CCPA Compliance

 

1. data protection at a glance
General information
The protection of personal data is very important to us. Whether data is collected and for what purpose it is processed is explained in the following data protection statement. We comply with all applicable legal provisions on the protection of personal data and data security. Our employees also receive extensive training and are obliged to maintain confidentiality and comply with all data protection regulations.

The legal basis for data processing is Art. 6 (1) a) and Art. 7 EU-DSGVO for consents, Art. 6 (1) b) EU-DSGVO for the fulfilment of services and performance of contractual obligations, Art. 6 (1) c) EU-DSGVO for the fulfilment of legal obligations and Art. 6 (1) f) EU-DSGVO for the protection of legitimate interests.

Data collection on our website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator:

Ickert & Kinast GbR

Wallbergstr. 36

81539 Munich

service@ninarein.com

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website:

Server log files

During the informational use of the ninarein.com website i.e. even if you do not log in to use the website, register or otherwise provide us with information, we collect data that your browser transmits to enable you to visit the website ("server log files"). These are:


- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- browser
- Operating system and its interface
- Language and version of the browser software.



The legal basis for data processing is Art. 6 para. 1 lit. f) EU-DSGVO.



Newsletter

We offer a regular newsletter, for the receipt of which it is necessary to provide your e-mail address. Before the newsletter is sent, you must explicitly confirm that you would like to receive our newsletter using the so-called double opt-in procedure. You will then receive a confirmation and authorisation e-mail with a link. By clicking on this link, you confirm that you would like to receive the newsletter. This registration is logged in order to be able to legally prove the registration process.

You can unsubscribe from the newsletter at any time. The corresponding link can be found in every newsletter sent. Alternatively, you can revoke your consent by contacting us at service@ninarein.com.

The legal basis for data processing is Art. 6 para. 1 lit. a) EU-DSGVO.

Order process

During the ordering process, we collect name, address and email address.

The legal basis for data processing is Art. 6 para. 1 lit. b) EU-DSGVO.

Contacting

The processing of your e-mail address is essential in order to be able to answer your request. If additional data is processed, such as name, address or similar, the processing serves to individualise the respective user and thus to be able to respond to his or her request in the best possible way.

What do we use your data for?

Some of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour and, among other things, to show you personalised advertising.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. You can also contact us at any time at the address given in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Correction of data
You can use the link below to update your account details if they are incorrect.

Edit your account data
Data portability
You can use the links below to download all the data we shop and use for a better shopping experience in our shop.

DSGVO Requests
Personal data
Orders
Access to personal data
Using the link below, you can request a report containing all the personal data we hold on you.

Request a report
Right to be forgotten
Use this option if you wish to remove your personal and other data from our shop. Note that this will delete your account and you will no longer be able to access or use it.

Deletion of data


Third-party analytics and tools
When you visit our website, your surfing behaviour may be statistically analysed. This is done primarily with cookies and with so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.

2 General notes and obligatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible office
The responsible party for data processing on this website is:

Julia Ickert & Susanne Kinast GbR

Wallbergstr. 36

81539 Munich

phone: +49 (0) 8142 - 669 59 47
mail: Service@ninarein.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorisation), this data is required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.<

Objection to advertising e-mails
We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

3. data collection on our website
Cookies
Our website uses cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.

With regard to cookies set by third-party providers, namely Google Analytics, Facebook Pixel, Pinterest, Youtube Video, Vimeo, Google Adwords and Google Tag Manager, further information can be found under the item "Third-party services".

The app used to ensure the GDPR/CCPA compliance of this website collects your IP address and email address in order to process the data. For more information about the app, please see the Privacy Policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

browser type and browser version
Operating system used
referrer URL
Host name of the accessing computer
Time of the server request
IP address
This data is not merged with other data sources.

The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you have provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.

The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer upon conclusion of a contract for online shops, dealers and goods dispatch
We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the companies entrusted with the delivery of the goods or to the credit institution entrusted with the payment processing. Further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Data transfer upon conclusion of a contract for services and digital content
We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the credit institution commissioned with the payment processing.

Further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

4. analysis tools and advertising
We use the following third-party services:

Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Youtube, LLC, subsidiary of Google Inc, 901 Cherry Avenue, San Bruno, CA 94066, USA ("Youtube")
Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook")
Instagram Inc, subsidiary of Facebook Inc, 181 South Park Street, San Fransisco, CA 94107, USA ("Instagram")
Pinterest, Inc, 808 Brannan Street, San Fransisco, CA 94103-4904, USA ("Pinterest")
MailChimp (The Rocket Science Group, LLC, 675 Ponce de Leon, Avenue NE, Atlanta, GA 30308, USA ("MailChimp").
It is possible that the registered office of a third-party provider is located in a third country, i.e. in a country in which the GDPR does not have direct legal effect. In this case, the transfer of data will only take place if your consent has been given, an adequate level of data protection prevails or other legal permission exists.

Google, Facebook/Instagram, Twitter and MailChimp operate under the Privacy Shield agreement (EU-US Privacy Shield), which means that the requirements of the Privacy Shield agreement are equivalent to the level of data protection in the European Union and that the data is treated accordingly.

Please inform yourself further at the companies in detail about the purpose and scope of the data processing as well as the setting options to protect your privacy.

Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google provides further information on the use of data by Google under this link: Information about Google's use of data.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. Information such as operating system, browser, IP address, referrer URL is collected. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area.

 

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics.



3. Facebook, Instagram, Twitter, Google+, Pinterest

We have integrated plugins of the social networks and services Facebook, Instagram, Twitter, Google+, and Pinterest on our website. The plugins are marked with a logo or the "Pin it" button (Pinterest).

To ensure the greatest possible protection for you and to take account of the principle of data minimisation, we use the Shariff method. This means that direct contact between the social network and you is only established when you actively click on the corresponding button. If the button of the social network is not clicked, no data is collected, activities are logged or a surfing profile is created.

If the button is clicked, the respective service provider receives the information that you have accessed our website. This does not require a user account with the respective service, nor do you have to be logged in if you have a user account. However, if you have a user account with the service provider and are logged in, this data is directly assigned to the account. This can be prevented by logging out of your user account of the corresponding service before clicking the button.

We have no way of influencing whether, to what extent, for what purpose and for how long the service providers and social networks collect personal data.

Further information on the handling of user data can be found here:

Facebook, Instagram, Twitter, Google+,Pinterest

You can opt out of the collection and use of information for targeted online advertising at the following link: https://www.facebook.com/ads/website_custom_audiences.



Pinterest Tag Conversion Tracking


This website uses the conversion tracking technology "Pinterest Tag" by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").
If you have reached our website from a pin on Pinterest, we will set a cookie on your computer that interacts with a "tag" also implemented in the form of a JavaScript code from Pinterest. Cookies are small text files that are stored on your terminal device. These cookies are not used for personal identification and lose their validity after 180 days.

If the user is redirected from a pin on Pinterest to pages on this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track them (e.g. completed transactions, leads, search queries on the website, calls to product pages). When such an action is performed, your browser sends an HTTP request from the cookie to the Pinterest server via the Pinterest tag, with which certain information about the action (including the type of action, time, browser type of the end device) is transmitted.
This transmission is used by Pinterest to create statistics about the usage behaviour on our website after forwarding a Pinterest pin, which help us to optimise our offer.
If personal user data is processed in the process, this is done in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in the statistical evaluation of the success of product ads on Pinterest and the purchasing behaviour of users and thus serves to optimise our online offer.
However, we do not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking, you can object to this by deactivating the Pinterest tag conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. Alternatively, you can use the deactivation page for consumers from the EU http://www.youronlinechoices.com/de/praferenzmanagement/.
to check whether Microsoft advertising cookies are set in your browser and deactivate them.
You can find more information about Pinterest's privacy policy at this internet address: https://policy.pinterest.com/de/privacy-policy.
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future.



4. youtube

If necessary, we use the Youtube service to embed videos on the website. We have no influence on the data processing operations that may be triggered by clicking on the video on Youtube. For your greatest possible protection, the videos have been embedded in the extended data protection mode. This means that data is only transferred when you actually use the functions of the embedded content. Youtube uses cookies to collect information about visitors. Further information on the handling of user data at Youtube can be found in the "Youtube privacy policy".

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.



5 MailChimp

Our email newsletter is sent via the service provider MailChimp. MailChimp offers statistical evaluation options for usage data, although the evaluation is always group-related and not individual. The usage data generated by MailChimp is not evaluated individually. As far as possible, tracking offered by MailChimp is turned off. However, if, for example, you call up a newsletter for correct display via the link provided in the email in a browser, the Google Analytics analysis tool is used on the website then displayed. Only MailChimp has access to the data generated by this. However, you can prevent tracking by Google Analytics by using certain browser plug-ins.



The data protection regulations can be viewed here.



6 Facebook Pixel / Retargeting, Remarketing

Within our website, we use the "Facebook Pixel" of Facebook Inc. This makes it possible to track the behaviour of users after they have seen or clicked on a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise advertising measures.

The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. You may allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

To prevent the collection of your data by Facebook Pixel, you can click on the following link Facebook Opt-Out.

To generally object to the use of cookies on your computer, you can set your internet browser so that no more cookies can be stored on your computer in the future or so that cookies that have already been stored are deleted. However, switching off all cookies may mean that some functions on our Internet pages can no longer be carried out. You can also deactivate the use of cookies by third-party providers such as Facebook on the Digital Advertising Alliance website.



7 Google AdWords Conversion Tracking

This website uses the online advertising programme "Google AdWords" and, as part of Google AdWords, conversion tracking. The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your computer system. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user clicked on the ad and was redirected to that page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you wish to participate in the tracking, you can object to this use by simply deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website:

https://tools.google.com/dlpage/gaoptout/

For more information on how Google Analytics handles user data, please see Google's privacy policy.

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

5 Plugins and tools
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.