Privacy policy

Privacy Policy

1) Introduction & Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we process your personal data when you use our website. "Personal data" refers to all information that can be used to identify you personally.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

NextGenEcommerce Limited

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

If you use our website purely for informational purposes – i.e., you do not register or otherwise transmit information to us – we only collect the data that your browser transmits to our web server (so-called "server log files"). This includes:

  • The visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Referrer URL

  • Browser used

  • Operating system used

  • IP address (possibly anonymized)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not shared or otherwise used. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

3) Hosting & Content Delivery Network – Shopify

Our website is hosted by Shopify International Limited (Dublin, Ireland) and Shopify Inc. (Ottawa, Canada). All data collected through our website is processed on Shopify servers. We have concluded a data processing agreement with Shopify to ensure data protection and prevent unauthorized disclosure to third parties.

Data transfers to Canada are based on an adequacy decision by the European Commission.

4) Cookies

We use cookies – small text files stored on your device – to make your visit to our website more attractive and enable certain functions. Some cookies are deleted after closing the browser (session cookies), others remain stored (persistent cookies).

If cookies process personal data, this is done on the basis of:

  • Art. 6 (1) lit. b GDPR (contract performance),

  • Art. 6 (1) lit. a GDPR (consent), or

  • Art. 6 (1) lit. f GDPR (legitimate interest in functionality and user-friendly design).

You can configure your browser to notify you about the setting of cookies and to decide individually whether to accept them or to exclude cookies in general. Disabling cookies may limit the functionality of the website.

5) Contacting Us

If you contact us (e.g., by email or contact form), we process your personal data solely to handle and respond to your inquiry. The legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. If the contact is aimed at concluding a contract, Art. 6 (1) lit. b GDPR also applies. Your data will be deleted after final processing, provided that no statutory retention obligations exist.

6) Data Processing for Contract Fulfillment

6.1 Shipping & Payment

To fulfill the contract, we share your data (name, address, possibly phone number) with the shipping company and the financial institution responsible for payment (Art. 6 (1) lit. b GDPR). For digital products, we use your contact data to inform you of necessary updates (Art. 6 (1) lit. c GDPR).

6.2 Shipping Service Providers

For delivery purposes, we pass on your data (name, address, possibly phone number) to the shipping service provider chosen by you exclusively for delivery (Art. 6 (1) lit. b GDPR).

6.3 Payment Service Providers

Apple Pay
Handled via your Apple device using encrypted transmission (Art. 6 (1) lit. b GDPR). Apple stores no personal data – only anonymized transaction data for service improvement.

Masterpayment
For payments via Masterpayment LTD (London, UK), your payment and order data are processed under Art. 6 (1) lit. b GDPR. For certain methods (e.g., invoice or installment), additional data (name, address, birth date, etc.) may be processed for credit checks (Art. 6 (1) lit. f GDPR). You may object at any time.

PayPal
If PayPal is selected, processing is based on Art. 6 (1) lit. b GDPR. For some payment options (e.g., "Pay Later"), credit checks may be conducted (Art. 6 (1) lit. f GDPR). Objection is possible but does not override legal obligations.

PayPal Checkout
This may involve third-party payment providers. Processing is based on Art. 6 (1) lit. b GDPR. For financing or direct debit, credit checks may occur through providers like Ratepay.

Shopify Payments
Operated by Shopify International Limited (Ireland). Payment data is used exclusively for processing in accordance with Art. 6 (1) lit. b GDPR.

7) Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right to access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure ("right to be forgotten," Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7 (3) GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

7.2 Right to Object

If we process your data based on legitimate interests (Art. 6 (1) lit. f GDPR), you have the right to object at any time for reasons arising from your particular situation. For direct marketing, you may object at any time without stating reasons.

8) Duration of Storage of Personal Data

Storage duration depends on the legal basis and processing purpose.

  • With consent: until withdrawal (Art. 6 (1) lit. a GDPR)

  • For contract performance: as legally required (Art. 6 (1) lit. b GDPR)

  • For legitimate interest: until objection or legal necessity ends (Art. 6 (1) lit. f GDPR)

  • For direct marketing: until objection

Otherwise, data will be deleted when no longer necessary for the original purpose.