Privacy policy
As the operator of this website and as a company, we process personal data. This means all data that says something about you and can be used to identify you. In this privacy policy we explain how, for what purposes, and on which legal basis we process your data.
The controller responsible for data processing on this website and in our company is:
Niccos GmbH
Ida-Frank-Straße 4
79206 Breisach am Rhein
Germany
Phone: +49 173 2634188
Email: kontakt@niccos.com
Whenever you enter data on websites, place online orders, or send emails over the internet, unauthorized third parties may theoretically access your data. Complete protection against such access is not possible. We nevertheless take appropriate measures to protect your data as well as we can and to close security gaps where this is within our control. One important protection mechanism is SSL or TLS encryption on our website. It ensures that data you transmit to us cannot be read by third parties. You can recognize encryption by the lock icon in your browser and by the fact that our internet address starts with https:// instead of http://.
Payment data, such as bank account or credit card numbers, is particularly sensitive. Payment transactions using common payment methods are therefore processed only via encrypted SSL or TLS connections.
In some parts of this privacy policy we state how long we, or companies processing data on our behalf, store your data. If no specific period is stated, we store your data until the purpose of processing no longer applies, you object to the processing, or you withdraw your consent.
If you object or withdraw consent, we may continue processing your data where at least one of the following applies:
- We have compelling legitimate grounds for continuing the processing that override your interests, rights, and freedoms.
- The processing is required to establish, exercise, or defend legal claims.
- We are legally required to retain your data.
On our website we also use tools from companies that transfer your data to the USA, store it there, and may process it further. The European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework. This decision states that the USA ensures an adequate level of protection for personal data transferred from the EU to certified US companies. The decision is based on safeguards and measures introduced by the USA to meet data protection requirements. You can view a list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search
Where this privacy policy states that we process data on the basis of legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to that processing under Art. 21 GDPR. This also applies to profiling based on that provision.
If you object, we may no longer process your data unless one of the following applies:
- We can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
- The processing serves to establish, exercise, or defend legal claims.
Many data processing operations are based on your consent. You may give consent, for example, by ticking a checkbox before submitting an online form or by allowing certain cookies when visiting our website. You may withdraw your consent at any time without giving reasons (Art. 7(3) GDPR). From the point of withdrawal, we may no longer process the data based on that consent. The only exception is where we are legally required to retain the data for a certain period.
If you believe that we have violated the General Data Protection Regulation (GDPR), you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. You may contact a supervisory authority in the member state of your residence, your workplace, or the place of the alleged infringement.
Data that we process automatically on the basis of your consent or to perform a contract must be provided to you, or to a third party, in a commonly used machine-readable format if you request this. We can transfer data directly to another controller only where this is technically feasible.
Under Art. 15 GDPR, you have the right to obtain information free of charge about the personal data we store about you, where the data comes from, who receives it, and the purpose for which it is stored. If the data is inaccurate, you have the right to correction (Art. 16 GDPR). Under the conditions of Art. 17 GDPR, you may request deletion of the data.
In certain situations you may request that we restrict the processing of your data under Art. 18 GDPR. Apart from storage, the data may then be processed only as follows:
- with your consent
- to establish, exercise, or defend legal claims
- to protect the rights of another natural or legal person
- for reasons of important public interest of the European Union or of a member state
Our website is hosted on servers operated by the following internet service provider:
Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32, Ireland
The host stores all data from our website. This also includes personal data collected automatically or through your input, in particular your IP address, pages accessed, names, contact details and inquiries, as well as metadata and communication data.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Content delivery network (CDN) with domain name system (DNS)
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
We use Cloudflare services for our website. The global content delivery network helps deliver content quickly. Cloudflare may also come into contact with personal data in this context.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.cloudflare.com/privacypolicy/
Content delivery network (CDN) provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://cloud.google.com/terms/cloud-privacy-notice
Our website places cookies on your device. Cookies are small text files used for different purposes. Some cookies are technically necessary for the website to function. Others are required to provide certain actions or functions on the site. Additional cookies may be used to analyze user behavior or optimize advertising measures.
If you disable or reject cookies, the functionality of the website may be limited.
Legal basis: Art. 6(1)(f) GDPR for necessary and functional cookies, and Art. 6(1)(a) GDPR for all other cookies where consent is required.
Consent management platform (CMP) for collecting and processing GDPR-compliant consent.
Legalcore AG, Reinhardtstr. 7, 10117 Berlin, Germany
Legal basis: Art. 6(1)(c) GDPR. Further information: Legal Cockpit privacy information
Server log files record requests and access to our website. These files may include browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and IP address, where applicable in anonymized form.
Legal basis: Art. 6(1)(f) GDPR.
You can send us a message using the contact form on this website. We store your message and the details submitted through the form so that we can process your inquiry, including any follow-up questions.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
Instant messaging service. WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication is end-to-end encrypted. WhatsApp may nevertheless access metadata relating to the communication process.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. Further information: https://www.whatsapp.com/legal/#privacy-policy
Instant messaging service. Slack Technologies Limited, Salesforce Tower, 60 R801, North Dock, Dublin, Ireland.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. Further information: Slack privacy policy
Appointment scheduling tool. Calendly LLC, 88 N Avondale Road #603, Avondale Estates, GA 30002, USA.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://calendly.com/pages/privacy
Appointment scheduling tool. Cal.com, Inc., 2261 Market Street, #4382, 94114 San Francisco, USA.
Legal basis: Art. 6(1)(f) GDPR. Further information: Cal.com privacy policy
Customer relationship management (CRM) platform. HubSpot Inc., 25 Street, Cambridge, MA 02141, USA.
We use HubSpot CRM to record, organize, and analyze customer interactions across email, social media, phone, and other channels.
Legal basis: Art. 6(1)(f) GDPR. Further information: HubSpot privacy policy
CRM platform. A&M Sales Solutions GmbH, Großer Kolonnenweg 18, 30163 Hannover, Germany.
Legal basis: Art. 6(1)(f) GDPR. Further information: umsatz.io privacy information
CRM platform. A&M Sales Solutions GmbH, Großer Kolonnenweg 18, 30163 Hannover, Germany.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.close.com/privacy
To use certain functions or offers on our website, you may need to register. We store the data you provide during registration and use it to provide the respective function or offer.
Legal basis: Art. 6(1)(b) GDPR.
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
You may register on our website using Google. To do so, you log in to your Google account via the relevant button using your name and password.
Legal basis: Art. 6(1)(a) GDPR. Further information: https://policies.google.com/privacy
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Legal basis: Art. 6(1)(a) GDPR. Further information: Meta privacy policy
You may have the option to comment on content on our website. If you leave comments, we store your comment, email address, time of comment, and IP address.
Legal basis: Art. 6(1)(a) GDPR.
Review badge and online service. Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.
Legal basis: Art. 6(1)(f) GDPR. Further information: Trustpilot privacy terms
Review platform. Trusted Shops AG, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany.
Legal basis: Art. 6(1)(a) GDPR. Further information: Trusted Shops privacy policy
Form tool. TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://admin.typeform.com/to/dwk6gt
Form tool. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://policies.google.com/
Form tool. Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, California 94111, USA.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.jotform.com/gdpr-compliance/dpa/
We may use social media plugins on our website. Because of these embedded plugins, a connection to the servers of the respective social networks may be established when you visit our website. The operators may learn that our website was accessed from your IP address.
Legal basis: Art. 6(1)(f) GDPR or Art. 6(1)(a) GDPR where consent is required.
Networks used: Facebook, X (Twitter), Instagram, Tumblr, LinkedIn, Pinterest, Xing, SoundCloud.
Tag management system. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager does not create user profiles, place cookies on your device, or analyze your behavior itself. It may, however, process your IP address.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://policies.google.com/privacy
Tool for analyzing user behavior. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google Analytics to optimize our website. To collect data, Google Analytics may use cookies, device fingerprinting, or other technologies to recognize users.
Browser plugin to prevent data collection: https://tools.google.com/dlpage/gaoptout?hl=en
Legal basis: Art. 6(1)(f) GDPR. Further information: https://support.google.com/analytics/answer/6004245?hl=en
Tool for analyzing user behavior. Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.
Opt-out: https://www.hotjar.com/opt-out
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.hotjar.com/privacy
Online advertising program. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://policies.google.com/privacy?hl=en
Service for integrating advertisements, including non-personalized ads. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://policies.google.com/privacy?hl=en
Tool for analyzing user behavior. Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Opt-out with a Facebook account: Ad preferences
Without an account: European Interactive Digital Advertising Alliance
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.facebook.com/about/privacy/
Tool for analyzing user behavior. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.linkedin.com/legal/privacy-policy
Tool for analyzing user behavior. TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.tiktok.com/legal/page/eea/privacy-policy/en
Tool for analyzing user behavior. Hyros, Inc., 13359 N Highway 183 Ste 406 #2008, Austin, Texas 78750, USA.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://hyros.com/privacy.html
Tool for analyzing user behavior. Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.facebook.com/about/privacy/
Audience targeting tool. Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.facebook.com/about/privacy/
Newsletter mailing service. Klaviyo Inc., 225 Franklin St, Boston, MA, 02110, USA.
If you want to receive our newsletter, we need your email address. The data is stored on a Klaviyo server in the USA. You can unsubscribe from the newsletter at any time.
Legal basis: Art. 6(1)(a) GDPR. Further information: https://www.klaviyo.com/legal/privacy
Newsletter mailing service. Cleverreach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.
Legal basis: Art. 6(1)(a) GDPR. Further information: https://www.cleverreach.com/en/privacy-policy/
Video platform. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. This means that Google only collects data after you start a video.
Legal basis: Art. 6(1)(f) GDPR. Further information: YouTube privacy
We use fonts from the US company Google on our website. The fonts are installed locally, so no connection to Google's servers is established when you visit our website. Further information: Google Fonts FAQ
Adobe Systems Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA.
The fonts are hosted on Adobe servers in the USA and are loaded directly by your browser.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://www.adobe.com/privacy/policies/adobe-fonts.html
Map service. Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Art. 6(1)(f) GDPR. Further information: https://policies.google.com/privacy
You may be able to communicate with us on our website via chat or chatbot. If you enter information in the chat window, the chatbot may analyze your input and additional data such as names, email addresses, customer numbers, IP address, and location information.
Services used: Salesforce Chatbot (salesforce.com Germany GmbH), Shopify Inbox (Shopify International Limited).
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
When we enter into a contract with you, we need certain personal data. For payment processing, we transfer your data to the respective payment service provider.
Payment services used: PayPal (PayPal Europe S.à.r.l. et Cie, Luxembourg), Apple Pay (Apple Inc., USA), Google Pay (Google Ireland Ltd., Ireland), Klarna (Klarna AB, Sweden), Shopify Payments (Shopify International Ltd., Ireland), Stripe (Stripe Payments Europe Ltd., Ireland), Mollie (Mollie B.V., Netherlands).
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
We use online conferencing tools to communicate with customers and prospects.
Tools used: Zoom (Zoom Communications Inc., USA), ClickMeeting (ClickMeeting Sp. z o.o., Poland), Google Meet (Google Ireland Ltd., Ireland).
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
We maintain publicly accessible profiles on social networks. If you visit one of our profiles, we and the operator of the respective network may be jointly responsible for data processing triggered by that visit.
Networks used: Facebook, Twitter, Instagram, LinkedIn, Xing, Pinterest, SoundCloud, YouTube, TikTok.
Legal basis: Art. 6(1)(f) GDPR.
