Privacy policy

Data Privacy Statement

The Nays GmbH Bouchéstraße 12 H11, 12435 Berlin, Germany ("Nays") operates the website www.naysbaits.com ("Website"), where it provides information about its services, offers goods for purchase in an online shop, and provides contact options.

Nays places great importance on the protection of personal data. The following privacy policy outlines the extent to which data is collected during visits to the website and the use of its services, as well as the purposes for which this data is processed. Nays complies with all applicable legal provisions regarding the protection of personal data and data security.

The legal basis for data processing is as follows: for consent, Art. 6 para. 1(a), Art. 7 GDPR; for the performance of services and the fulfillment of contractual obligations, Art. 6 para. 1(b) GDPR; for compliance with legal obligations, Art. 6 para. 1(c) GDPR; and for the protection of legitimate interests, Art. 6 para. 1(f) GDPR. In the case of processing special categories of personal data, Art. 9 para. 2 GDPR serves as the legal basis.

I. Name and Contact Details of the Controller

The controller, as defined in Art. 4 GDPR for the processing of personal data, is: Nays Bouchéstraße 12 H11 12435 Berlin, Germany (Contact)

II. Type of Data Processed / Purpose of Processing / Legal Basis

Below, we explain the type of personal data processed when visiting the website and using its services. Processing in this context refers to any form of data usage, including collection, recording, storage, provision, organization, transmission, presentation, editing, deletion, retrieval, or querying. Personal data is only processed to the extent necessary for providing the service, communicating with users, delivering services, conducting contractual/business relationships, optimizing business processes, and tailoring our services to meet user needs.

We adhere to the principle of data minimization and process your personal data only in strict compliance with data protection regulations. In particular, such data is processed only when there is a legal permission/legal basis.

1. visit the website

1.1. Server Log Files

You can visit our website without providing any personal information. However, each time you access our website, usage data is transmitted by your internet browser and stored in log files (server log files). These stored data include the date and time of access, request type, internal URL, protocol, external URL, request status, duration of the request, as well as browser and version.

These data are used to ensure the smooth operation of our website and to improve our services. The processing is necessary to ensure the security and stability of the system and to facilitate the comfortable use of the website. It is not possible to attribute these data to a specific individual.

Furthermore, we use the log data for statistical analysis purposes, aiming to optimize processes and enhance the security of our services. We reserve the right to review log data retrospectively if there are specific indications of unlawful use of the provided services.

The legal basis for data processing is Art. 6 para. 1(b) and (f) GDPR.

1.2. Cookies

The website uses cookies, which can also be set by third parties (see also sections V. and VI.). These are short data packets exchanged between computer programs or text files stored on the visitor's end device. Session cookies are deleted after you close your browser, while persistent cookies remain on your end device and allow us to recognize your browser on your next visit.

You can configure your browser to notify you about the setting of cookies and allow cookies only on a case-by-case basis, block the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of the website.

The legal basis for data processing is Art. 6 para. 1 (b) and (f) GDPR for cookies that are technically necessary for the operation of the website.

The legal basis for data processing for all other cookies that are not technically necessary for the operation of the website is your consent pursuant to Art. 6 para. 1 (a) GDPR.

For a detailed overview of the cookies we use, their purpose, their duration, and the possibility to revoke your consent regarding optional cookies, please refer to our Cookie Policy.

2. ordering process

We offer the purchase of goods through our online shop on our website. During the ordering process, we process the data you provide, which necessarily includes your first and last name, postal address, and email address. We only process additional data if you voluntarily provide it.

The processing of your contact details is carried out only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries.

If applicable, we may use your email address in the future to occasionally inform you via direct marketing within the meaning of § 7 para. 3 UWG about the products you ordered or similar products. For statistical and performance measurement purposes, and ultimately to optimize our offering to you, we also record and evaluate how often the respective email is opened by recipients and which links are clicked. You can unsubscribe from these emails at any time without incurring other than the transmission costs according to the basic tariffs (depending on the communication method you choose). An unsubscribe link is included in every email sent. Alternatively, you can object to the use by contacting us at shop@naysbaits.com, by post, or by telephone. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to demonstrate a previously given consent or its revocation. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

The legal basis for data processing is Art. 6 para. 1 (a) and (b) GDPR.

3. Customer Account

As part of the ordering process, you also have the option to create a customer account with us. When opening a customer account, we process your first and last name, postal address, and email address as mandatory information. We only process additional data if you voluntarily provide it.

The data processing is intended to improve your shopping experience and simplify the order processing.

The legal basis for data processing is Art. 6 para. 1 (a) GDPR.

4. Newsletter

We offer an email newsletter. If the contents of the newsletter are specifically described during the registration process, they are decisive for your consent. Otherwise, our newsletters contain information about our services and us.

To receive the newsletter, providing your email address is necessary. Before sending the newsletter, you must explicitly confirm that you wish to receive our newsletter as part of the so-called double opt-in process. Afterward, you will receive a confirmation and authorization email with a link. By clicking on this link, you confirm that you wish to receive the newsletter.

During the registration process, your email address, IP address, and the time of registration and confirmation are logged. In addition, it is recorded how often the newsletter is opened by recipients and which links are clicked.

The purpose of the newsletter is to inform you about the contents described during registration, typically our offers and current developments. The collection of email addresses is for the purpose of delivering the newsletter to you. Logging the registration process (IP address and registration data) serves to legally prove your registration in our email distribution list and to defend against any allegations of unsolicited emails. Analyzing click behavior is done to optimize the newsletter and for statistical and performance measurement purposes.

The legal basis for data processing is Art. 6 para. 1 (a) and (f) GDPR.

You can unsubscribe from the newsletter at any time without incurring other than the transmission costs according to the basic tariffs (depending on the communication method you choose). An unsubscribe link is included in every newsletter sent. Alternatively, you can revoke your consent by contacting us at shop@naysbaits.com, by post, or by telephone. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to be able to demonstrate a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed.

III. Duration of Storage

Your data will be stored for as long as necessary to fulfill the purposes mentioned above.

Once this is no longer the case, for example, after the complete termination of the contractual/business relationship, including the expiration of any existing warranty period, they will be deleted or blocked, if and as long as commercial or tax retention obligations require further storage (Art. 6 para. 1 sentence 1 (c) GDPR). From the point at which legal retention obligations no longer apply, the data will be deleted unless you have expressly consented to further use (Art. 6 para. 1 sentence 1 (a) GDPR).

Personal data can also be manually deleted from the database at any time if requested.

For a detailed overview of the cookies used during website operation and their storage duration, please refer to our Cookie Policy.

IV. Disclosure of Data to Third Parties/ Transfer to Third Countries

In principle, the data you provide is not made available to third parties. However, in individual cases, it may be necessary to pass on your personal data to companies in order to fulfill the contract, which are entrusted by us with the provision of individual services (e.g., web hosting, programmers, payment service providers, cloud providers, shipping companies).

If we disclose or transmit data to third parties in the course of our processing, or grant them access to the data, this is only done on the basis of legal permission, your consent, legal obligation, or our legitimate interests. If we engage third parties to process data on the basis of a so-called "data processing agreement," this is done in accordance with Art. 28 GDPR. Third parties are also obliged to comply with the legal regulations when handling and processing this data.

The seat of a third party may be located in a third country, i.e., a country where the GDPR does not have direct legal effect. In this case, data transmission only takes place if your consent is given, there is an adequate level of data protection, for example, due to individual agreements, the use of EU standard contractual clauses, the existence of an adequacy decision, or another legal permission.

Furthermore, transmission to authorized authorities and state institutions is possible but only within the framework of legal disclosure obligations and in the event of a mandatory court decision. In these cases, we can provide information, for example, to assert, exercise, and defend legal claims, enforce existing contracts, in the context of fraud allegations, security measures, or due to other legally applicable regulations.

Personal data will not be disclosed outside the framework described here without explicit consent.

In no case will Nays sell or rent personal data to third parties.

V. Services of Third Parties in Website Operation

We would like to separately point out the following third-party providers, whose services we use in the operation of the website and to provide our services, and who may come into contact with the personal data described above:

- Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")

- Youtube, LLC, subsidiary of Google Inc., 901 Cherry Avenue, San Bruno, CA 94066, USA (“Youtube”)

- PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (“Paypal”)

- Apple Inc. 1 Apple Park Way, Cupertino CA 95014, USA (“Apple Pay”)

- DigitalOcean LLC., 101 6th Avenue, New York, NY 10013, USA (“Digital Ocean”)

- Campaign Monitor Pty Ldt., 11 Lea Avenue, Nashville, TN 37210, USA (“Campaign Monitor”)

- Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”)

- Automattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland (“Jetpack”)

We expressly point out that we have no influence on the scope of data collected by these companies. Therefore, we must rely on the information provided by the respective companies, to which we refer in the following clarification.

Please inform yourself about the purpose and scope of data collection as well as your rights and options for protecting your privacy with the individual companies. We have provided links to the privacy policies here.

Below you will find information on possible data protection consequences of cooperation with third-party providers and further links.

1. Google Analytics

Google Analytics is a web analytics service. If you have given your consent, we use Google Analytics to observe and evaluate user behavior on the website in order to continuously optimize our offer for our users.

Various information, such as IP address, browser, device data, operating system, referrer URL, may be transmitted to Google. Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other related services.

The generated information about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated in your browser, your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Google Analytics operates via a cookie. In our Cookie Policy, you can learn about the cookie set by Google Analytics and give or withdraw your consent to its use at any time. Furthermore, we refer to section 1.2.

You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser add-on available at the following link: Browser Add-On to Disable Google Analytics.

More information about Google's privacy policy can be found at www.google.com/intl/en/policies.

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google's services.

2. Youtube

We use the service of Youtube to embed videos. When you visit the page containing video clips from Youtube, a direct connection is established between your browser and the Youtube server, and information about your visit there is stored. If you have a Youtube account and are logged in at the same time, Youtube can associate this information with your account. You can prevent this by logging out of your Youtube account before visiting the website.

More information about Youtube's privacy policy can be found in the "Youtube Privacy Policy".

3. Paypal

We use the PayPal service for payment processing in our online shop. If you choose to pay via PayPal, PayPal uses the data that you provide during the payment process and that may be stored in your existing PayPal account and associated accounts. This includes your email address and bank account details. According to its own statements, PayPal uses the data exclusively for payment processing.

More information about PayPal's privacy policy can be found here.

PayPal operates via a technically necessary cookie. In our Cookie Policy, you can learn about the cookie set by PayPal. Furthermore, we refer to section 1.2.

We have concluded a data processing agreement with PayPal and fully implement the strict requirements of the German data protection authorities when using PayPal.

4. Apple Pay

We use the Apple Pay service for payment processing in our online shop. If you choose to pay via Apple Pay, Apple Pay uses the data that you provide during the processing and that may be stored in your existing Apple Pay account. This includes your email address and bank account details. According to its own statements, Apple Pay uses the data exclusively for payment processing.

More information about Apple Pay's privacy policy can be found here.

We have concluded a data processing agreement with Apple Pay and fully implement the strict requirements of the German data protection authorities when using Apple Pay.

5. DigitalOcean

Digital Ocean provides us with servers and infrastructure for operating our website.

More information about Digital Ocean's privacy policy can be found here.

We have entered into a data processing agreement with Digital Ocean and fully comply with the strict requirements of the German data protection authorities when using Digital Ocean.

6. Campaign Monitor

We use Campaign Monitor's services for organizing and managing our newsletter distribution.

More information about Campaign Monitor's privacy policy can be found here.

We have entered into a data processing agreement with Campaign Monitor and fully comply with the strict requirements of the German data protection authorities when using Campaign Monitor.

7. Cookiebot

We use Cookiebot's services for creating and maintaining our cookie banner and managing corresponding consent declarations.

More information about Cookiebot's privacy policy can be found here.

Cookiebot operates via a technically necessary cookie. In our Cookie Policy, you can learn about the cookie set by Cookiebot. Furthermore, we refer to section 1.2.

We have entered into a data processing agreement with Cookiebot and fully comply with the strict requirements of the German data protection authorities when using Cookiebot.

8. Jetpack

We utilize Jetpack's services to optimize the security, performance, and growth of our website.

More information about Jetpack's privacy policy can be found here.

We have entered into a data processing agreement with Jetpack and fully comply with the strict requirements of the German data protection authorities when using Jetpack.

VI. Social Plug-Ins

Wir haben auf unserer Webseite Plugins der sozialen Netzwerke und Dienste Facebook und Twitter integriert. Die Plugins sind mit einem Logo gekennzeichnet. Um Ihren größtmöglichen Schutz zu gewährleisten und dem Grundsatz der Datenminimierung Rechnung zu tragen, verwenden wir eine 2-Klick-Methode. So wird der direkte Kontakt zwischen dem sozialen Netzwerk und Ihnen erst dann hergestellt, wenn Sie aktiv auf den entsprechenden Button klicken. Sofern der Button des sozialen Netzwerkes nicht angeklickt wird, werden weder Daten erfasst, Aktivitäten protokolliert oder ein Surf-Profil erstellt. Wird der Button angeklickt, erhält der jeweilige Diensteanbieter die Information, dass Sie unsere Webseite aufgerufen haben. Hierzu ist weder ein Benutzerkonto bei dem jeweiligen Dienst erforderlich, noch müssen Sie eingeloggt sein, wenn Sie ein Benutzerkonto besitzen. Wenn Sie hingegen ein Benutzerkonto bei dem Diensteanbieter besitzen und eingeloggt sind, werden diese Daten dem Konto direkt zugeordnet. Dies kann verhindert werden, indem Sie sich vor Anklicken des Buttons in Ihrem Benutzerkonto des entsprechenden Dienstes ausloggen. Wir haben keine Möglichkeit der Einflussnahme darauf, ob, in welchem Umfang, für welchen Zweck und für wie lange die Diensteanbieter und sozialen Netzwerke personenbezogene Daten erheben. Weiterführende Informationen zum Umgang von Nutzerdaten finden Sie hier: Facebook und Twitter.

VII. Online-Präsenzen / Unternehmensprofil in sozialen Medien

Unser Unternehmen verfügt über Online-Präsenzen auf unterschiedlichen sozialen Medien und Plattformen. Hierdurch vereinfachen wir Interessierten die Suche nach unseren Dienstleistungen und bieten einen zusätzlichen Kanal der Kommunikation. Der Zweck der Verarbeitung der Nutzerdaten durch die jeweiligen sozialen Medien und Plattformen ist in der Regel eine nutzerspezifische Werbung, d.h. es kann individualisierte Werbung geschaltet werden, die den mutmaßlichen Interessen des Nutzers entspricht bzw. sich aus dessen bisherigem Nutzungsverhalten ergibt.

Möglicherweise befindet sich der Sitz eines sozialen Mediums oder einer Plattform in einem Drittland, d.h. in einem Land, in dem die DSGVO keine unmittelbare Rechtswirkung entfaltet. In diesem Fall erfolgt die Übermittlung von Daten nur, wenn Ihre Einwilligung vorliegt, ein angemessenes Datenschutzniveau vorherrscht, etwa aufgrund individueller Vereinbarungen, der Verwendung von EU-Standard Vertragsklauseln, dem Vorliegen eines EU-Angemessenheitsbeschlusses, oder eine anderweitige gesetzliche Erlaubnis vorliegt.

Wir möchten deutlich machen, dass sich Nutzer im Fall von Auskunftsanfragen und/oder der Geltendmachung von anderweitigen Betroffenenrechten direkt an die jeweiligen Drittanbieter wenden sollten. Diese haben Einsicht und Zugriffsrechte auf die dort gespeicherten und verarbeiteten Daten der Nutzer und können entsprechend Auskünfte geben und/oder Maßnahmen ergreifen. Sollten Sie sich direkt an uns wenden, versuchen wir Ihr Anliegen bestmöglich zu unterstützen. Da wir jedoch keine Einsicht und keinen Zugriff auf die bei Drittanbietern gespeicherten Daten haben, sind unsere Handlungsmöglichkeiten limitiert. Bitte informieren Sie sich über die Grundsätze der Datenverarbeitung der jeweiligen Unternehmen anhand der entsprechenden Datenschutzerklärungen.

Weitere Informationen zum Umgang mit Nutzerdaten finden Sie hier: Facebook, Instagram, TikTok, Youtube.

VIII. Data Subject Rights

As a data subject whose personal data is being processed, you have the following rights as outlined below. These rights are derived from the provisions of the General Data Protection Regulation and are presented here in a partially simplified form.

1. Right to Withdraw Consent

According to Article 7(3) of the GDPR, you have the right to withdraw your consent to the processing at any time. The lawfulness of the processing carried out based on the consent prior to withdrawal shall not be affected. The right of withdrawal can be exercised through an informal statement. A written statement or alternatively an email to the contact address above is sufficient.

2. Right to Information

According to Article 15 of the GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about this personal data and the information mentioned in Article 15(1) sentence 2 of the GDPR. This includes, in particular, the purpose of the processing, the categories of processed data, the recipients to whom the data has been or will be disclosed, as well as, if possible, the planned duration of storage or the criteria for determining the duration of storage.

3. Right to Rectification

According to Article 16 of the GDPR, you have the right to demand the immediate correction of inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4. Right to Erasure

According to Article 17 of the GDPR, you have the right to demand that personal data concerning you be deleted without delay. We are obliged to delete personal data without delay if one of the reasons stated in Article 17(1) of the GDPR applies. This includes, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.

5. Right to Restriction of Processing

According to Article 18 of the GDPR, you have the right to request the restriction of processing from us if one of the conditions specified in Article 18 of the GDPR applies. This includes, for example, if you dispute the accuracy of the personal data. In this case, we may only process the data to a limited extent until the accuracy of the personal data has been verified.

6. Right to Data Portability

According to Article 20 of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another controller, i.e., another entity processing the data, without hindrance, provided that the original processing was based on consent or necessary for the performance of a contract.

7. Right to Object

According to Article 21 of the GDPR, you have the right to object at any time to the processing of personal data concerning you if such data is processed based on Article 6(1)(e) or (f) of the GDPR and if there are reasons arising from your particular situation. You may object at any time to the processing of data for the purposes of direct marketing. Personal data will then no longer be processed for this purpose. The right to object can be exercised through an informal statement. A written statement or alternatively an email to the contact address above is sufficient.

8. Automated Individual Decision-Making, Including Profiling

According to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Article 22(1) of the GDPR provides for exceptions to this, with partial derogations found in Article 22(4) of the GDPR.

9. Right to Lodge a Complaint with a Supervisory Authority

According to Article 77 of the GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes this Regulation.

In the present case, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information Friedrichstraße 219 10969 Berlin Telephone: 030/13 889-0 Fax: 030/215-5050 Email: mailbox@datenschutz-berlin.de http://www.datenschutz-berlin.de

IX. Technical and Organizational Measures

We implement technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation, or unauthorized access by third parties. These measures are adjusted to the current state of the art.

X. Changes to the Privacy Policy

We reserve the right to change this privacy policy at any time. You are requested to regularly inform yourself about the content of the privacy policy.

March 2023