Privacy

The following text contains information on which personal data of visitors and users (hereinafter also referred to collectively as "users") of the website and the webshop of Nittel Halle GmbH, Hallesche Str. 6, 06122 Halle (Saale) (hereinafter also referred to as "Nittel") are processed in the context of the use of the website and its offers, and for what purposes this data is used.

In particular, the user receives information on the processing of personal data if he/she

visited the website (see section 1 below)
uses the webshop (see section 2 below)
Enquiries via contact form/e-mail/telephone to Nittel (see section 3 below)
newsletter services (see section 4 below)

Furthermore, he is informed about

the use of cookies (see section 5 below)
about Nittel's presence in social networks and the associated data processing (see section 6 below)
on the transmission and disclosure of data to other recipients (see point 7 below)
the rights of the user (see section 8 below)
Contact details of the controller, the data protection officer and the supervisory authority (see section 9 below)

Your data will be processed in accordance with the data protection regulations of the current version of Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR"). The terms used are based on formulations used when the GDPR was issued.

1. What data is processed by Nittel when you visit the website?

In order to be able to provide the online offer securely and efficiently, Nittel makes use of the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed.

When using the website, all collected data is stored by an external web hosting service provider. The data processed in the context of the provision of the hosting offer may include all information that is generated in the context of use and communication, such as the data in a contact form, data on the purchase in the webshop, etc. Details on this are described in the further sections and in the following point on the log files.

When the Nittel website is accessed, the servers automatically store various data about the accessing system ("access data").

The access data includes the following data:

IP address
Browser type and version
operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request

Purpose(s):

Nittel uses these access data to be able to make the website accessible, to detect and eliminate technical problems that occur and to prevent and, if necessary, prosecute misuse of Nittel's offer. In addition, Nittel reserves the right to use the access data in anonymized form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the website.

Receiver:

As a matter of principle, the data will not be passed on to third parties. In the event of illegal use of the website, however, Nittel reserves the right to pass on the data to law enforcement authorities, lawyers and courts.

The web host is Mittwald CM Service GmbH & Co. KG

Website: www.mittwald.de

The web host processes all data exclusively within the framework of Nittel's instructions as a processor within the meaning of Art. 28 GDPR.

Legal basis:

The legal basis for data processing is Art. 6 (1) (f) GDPR. Nittel's legitimate interest results from the data collection purposes listed above. As a matter of principle, Nittel does not use the collected data for the purpose of drawing conclusions about the user's person. However, Nittel reserves the right to check this data retrospectively if Nittel becomes aware of concrete indications of illegal use.

Storage period:

The access data is not stored unencrypted at any time.

2. What data is processed when using the Nittel webshop?

2.1 Registration and login to the customer account:

The purchase of Nittel's product range in the webshop requires the existence of a customer account. The customer account allows the user to store some master data about himself, which is required for every purchase. Furthermore, the user can independently manage the data stored in his customer account and thus keep it up-to-date and display details of the orders he has placed. The customer account is not public or, data stored in it cannot be found by search engines. The User may be informed by e-mail about processes relevant to their customer account, such as technical changes.

Categories:

The following data is collected and stored as part of the registration process:

Master data mandatory fields: company, last name, first name, postal address, telephone number, e-mail address, VAT ID
If applicable, different delivery address
Password
IP address and registration timestamp
Customer
Consent to the use of cookies

The User registers using the e-mail address provided and the password set by the User. The password is stored in encrypted form and cannot be viewed by Nittel. There is no logging of registrations.

Purpose(s):

Nittel processes the registration and login data for the purpose of enabling the user to shop in the webshop. The processing of registration and login data is also carried out for the purpose of guaranteeing the user and Nittel adequate protection against misuse. Registration and login data will not be passed on to third parties, apart from the web host (see section 1 above). In the event of misuse, however, it can be passed on to competent law enforcement and supervisory authorities as well as courts and lawyers.

Legal bases:

Nittel processes the registration and login data on the basis of the legitimate interests described above (Art. 6 para. 1 letter f) GDPR). The master data and delivery address are also required for the conclusion and execution of the purchase contracts and are therefore also processed on the basis of Art. 6 (1) (b) GDPR. processed. The legal basis for the processing of the data for the purpose of analysing surfing and purchasing behaviour is Art. 6 para. 1 sentence 1 letter a) GDPR if the user has consented.

Storage period:

At the request of the user, the customer account will be deleted. The deletion has the effect that the account at Nittel is anonymized in the relevant system (order management system), so that no personal data about the user is available there. The customer account is also deleted in the merchandise management system operated in parallel, provided that no order has been placed by the user in the webshop using the customer account. In the event that the customer account has been used to place at least one order, Nittel is obliged to retain booking-relevant data for six to ten years due to statutory retention obligations under the German Commercial Code and the German Fiscal Code. The latter also applies in the event of a reversal or cancellation of the order.

2.2 Triggering orders:

Registered users have the option of ordering products from the webshop via their customer account. For this purpose, the data that is marked as mandatory fields in the input masks in the webshop is required. In this respect, this includes the user's information on the master data, the delivery address and information on the purchased items, the quantity, price information and payment data (in the case of payment processing without the involvement of a payment service provider) as well as at the time of purchase. The aforementioned information is stored in the user's customer account and can be viewed by the user. Furthermore, Nittel stores information about the status of the order (e.g. goods shipped, payment received, etc.).

Purpose(s):

The data is processed for the establishment, execution and termination of purchase contracts between Nittel and the user.

Recipients:

If Nittel offers the payment method "purchase on account" and is used by the user, Nittel will carry out a credit check. The creditworthiness check is carried out by using the relevant services of credit agencies, which receive the necessary data from Nittel. This includes the address data used by the user to check accuracy and to compare it with negative lists and collection data. Nittel exclusively uses Creditreform as a credit agency, whose privacy policy can be viewed under https://www.creditreform.de/datenschutz. The data requested as part of the credit check will be stored by Nittel for as long as their knowledge is necessary to fulfil the purpose for which they were stored. As a rule, knowledge is necessary for an initial storage period of three years. After expiration, it is checked whether storage is still necessary, otherwise the data will be deleted on a daily basis. In the event that a matter is settled, the data will be deleted three years after it has been dealt with on a day-to-day basis. Pursuant to Section 882e of the Code of Civil Procedure, entries in the register of debtors are deleted on a day-to-day basis after the expiry of three years from the date of the registration order. The legal basis for data processing in the context of the credit check is Art. 6 (1) (f) GDPR. Nittel's legitimate interest arises from the economic risks for Nittel in the event of a payment default by the user.

In order to carry out payment transactions, the User's data must be transmitted to the payment service provider commissioned by Nittel to the extent necessary (for more details, see Section 2.3 below).

For the delivery of the ordered goods, Nittel works together with transport and logistics service providers. In particular, Nittel uses the service providers United Parcel Service of America (UPS for short) (Privacy Policy: https://www.ups.com/de/de/support/shipping-support/legal-terms-conditions/privacy-notice.page) as well as Federal Express Corporation (FedEx for short) (Privacy Policy: https://www.fedex.com/de-de/privacy-policy.html) and DHL Paket GmbH (Privacy Policy: https://www.dhl.de/de/toolbar/footer/datenschutz.html). The companies receive the necessary delivery data, such as name and (delivery) address as well as e-mail address and telephone number, in order to be able to coordinate delivery with the user.

Legal basis:

The processing of data for contractual purposes is carried out on the basis of Art. 6 (1) (b) GDPR.

Storage period:

Due to the legal provisions of the German Fiscal Code and the German Commercial Code, Nittel is obliged to store data and documents relevant to billing and accounting for ten years. This essentially concerns the above-mentioned mandatory information on the individual sale and the time of delivery of the goods and their payment. All non-tax-relevant information is deleted after the purpose ceases to apply, in the case of communication histories after 36 months at the latest.

2.3 Details of the payment service providers used

Nittel offers payment in the webshop via the online payment service PayPal.

The provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). If the user selects payment via PayPal, he is redirected to a transfer platform connected to the webshop, which in turn forwards to PayPal to enter the payment data.

In addition, Nittel automatically transmits further user data necessary for payment processing to PayPal via the webshop. This is usually the user's company, last name, first name, postal address, telephone number, e-mail address, VAT ID, as well as data related to the respective order.

The transfer platform is operated by the service provider:

Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, The Netherlands

operated. For more information on Mollie's handling of personal data, please refer to Mollie's privacy policy at: https://www.mollie.com/de/privacy.

Further information on the handling of personal data by PayPal can be found in the privacy policy of PayPal at: https://www.paypal.com/at/webapps/mpp/ua/privacy-full.

Nittel does not receive any account or credit card-related information. Nittel will only receive information to confirm the payment or reject the payment.

Nittel will only receive the User's account data in the following cases: In the case of payment on account and if Nittel asks for the account details in order to repay any credit balance in the course of a reversal of an order.

The processing of data for contractual purposes is carried out on the basis of Art. 6 (1) (b) GDPR.

3. What data is processed for inquiries via contact form/e-mail/telephone?

There are contact forms on the Nittel website that can be used to contact us electronically. If the user makes use of this option, the data entered in the input mask will be transmitted to Nittel and stored. These data are:

Categories:

If the user contacts Nittel via the email address provided, the user's personal data transmitted with the email will be stored. If users contact Nittel by telephone, the telephone number, time and duration of the telephone call as well as the contents of the conversation are generally collected and recorded in electronic form as a call note.

Purpose(s):

The processing of the personal data from the input mask as well as the data transmitted in the course of sending an e-mail serves Nittel to process the request. The same applies to the data collected in the course of a telephone call. The other personal data processed during the submission process only serve to prevent misuse of the contact form and to ensure the security of the information technology systems.

Receiver:

It will not be passed on to third parties.

Legal basis:

The legal basis for the processing of the data transmitted in the course of sending a contact form is Art. 6 para. 1 sentence 1 letter f) GDPR. Nittel's legitimate interest is to respond appropriately to contact requests. If the contact via the contact form is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 letter b) GDPR.

Storage period:

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have been conclusively clarified. The necessity of further storage is reviewed regularly and on a case-by-case basis. If the contact requests are related to a contractual relationship, Nittel will keep the data as business letters for six years. Individual call records for outgoing telephone calls can be relevant to billing under commercial and tax law and are kept for ten years in this case.

4. What data is processed when using the newsletter service?

In order to use Nittel's newsletter service, the user must register for it in a so-called double opt-in procedure. After registering, they will receive an e-mail asking them to confirm their registration. This confirmation is necessary so that no one registers with someone else's e-mail addresses and Nittel can provide proof of consent.

The login process is logged with the following data:

E-mail-address
IP address
Unique user ID
Date of registration
Date of confirmation

The processing of the data is generally carried out for the purpose of delivering the newsletter and managing the registrations and unsubscriptions.

Legal basis

Nittel processes the user's e-mail address on the basis of his or her consent (Art. 6 para. 1 letter a) GDPR). Consent can be revoked at any time. Nittel processes the remaining (technical) data in its legitimate interest in accordance with Art. 6 (1) (f) GDPR in order to be able to comply with accountability and documentation obligations under the GDPR.

Storage period

At the time of subscribing to the newsletter, Nittel will process the entered e-mail address as well as the technical data at the time of registration for the purpose of the data protection check on the basis of the legitimate interest, for the time being. By unsubscribing from the newsletter, the stored data will be deleted immediately.

5. What are cookies and how are they used?

5.1 General

Cookies are used on the Nittel website. Cookies are small text files that are stored in the user's internet browser or by the internet browser on the user's computer system. Cookies are downloaded when the user accesses the Nittel website. The cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again.

Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves the online offer and closes his browser. For example, the login status can be stored in such a cookie. "Persistent" or "persistent" refers to cookies that remain stored even after the browser has been closed. In this way, a login status can be stored, for example, if a user visits the website after several days. Likewise, such a cookie can store the user's interests, which are used for informational purposes. If the website is accessed again from the same device, the cookie is sent back either to the website that generated it (first-party cookie) or to another website to which it belongs (third-party cookie). The cookie allows the website to recognize that it has been visited before with this browser and can, among other things, improve the user experience when it is visited again. Cookies can tailor the content displayed on the website to the user's personal interests and needs.

The user can decide for himself whether the browser he uses allows cookies or not. Stored cookies can be deleted in the system settings of the browser. The functionality of websites may be limited or even cancelled if cookies are not allowed.

When accessing the Nittel website for the first time, the user is informed about the use of cookies via an information banner. The Nittel website uses different groups of cookies. In this respect, the user is given the following selection option ("Technically necessary", "Marketing" and "Comfort functions") by means of an information banner and the user is also given the choice between "Accept all cookies" and "Save". If the user does not want a particular cookie or group of cookies to be used, they can opt-out from the selection options and then select "Save". The user cannot influence the use of necessary functional cookies. The cookies are only used after the user has made the aforementioned selection.

5.2 Detailed information on the cookies used on the website

Depending on your consent, the following types of cookies may be used on the Nittel website.

Necessary cookies ("Technically Necessary")

Nittel uses cookies that are necessary for technical functionality and the detection of errors and security-related anomalies.

The legal basis for the processing of personal data using technically necessary cookies is Section 25 (2) TDDDG in conjunction with Article 6 (1) (f) GDPR. Our legitimate interest lies in the purposes of data processing mentioned under 2.

Integration of third-party services

On the basis of Nittel's legitimate interests (i.e. Nittel's interest in the analysis, optimization and economic operation of the online offer within the meaning of Art. 6 para. 1 letter f) GDPR), Nittel uses content or services offered by third-party providers within the website in order to integrate their content and services, such as videos or fonts.

Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google's servers. In this way, Google becomes aware that the Nittel website has been accessed via the user's IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of Nittel's online offering. If your browser does not support Web Fonts, a default font will be used by your computer. Further information on Google Web Fonts can be found under https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Analytics 4

This website uses functions of the web analysis service Google Analytics 4. The responsible service provider in the EU is Google Ireland Limited (hereinafter also referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

By default, Google Analytics 4 uses so-called "cookies", which are text files that are stored on your computer/device and enable an analysis of your use of the website. The information generated by the cookie about your use of this website will be transmitted to a Google server and stored there, which may also be transmitted to the servers of Google LLC in the USA.

We use Google Analytics 4 to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

Google Analytics 4 is configured to anonymize your IP address. Your IP address will therefore be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet use to the website operator. Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of users of our website via a special function, the so-called "demographic characteristics", based on an evaluation of interest-based advertising and with the use of third-party information. This makes it possible to identify and differentiate user groups of the website for the purpose of targeting marketing measures in a way that is optimized by the target group. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and therefore not to you personally.

The IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

We would like to point out that the use of cookies for the purpose of data processing in the context of Google Analytics 4 is only legally permissible based on your prior consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG. You will therefore be asked to give your consent to this as part of the consent management we use. You can revoke your consent at any time with effect for the future. This does not include data processing that took place before the revocation. To exercise your withdrawal, please disable this service in the "Cookie Consent Tool" provided on the website.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

We have concluded a contract data processing agreement with Google Ireland Limited. If personal data is transferred from Google Ireland Limited to Google LLC in the USA, the data transfer will take place due to the certification of Google LLC according to the "EU-US Data Privacy Framework (DPF)" based on the adequacy decision for the USA.

The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be found under the following link: https://www.privacyshield.gov/EU-US-Framework.

The data collected in the context of the use of Google Analytics 4 will be automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month.

6. Online presence in social media

Nittel maintains online presences (hereinafter referred to as "social media profiles") within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about Nittel's services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. The operation of the social media profiles is necessary to make Nittel's offer more attractive, to enable targeted and balanced public relations work and for the purpose of recruitment.

Legal bases:

The processing of the user's personal data by Nittel is carried out on the basis of the legitimate interests in effective information and communication. The legal basis for the processing of the user's data on the social media platform is Art. 6 para. 1 letter f) GDPR.

If the user is asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis for the processing is Art. 6 para. 1 letter a) GDPR, Art. 7 GDPR.

If the contact via the social media presence involves requests for quotations or an existing customer relationship between the user and Nittel, the legal basis for the processing of personal data is Art. 6 (1) ( b) GDPR.

Storage period:

The User's personal data will only be used for as long as is necessary to achieve the underlying purpose or as long as the User has not withdrawn the consent. In the event of an objection to the processing, Nittel will delete the personal data, unless further processing is still permitted by law. As soon as the personal data is no longer required for the purposes pursued by Nittel and no other legal basis (retention periods under commercial and tax law) applies. Nittel deletes the data.

7. Transmission and disclosure of personal data to other recipients

In addition to the cases explained in this Privacy Policy, Nittel transfers personal data to affiliated companies (in particular sister companies). A transfer takes place in particular if a request of the user concerns business areas/products of the respective affiliated company (e.g. queries by the customer about a product manufactured by a sister company and distributed by Nittel).

Beyond the cases explained in this privacy policy, Nittel will only pass on the user's data to third parties without the express consent of the user if Nittel is obliged to do so by law or an official or court order.

Legal bases:

The processing of the User's personal data by Nittel is carried out on the basis of the legitimate interests in providing an effective service to the User. The legal basis for the processing of the User's data is Art. 6 (1) ( f) GDPR. In the event of data disclosure on the basis of a statutory, official or court order, the legal basis for the processing of the user's data is Art. 6 para. 1 letter f) and letter c) GDPR.

8. Rights of the user

The user has the following rights or claims. Your claim will be processed immediately and will not lead to any disadvantages for the user.

Right to information (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to object (Art. 21 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18f. GDPR)
Right to data portability (Art. 20 GDPR)

If the user has consented to the processing by the controller by means of a corresponding declaration, he can revoke his consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent before the revocation is not affected by the revocation of the consent.

The user also has the right to lodge a complaint with a data protection authority if he or she believes that Nittel's processing of personal data concerning him or her violates the GDPR. In addition to the data protection authority responsible for Nittel (see section 9 below), the supervisory authorities of the user's habitual place of residence, the user's place of work and the place of the alleged infringement are responsible for this. Further regulations on the complaint procedure can be found under Art. 77 GDPR.

9. Responsible body

The responsible body for the lawfulness of data processing is:

Nittel Halle GmbH
Hallesche Str. 6, 06122 Halle (Saale)
E-mail-address: info@nittel.com
Phone: +49 (0) 345 20565-30
Fax: +49 (0) 345 20565-44

The contact details of the data protection officer for Nittel are:

DataCo GmbH Nymphenburger Str. 86
80636 Munich
Germany
+49 89 452459-900
info@consulting.dataguard.de
www.dataguard.de

The State Commissioner for Data Protection Saxony-Anhalt is the responsible supervisory authority. It monitors compliance with data protection law in the non-public sector in Saxony-Anhalt. The user has the option of contacting the supervisory authority at any time.

The contact details of the supervisory authority are:

State Commissioner for Data Protection Saxony-Anhalt.
Postal address: Postfach 1947, 39009 Magdeburg
Phone: 0391 81803-0
E-mail: poststelle@lfd.sachsen-anhalt.de
Internet: www.datenschutz.sachsen-anhalt.de

10. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that the user sends to Nittel as the site operator. An encrypted connection can be recognized by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that the user transmits to Nittel cannot be read by third parties.

11. Changes to the Privacy Policy

Nittel reserves the right to adapt this data protection declaration to changed factual or legal conditions if necessary.

Stand: January 2026