Privacy policy
1 General information
1.1 Controller
The responsible legal entity is:
Nexaro GmbH
Mühlenweg 17–37, 42275 Wuppertal
Phone: +49 202 564 7979
Email: info@nexaro.com
1.2 Data Protection Officer
To contact the data protection officer(s) of the Controller, please write to:
Nexaro GmbH
Die Datenschutzbeauftragte
Mühlenweg 17–37, 42275 Wuppertal
Email: dataprotection@nexaro.com
1.3 Principles of personal data processing
Your data will be protected within the scope of the applicable legal regulations. Information on the processing of personal data within the scope of the online offering, which includes the company website and the Nexaro online shop, available on the Internet under www.nexaro.com (hereinafter also referred to as the website) and the Nexaro HUB, available on the Internet under hub.nexaro.com (hereinafter also referred to as the platform) can be found below.
1.3.1 Purpose and scope of processing
The protection of personal data is important to us. In principle, we only process personal data insofar as it is necessary to provide our content and services within the framework of a functional infrastructure.
1.3.2 Legal bases
The processing of our users’ personal data is carried out with your consent or based on legal permission. Insofar as we obtain consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing.
In the processing of personal data required for the fulfillment of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) of the GDPR. This also applies to processing operations that are necessary to carry out measures precedent to the contract.
Insofar as the processing of personal data is necessary to fulfill a legal obligation incumbent upon us, the legal basis is Article 6(1)(c) of the GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Article 6(1)(d) of the GDPR.
If the processing is necessary to safeguard a legitimate interest of our company or third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh this interest, the legal basis for processing is Article 6(1)(f) of the GDPR.
1.3.3 Erasure of data and storage time
We process and store your personal data for as long as and to the extent necessary for the fulfillment of the respective purposes. If your data is no longer required for the purposes mentioned or if the legal basis for data processing is no longer applicable, this data will be regularly erased. This is done taking into account existing statutory retention periods (e.g. Article 257 of the HGB [German Commercial Code], Article 147 of the AO [German Tax Code]) as well as, inter alia, obligations under the German Commercial Code (Article 89b of the HGB).
1.3.4 Recipients or categories of recipients
If this is necessary for the provision of our content and services and the processing activities indicated in the following, we will transmit your data to the following categories of recipients:
Customer account managers, payment service providers, financing partners, logistics partners, postal service providers, order processors, credit bureaus, call centers, IT providers, debt collection agencies, tax consultants, lawyers.
For the purposes of postal advertising and market research, we may also transmit your address data to affiliated companies if you have not objected to this.
If we process data in a third country or this is done in the context of the use of third-party services or the disclosure or transmission of data to third parties, this is only done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special conditions of Article 44 et seq. of the GDPR are present. This means that the data is processed, e.g., on the basis of special guarantees such as the officially recognized establishment of a level of data protection corresponding to the EU or compliance with officially recognized specific contractual obligations ("standard data protection clauses").
1.4 Rights of data subjects
You may assert the following rights against us, e.g., by e-mail to info@nexaro.com
1.4.1 Revocation of declaration of consent
If you have given us your consent to process your personal data, you may revoke this at any time, e.g., by e-mail to info@nexaro.com. A revocation shall not affect the legality of the processing performed up to that point.
1.4.2 Right to object and objection to advertising
In the case of personal data processing on the basis of Article 6(1)(f) of the GDPR, you have the right to object in accordance with Article 21 of the GDPR:
Right to object according to Article 21 of the GDPR
In accordance with Article 21 of the GDPR, you have the right to object to the processing of data on grounds relating to your particular situation at any time.
We will then no longer process this data unless it is possible to prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. However, this does not apply if your objection is directed against the processing for the purpose of advertising.
In the event of a substantiated objection, the data will be erased.
In the case of automated decision making (including profiling), you also have the right to express your opinion on automated decision making and to have this decision forwarded to us for manual verification of correctness.
1.4.3 Other rights
In addition to the right to revoke your consent given to us and the right to object in the case of processing of your personal data on the basis of a legitimate interest, you have the following rights if the respective legal requirements have been met:
- Right of access in accordance with Article 15 of the GDPR, which includes but is not limited to requesting information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period and the origin of your data if it has not been collected directly from you;
- Right to rectification of incorrect data or completion of correct data in accordance with Article 16 of the GDPR;
- Right to erasure of your data stored by us in accordance with Article 17 of the GDPR if there are no legal or contractual retention periods or other legal obligations or rights to further storage which are to be observed by us;
- Right to the restriction of your data processing in accordance with Article 18 of the GDPR if the correctness of the data is disputed by you; the processing is unlawful but you object to erasure; the Controller no longer needs the data but you need it for asserting, exercising or defending legal claims or you have filed an objection against the processing in accordance with Article 21 of the GDPR;
- Right to data portability according to Article 20 of the GDPR, i.e., the right to receive selected data stored by us about you in a common, machine-readable format, or to request its transmission to another controller;
- Right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your usual location or workplace or our company headquarters.
2 Cookies
Within the scope of our online offer, we use cookies and related technologies to provide you with the best possible service. Basic and useful functions of our website cannot be realized without the use of cookies.
A cookie is a small file that stores Internet settings. It is loaded by the Internet browser when you first visit a website. The next time this website is accessed, the cookie and the information stored in it are transmitted either to the website that generated it (first-party cookie), or to another website to which it belongs (third-party cookie). In this way, the website recognizes that it has already been visited with this browser. Other web technologies are used for similar purposes, so we also refer to these technologies as "cookies".
Most of the cookies we use are deleted from your hard disk after the end of the browser session (session cookies). Other cookies remain on your computer and allow us to recognize your computer again on your next visit (permanent cookies).
When you visit our online offer, you have the opportunity to inform yourself about the type of cookies we use and to accept or reject their use. Without your prior consent, we only use cookies that are absolutely necessary. In addition, you can manage your settings at any time via the red button at the bottom left. If you have given us your consent, any later revocation no longer affects the legality of the access made up to the revocation or the storage made up to that point.
Most Internet browsers also allow you to manage the use of cookies, e.g., to accept or reject all cookies or to only accept certain cookies. You may also set your browser to inform you about the placement of cookies. You can find the options for managing and deleting cookies via the documentation integrated in the respective browser.
In addition, individual service providers also offer separate possibilities for deactivating the respective cookies.
If cookies are deactivated for our website, not all functions of the website may be used in full.
3 Processing of personal data within the scope of the online offer
3.1 Provision of online offers
Each time our online offers are accessed, data and information is automatically transmitted from the user's device. The following data is processed:
Name of your Internet service provider, browser type/version, the website from which you visit us, and the websites you visit with us, the time of the server request and the full IP address of the requesting computer.
As a matter of principle, this data is not saved. Deviating provisions shall only apply if necessary for the documentation of legal acts, e.g., within the scope of registering for a customer account, concluding a contract or subscribing to the newsletter.
3.2 Consent management
As part of the use of cookies and related web technologies, we use a consent management service (content management). It enables us to obtain and manage any consent of users when visiting our website.
The following data is processed: Consent / refusal of consent, referrer URL, device information, user settings, consent ID, date and time, consent type, template version, language.
The legal basis for this processing is Article 6(1)(c) of the GDPR.
For more information on the use of cookies and related web technologies, see item 2.
3.3 Contact
You can reach us by phone and e-mail via the contact form provided on the platform or via the other contact information. In this case, the personal data that you voluntarily transmit in the context of the contact form, telephone call, or with the e-mail will be processed.
The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. Our legitimate interest is to process your request.
3.4 Technical support
For technical questions and problems related to Nexaro products, you can contact our technical support. For the purpose of processing your request, repairs and shipping the products, we process your contact data, which we collect from you and, if necessary, your dealer also receives communication content and, if necessary, device data.
The legal basis for data processing is Article 6 (1)(b) of the GDPR or Article 6 (1) (f) of the GDPR. Our legitimate interest is to process corresponding requests.
3.5 Advertising
If you have concluded a contract with us, we will treat you as an existing customer. In strict compliance with the legal requirements for advertising, we may process your data for the purpose of advertising in order to inform you in this way about our offers, products and services via our customer account managers, by telephone, via e-mail communication or by mail.
In such cases, we process your postal contact details or your e-mail address or telephone number if applicable.
The legal basis for data processing is, insofar as you have given us your consent, Article 6(1)(a) of the GDPR or Article 6(1)(f) of the GDPR. Our legitimate interest is providing existing customers with our advertising.
You can object to the processing of your data for the purpose of advertising at any time for the future – also by e-mail to: info@nexaro.com.
4 Processing of personal data on the website
4.1 Making appointments online
You have the possibility on our website to make a request for an appointment to have a product demonstrated. We process the personal data from the input mask to exclusively process your request. This includes the following data:
Title, company name, position, last name and first name, postal address, e-mail address, telephone number, booked appointment (date, time and place), customer group.
The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. Our legitimate interest is to process your request.
4.2 Online shop
We provide the Nexaro online shop on our website. For the purposes of order processing and, if applicable, as part of customer support, we process your personal data to execute the contract:
Salutation; company name or last name, first name; postal address; e-mail address; date of birth; optional: different delivery address.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.
4.2.1 Online shop customer account
Within the scope of our online shop, we offer you the possibility to create a customer account and use the associated functions.
For the registration and provision of the customer account, the following personal data is processed by us: Salutation; company name; last name, first name; postal address; VAT identification number; password; information on the delivery address; phone number and e-mail address.
As a registered user, you also have the possibility to change the address data stored about you at any time and to trigger the dissolution of the customer account.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.
4.2.2 Disclosure of data to payment service providers and logistics partners
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you opt for a payment method offered through the payment service provider Shopify Payments, the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, handles the payment.
For the purpose of payment processing, we transmit the following data to the respective payment service provider: Company name, last name, first name; postal address; credit card number, account number if applicable, bank code, invoice amount, currency and transaction number, order data.
Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this.
For more information on Shopify Payments' privacy policy, please click here. For data protection information about Stripe Payments Europe Ltd., click here.
We additionally transmit the following data to our logistics partners and postal service managers for the purpose of delivering the shipment of ordered goods: Company name, last name, first name; postal address; e-mail address; content of the shopping cart.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR. Our legitimate interest is payment processing or the delivery of goods.
4.2.3 Fraud prevention
As part of the ordering process, we process your data for the execution of the contract for possible fraudulent and/or abusive behavior. In doing so, we check identity details, addresses and, if applicable, credit card information as a fraud prevention measure and to ensure the deliverability of the selected goods.
The legal basis for the processing of data within order processing is Article 6(1)(f) of the GDPR. The legitimate interest is to identify and prevent fraudulent and/or abusive activities.
4.2.4 Protection against sanctions
We are obliged to match order data with personal sanction lists / embargoes in order not to provide any listed persons with economic or financial resources and to ensure compliance with foreign trade law.
The legal basis for the processing of data within order processing is Article 6(1)(c) of the GDPR.
4.2.5 Credit check
If we make an advance performance by delivering goods on the basis of the payment method selected by you, we will process the data entered by you in the context of the ordering process with the aim of achieving a decision in this respect on the establishment, execution or rejection of a contractual relationship.
This involves transmitting your company data and invoice data (company name; legal form; business address; representatives, contacts and contact details; invoice data) to Creditsafe Deutschland GmbH (Schreiberhauer Str. 30, 10317 Berlin – Creditsafe) for an assessment of the risk of payment default. As part of the credit check, we will receive information on past payment behavior and on the assessment of the risk of payment default based on scoring. The scoring is based on a mathematical-statistically recognized and proven method in which your aforementioned inventory data as well as any payment experience data are used at different weights. The described score procedure is carried out in accordance with the data protection requirements. The calculated score value is not transmitted to us as a mere number but is encrypted using predefined parameters. Depending on this information, we will then accept or reject an uncertain payment method that you have chosen in the order process.
For detailed information about Creditsafe within the meaning of Article 14 of the GDPR, i.e., information on the business purpose for purposes of data storage, on the data recipients, on the right of self-inquiry, on the right to erasure or correction, etc., please visit here.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR. Our legitimate interest is to prevent default.
4.3 Newsletter
You can subscribe to the free newsletter by entering your e-mail address on our website. Your e-mail address will be sent to us when you register for the newsletter; we use a double opt-in procedure for the registration process.
The legal basis for the processing of data within order processing is Article 6(1)(a) of the GDPR. The text of the statement of consent reads:
"[ ] Yes, I would like to regularly receive the latest information in the newsletter about Nexaro products and services. I can revoke this consent at any time with effect for the future, I can find the link to manage my consent at the end of every newsletter issue."
5 Processing of personal data in Nexaro HUB
On our platform, we provide Nexaro-HUB services. As part of the execution of the contract, personal data will be processed by us, unless this is done within the scope of order processing.
5.1 Registration and customer account
The use of the Nexaro HUB requires the registration and creation of a customer account. Within the scope of the registration and carrying out the user relationship, the following personal data will be processed by us:
Salutation; company name; last name, first name; postal address; VAT identification number; password; phone number and e-mail address.
As a registered customer, you also have the possibility to change the address data stored about you at any time and to trigger the dissolution of the customer account.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.
5.2 Fraud prevention, sanctions protection, credit assessment
Within the scope of contract conclusion, we also process your data for the purposes of fraud prevention, credit assessment or protection against sanctions (cf. clauses 4.3.2f).
5.3 Use of services
As a registered user, you can use the Nexaro HUB services within the framework of the existing user relationship. In order to use the services as intended, your devices connect to the technical infrastructure of the Nexaro HUB. For the purpose of providing the possibility of using the services, for billing and service purposes, different categories of data are processed.
This includes identification data for the purpose of establishing and using the services to identify user accounts and end devices, e.g., your user ID, device and system IDs of your endpoints and mobile modules; communication information required to connect the terminals to the technical infrastructure; location data for the provision and management of the technical connection or location-based services or usage data for billing purposes.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR.
5.4 Further development of products and services
To ensure customer service and further develop our services and products, we analyze device data and service information. The processing of device data takes place in principle without personal reference.
The legal basis for the processing of data within order processing is Article 6(1)(b) of the GDPR. The legitimate interest is to ensure and optimize customer service and the quality of products and services.
6 External content and analysis tools
6.1 Google Maps
With your consent, we use the Google Maps map service on our website. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
For more information on this service, please visit our Consent Management.
6.2 YouTube Video
We integrate YouTube content in our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you access a page on our website that has an embedded video, a connection to the Google servers is established. If you have a Google account and are logged into it, this information is assigned to your Google account. You can prevent this by logging out of your Google account before visiting our website. For further information on data processing and data transmission by Google, please go here.
The legal basis for the provision of YouTube content on our website is Article 6(1)(1)(f) of the GDPR. Our legitimate interest is providing third-party content.
6.3 Google Analytics
With your consent, we use Google Analytics on our website to analyze it. Google Analytics is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
For more information on this service, please visit our Consent Management.
6.4 Google Signals
With your consent, we use Google Signals on our website in order to obtain cross-device information about your visit to our website. Google Signals is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
For more information on this service, please visit our Consent Management.
6.5 Hotjar
With your consent, we use the analysis service Hotjar on our website. Hotjar is a service of Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta (Hotjar).
For more information on this service, please visit our Consent Management.
6.6 Microsoft Clarity
With your consent, we use the Microsoft Clarity analysis service on our website. Microsoft Clarity is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.
For more information on this service, please visit our Consent Management.
6.7 Third-party advertising
With your consent, we use the advertising services of third parties.
For more information on these services, please visit our Consent Management.
7 Note on security
We will protect your data against unauthorized access, loss and destruction by technical and organizational measures. Our security measures are continuously improved in line with the technological developments.
Last updated: December 17, 2022