e-Privacy Page
Privacy policy for the Internet website and the online shop of Nicola Metzger GmbH
Data protection is very important to Nicola Metzger and we want to be open and transparent when processing your personal data.
The information in this privacy policy applies to the processing of personal data on or via our website and our online shop and is intended to inform you in particular about the scope of processing, the processing purposes, recipients, legal basis, storage periods and your rights.
Personal data is any information relating to an identified or identifiable natural person, i.e. a person (hereinafter also referred to as "data subject"), including, for example, your name, address or email address. “Processing" of personal data means in particular the collection, storage, use and transmission of such data.
- Name and address of the person responsible (controller)
The person responsible (controller) within the meaning of the European Union General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is
Nicola Metzger GmbH
Kastanienallee 76
10435 Berlin
Telefon: +49 (0) 30 956 23155
E-Mail: welcome@nicolametzger.com
- General information on data processing
- Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of ours or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
- Data deletion and storage duration
The personal data of the data subject will be deleted or the processing restricted as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European Union or national legislator in regulations, laws or other provisions to which the data controller is subject.
- Data processing in the provision of the website and log files
- Description and scope of data processing
Whenever our website is called up, our system automatically collects data and information from the computer system of the calling device (computer, smartphone, tablet etc.).
The following data is collected:
- Iiformation about the browser type and version used
- the operating system
- the Internet service provider
- the IP address of the machine
- date and time of access
- page from which the file was requested
- names of the downloaded files
- transmitted data volume
- access status codes (Http status codes)
This data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
- Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
- Purpose of the data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website and its contents to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.
In addition, the data in the log files serves us to optimise the website and to ensure the security of our information technology systems.
These purposes also constitute our legitimate interest in data processing.
- Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the relevant session has ended.
- Contact form, email contact and telephone contact
- Description and scope of data processing
You can contact us using the email address(es) provided on our website and the contact form. In this case, the personal data transmitted with the email or via the contact form will be stored and processed.
You can also contact us on the telephone numbers provided. In the case of telephone contact, we usually collect the data you provide us with or which is automatically transmitted with your call in the context of notes of the conversation. This includes your name, your request and your telephone number.
- Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending a message by email or contact form is Art. 6 para. 1 lit. f GDPR. If the purpose of the message is the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
- Purpose of the data processing
The processing of personal data serves us to process the contact. This is also the reason for the necessary legitimate interest in the processing of the data.
- Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by email or contact form, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been conclusively clarified.
If, in the course of communication, data is created that we are obliged to store or retain due to e.g. tax, budgetary or other regulations, it will only be deleted after the respective legal retention or storage periods have expired. The legal basis for this storage is Art. 6 para. 1 lit. c GDPR.
- Orders in our online shop
- Description and scope of data processing
When you order goods from our online shop, we process the data that you send us in the context of the respective order. This data can be seen from the queried form fields and includes in particular, name, delivery and invoice address, if applicable payment data and which product(s) and at which price was (were) purchased.
- Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. b and f GDPR.
- Purpose of data processing and duration of storage
We use the data of the respective order to execute and invoice it. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR.
After execution, invoicing and payment of an order, we will continue to store the data for as long as we are obliged to do so by tax, commercial or other regulations. Only after this time will the data be deleted. The legal basis for this storage is Art. 6 para. 1 lit. c GDPR.
- Customer account
- Description and scope of data processing
When you open a customer account on our website, we collect the data that can be seen from the queried form fields, among other things:
(1) Name
(2) Email address
(3) Password
We also store your order history in addition to your customer account, i.e. the details of the orders you have placed via the customer account and the shipping and billing addresses you have provided.
- Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. b and f GDPR.
- Purpose of the data processing
We use the data to provide you with your customer account, including the order history. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR.
- Duration of storage
We store the data until you delete your customer account with us. If you wish to delete your account, simply send an email to welcome@nicolametzger.com . After deletion, the customer account and the order history are no longer accessible.
We will delete a customer account if it has been inactive for more than five years, i.e. no orders have been placed via the customer account during this period and the customer has not logged in during this time.
- Newsletter
- Description, scope and purpose of data processing
If you register for our newsletter, we use the data you provide for this purpose to send you our regular email newsletter.
- Legal basis of the data processing and duration of the storage
The legal basis for the processing of data for the newsletter dispatch is to be sent your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described in this privacy policy or by using a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data or we reserve the right to use your data in ways that are legally permitted and about which we inform you in this declaration.
- Categories of recipients of personal data
When you order goods in our online shop, we pass on the data required for delivery to the delivery company commissioned with the dispatch. For the handling of payments, the necessary data is passed on to the respective payment companies.
For the provision of our Internet website and the contact options offered, the online shop and the customer accounts as well as our newsletter, we make use of various service providers, including host providers and email providers, who process the data stored by them exclusively on our behalf as processors in accordance with Art. 28 GDPR.
- Rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible (controller) (as the case may be, if further conditions laid down in the relevant regulations are met):
- The right of access under Art. 15 GDPR
- The right of rectification under Art. 16 GDPR
- The right to erasure ("right to be forgotten") under Art. 17 GDPR
- The right to restriction of processing under Art. 18 GDPR
- The right to information under Art. 19 GDPR
- The right to data portability according to Art. 20 GDPR
- The right not to be subject to automated individual decision-making according to Art. 22 GDPR
- The right to revoke consent to the processing of personal data in accordance with Art. 7 para. 3 GDPR
To assert these rights, please contact the contact details provided.
Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the European Union Member State in which you are resident, your place of work or the place of the suspected infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.
- Right of objection
Insofar as we process personal data as explained above in order to safeguard our legitimate interests which prevail in the context of a weighing of interests, you can object to this processing with effect for the future, but only if there are reasons arising from your particular situation. If the processing is carried out for direct marketing purposes, you may exercise this right at any time, even without such reasons.
After justified exercise of your right to object, we will not process your personal data further for these purposes, unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims. This restriction does not apply if the processing is for direct marketing purposes.