by users when visiting our Website.
The following data is processed: consent/refusal of consent, referrer URL, device information, user settings, consent ID, date and time, consent type, template version, language.
The legal basis for this processing is Article 6(1)(c) GDPR.
For more information on the use of cookies and related web technologies, see clause 2.
3.3 Contact
You can reach us by phone and email via the contact form provided on the Platform or via the other contact information. In this case, the personal data that you voluntarily transmit in the context of the contact form, telephone call, or email will be processed.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is processing your request. For more information on this service, please visit our Consent Management.
3.4 Technical support
You can contact our technical support if you have any technical questions and problems related to Nexaro products. We process your contact data, which we collect from you and potentially also your dealer, along with the content of communications and, if necessary, device data for the purposes of processing your request, repairs, and shipping the products.
The legal basis for data processing is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR. Our legitimate interest is processing corresponding requests.
3.5 Advertising
If you have concluded a contract with us, we will treat you as an existing customer. In strict compliance with the legal requirements for advertising, we may process your data for the purpose of advertising in order to inform you in this way about our offers, products, and services via our customer account managers, by telephone, via email communication, or by mail.
In such cases, we process your postal contact details or, if applicable, your email address or phone number.
Provided you have granted your consent, the legal basis for data processing is Article 6(1)(a) GDPR or Article 6(1)(f) GDPR. Our legitimate interest is providing our advertising to existing customers.
You can object to the processing of your data for the purpose of advertising at any time with effect for the future—also by email to: info@nexaro.com.
4 Processing of personal data on the Website
4.1 Making appointments online
On our Website you can request an appointment for a product demonstration. We process the personal data from the input form exclusively to process your request. This includes the following data:
Title, company name, position, last name and first name, postal address, email address, phone number, booked appointment (date, time, and place), customer group.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is processing your request.
4.2 Online shop
We provide the Nexaro online shop on our Website. For the purposes of order processing and, if applicable, as part of customer support, we process your personal data in the course of contractual execution:
Salutation; company name or last name, first name; postal address; email address; date of birth; optionally: different delivery address.
The legal basis for data processing in order handling is Article 6(1)(b) GDPR.
4.2.1 Online shop customer account
You can create a customer account and use the associated functions within the scope of our online shop.
The following personal data is processed by us for the registration and provision of the customer account: salutation; company name; last name, first name; postal address; VAT ID; password; delivery address information; phone number and email address.
As a registered user, you can also change the address data stored about you at any time and request deletion of the customer account.
The legal basis for data processing is Article 6(1)(b) GDPR.
4.2.2 Sharing of data with payment service providers and logistics partners
We use the payment service provider “Shopify Payments”, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, Ireland. If you opt for a payment method offered via the payment service provider Shopify Payments, the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, handles the payment.
We transmit the following data to the respective payment service provider for payment processing purposes: company name, last name, first name; postal address; credit card number, account number if applicable, bank code, invoice amount, currency and transaction number, order data.
Your data will only be shared for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this.
For more information on Shopify Payments' privacy policy, please click here. For data protection information about Stripe Payments Europe Ltd., click here.
We additionally transmit the following data to our logistics partners and postal service providers for the purpose of delivering the shipment of ordered goods:
Company name, last name, first name; postal address; email address; content of the shopping cart.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is payment processing and/or the delivery of goods.
4.2.3 Fraud prevention
As part of the ordering process, we process your data provided for the execution of the contract to detect possible fraudulent and/or abusive behavior. In doing so, we check identity details, addresses, and, if applicable, credit card information as a fraud prevention measure and to ensure the deliverability of the selected goods.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is to identify and prevent fraudulent and/or abusive activities.
4.2.4 Protection against sanctions
We are obliged to check order data against personal sanction lists/embargoes to avoid providing any listed persons with economic or financial resources and to ensure compliance with foreign trade law.
The legal basis for data processing is Article 6(1)(c) GDPR.
4.2.5 Credit check
If we make an advance delivery of goods on the basis of the payment method selected by you, we will process the data entered by you during the ordering process with the aim of reaching a corresponding decision on the establishment, execution or rejection of a contractual relationship.
This involves transmitting your company data and invoice data (company name; legal form; business address; representatives, contacts and contact details; invoice data) to Creditsafe Deutschland GmbH (Schreiberhauer Str. 30, 10317 Berlin, Germany—Creditsafe) for an assessment of the risk of payment default. As part of the credit check, we will receive information on past payment behavior and the assessment of the risk of payment default based on scoring. The scoring is based on a recognized and proven mathematical and statistical method in which your aforementioned inventory data as well as any payment empirical data are used with different weightings. The score procedure as described is carried out in accordance with the data protection requirements. The calculated score value is not transmitted to us as a simple number but is encrypted using predefined parameters. Depending on this information, we will then accept or reject an insecure payment method that you have chosen in the order process.
Detailed information about Creditsafe within the meaning of Article 14 GDPR, i.e., information on the business purpose, the purposes of data storage, the data recipients, the right of information about the data held about oneself, the right to erasure or correction, etc., can be found on the Creditsafe website, please click here.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is preventing payment defaults.
4.3 Newsletter
You can subscribe to the free newsletter by entering your email address on our Website. Your email address will be sent to us when you register for the newsletter; we use a double opt-in procedure for the registration process.
The legal basis for processing your personal data is Article 6(1)(a) GDPR. The text of the statement of consent reads:
"[ ] Yes, I would like to receive the newsletter with the latest information on topics related to Nexaro’s products and services. I can revoke this consent at any time with effect for the future; the link to manage my consent can be found at the end of each newsletter issue."
5 Processing of personal data in the Nexaro HUB
We provide Nexaro HUB services on our Platform. We process personal data during contractual execution, unless this is done within the scope of order processing.
5.1 Registration and customer account
The use of the Nexaro HUB requires registration and creation of a customer account. The following personal data is processed by us during registration and execution of the user relationship:
Salutation; company name; last name, first name; postal address; VAT ID; password; phone number and email address.
As a registered customer, you can also change the address data stored about you at any time and request deletion of the customer account.
The legal basis for data processing is Article 6(1)(b) GDPR.
5.2 Fraud prevention, sanctions protection, credit check
During the process of entering into a contract, we also process your data for the purposes of fraud prevention, credit check, or protection against sanctions (cf. clauses 4.2.3 et seq.).
5.3 Use of services
As a registered user, you can use the Nexaro HUB services within the framework of the existing user relationship. You connect your devices to the technical infrastructure of the Nexaro HUB to use the services as intended. Different categories of data are processed for the purpose of enabling use of the services, as well as for billing and service purposes.
This includes identification data for the purpose of establishing and using the services to identify user accounts and end devices, e.g., your user ID, device and system IDs of your end devices and mobile modules; communication information required to connect the end devices to the technical infrastructure; location data for the provision and management of the technical connection or location-based services or usage data for billing purposes.
The legal basis for data processing is Article 6(1)(b) GDPR.
5.4 Further development of products and services
We analyze device data and service information to ensure customer service and further develop our services and products. Device data is generally processed without reference to specific persons.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest is ensuring and optimizing customer service and the quality of products and services.
6 External content, advertising and analytics services
6.1 Google Maps
With your consent, we use the Google Maps map service on our Website. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
For more information on this service, please visit our Consent Management.
Information about the processing of personal data by Google can be found here.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.2 YouTube Video
We integrate YouTube content in our Website using YouTube API Services. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page with embedded YouTube content and a video is played, a connection between your end device and the YouTube servers is created. Your IP address, our Website URL and potentially also other information is sent to YouTube and cookies are used with your consent. If you are logged on to Google at the same time, the information is allocated to your YouTube account. You can prevent this from happening by logging out of your account before visiting our Website.
Information about the processing of personal data by Google can be found here.
YouTube’s Terms of Service can be found here.
The legal basis for the provision of YouTube content on our Website is Article 6(1)(f) GDPR. Our legitimate interest is providing third-party content.
6.3 Google Analytics
With your consent, we use Google Analytics on our Website for analysis purposes. Google Analytics is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
For more information on this service, please visit our Consent Management.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.4 Google Signals
With your consent, we use Google Signals on our Website in order to obtain cross-device information about your visit to our Website. Google Signals is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
For more information on this service, please visit our Consent Management.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.5 Hotjar
With your consent, we use the Hotjar analysis service on our Website. Hotjar is a service of Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”).
For more information on this service, please visit our Consent Management.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.6 Microsoft Clarity
With your consent, we use the Microsoft Clarity analysis service on our Website. Microsoft Clarity is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.
For more information on this service, please visit our Consent Management.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.7 Advertising, analysis, and optimization
With your consent, we use third-party services on our Website to measure reach and optimize our Website and advertising. For more information on these services and the processing of personal data, please visit our Consent Management.
6.7.1 Google Ads
With your consent, we use Google Ads on our Website for marketing and optimization purposes for our adverts. Google Ads is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Ads enables us to use adverts (known as “Google Ads”) on external websites in a targeted manner to spread awareness of our services and to ascertain the success of individual advertising measures. For this purpose, interest-driven ads are displayed within the Google Display Network and we receive statistical analyses of our advertising from Google. Information about the processing of personal data by Google can be found here.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.7.2 LinkedIn Ads
With your consent, we use LinkedIn on our Website for marketing and optimization purposes for our adverts. LinkedIn is a service of the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
LinkedIn enables us to use adverts on external websites to spread awareness of our services and to ascertain the success of individual advertising measures. To this end, we receive statistical analyses of our advertising from LinkedIn. Information about the processing of personal data by LinkedIn can be found here.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
6.7.3 Yahoo Ads
With your consent, we use Yahoo on our Website for marketing and optimization purposes for our adverts. Yahoo is a service of Verizon Media EMEA Limited , 5-7 Point Square, North Wall Quay, Dublin 1, Ireland (“Yahoo”).
Yahoo enables us to use adverts on external websites to spread awareness of our services and to ascertain the success of individual advertising measures. To this end, we receive statistical analyses of our advertising from Yahoo. Information about the processing of personal data by Yahoo can be found here.
The legal basis for data processing is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by amending your consent preferences in Consent Management accordingly.
7 Note on security
We will deploy technical and organizational measures to protect your data against unauthorized access, loss, and destruction. Our security measures are continuously improved in line with the technological developments.
Last updated: 23.03.2023