General conditions of sale
- Overview of the project
The processing of data by NICKFORREAL can be divided into two categories:
All data required for the execution of a contract with NICKFORREAL will be processed for the purpose of contract execution and/or contract preparation. If external service providers are also involved in the processing of the contract, e.g. payment service providers, optimization services, hosting providers, etc., your data will be passed on to them to the extent required.
- When you use our Offer, various information is exchanged between your terminal and our server or the server of the services we use. This may also include personal data. The information collected in this way is used, among other things, to further optimize our Offer.
According to the requirements of the GDPR, you have various rights that you can assert with us. This includes the right to withdraw your consent at any time regarding the processing of selected data, in particular the processing of data for advertising purposes. The possibility of withdrawing your consent is always highlighted in a typographical manner. You will find further information about your rights below in an additional paragraph and in the respective individual descriptions of data processing.
Our Offers are only available to persons who have reached the age of 18. If you have not yet reached the said minimum age, you may use our Offers only if and insofar as your parents have expressly consented and you have provided us with sufficient proof of such consent.
- Name and contact details of the controller and the company's data protection officer
- Purposes of data processing, legal bases and legitimate interests pursued by us or by a third party and categories of recipients.
3.1. USE OF OUR OFFER
When you use our Offer, in particular our website or application, information is automatically sent to our servers by the application or browser used on your terminal and stored temporarily in a log file. The following information is recorded without your intervention and stored in the log file until it is automatically or manually deleted:
- the IP address of the device used,
- the date and time of access,
- the name and URL of the file accessed, the website/application from which the access was made (referral URL)
- the unique identifier of the browser you are using,
- the name of your Internet service provider.
The processing of the above-mentioned data is carried out in accordance with Article 6, paragraph 1 point f) of the GDPR. Our legitimate interest derives from the purposes of data collection listed below. At this point, we would like to emphasize that the data collected does not allow us to identify you personally or make any inferences about you. We use the IP address of your terminal and the other data listed above for the following purposes:
- guarantee the correct establishment of a connection,
- to guarantee a comfortable use of our Offer,
- evaluate the security and stability of the system and,
- Perform other administrative tasks.
3.2. CONCLUSION, PERFORMANCE OR TERMINATION OF A CONTRACT
Processing of data upon conclusion of the contract
We define our services as personalized health tracking technology: our technology provides a range of information about your health and well-being based on your metrics and data.
In this context, we process the data necessary for the conclusion, execution or termination of a contract.
Such data includes in particular:
- the e-mail address,
- first and last name, if applicable,
- billing and payment data,
- data entered by you and generated by the use of our Offer,
The legal basis used is Art. 6 Para. 1 point a), point b) of the GDPR and Article 9 paragraph 2 point a) of the GDPR. Insofar as we do not use your contact information for customer support (see Section 3.3. in detail), we retain the data collected for the processing of the contract until the end of said contract or until the expiration of any contractual warranty and guarantee claims. After the expiration of the said period, we shall store the personal data required by law for the legally prescribed period. During this period (usually six to ten years from the conclusion of the contract), the data will only be processed in the event of an audit by the tax authorities.
3.3. DATA PROCESSING FOR CUSTOMER SUPPORT OR SERVICE
3.3.1. Informative purposes
Insofar as you have registered for our Offer, we guide you as an existing customer. In such a case, we process your contact information in order to send you information, for example about new, expanded or improved features, products and services.
3.3.2. TARGETED ADVERTISING
In order to ensure that you only receive the information that is intended to be of interest to you, we categorize and supplement your customer profile with other information. We use statistical information as well as information about you (e.g. reference data or basic data from your customer profile). The purpose is to optimize our Offer according to your real or assumed personal interests and/or needs and to provide you with appropriate recommendations so that you are not bored with unnecessary promotions.
The legal basis for the aforementioned processing operations is Article 6(1)(b) and (f) of the GDPR as well as Article 9(2)(a) of the GDPR. The processing of existing customer data for advertising purposes is considered a recognized legitimate interest in accordance with Recital 47 of the GDPR.
3.3.3. Sending the Newsletter
We offer interested customers the opportunity to subscribe to our newsletter. In order to ensure that the e-mail address entered is actually associated with the interested customer, we use the double opt-in procedure: after you have entered your e-mail address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our mailing list. We keep the data collected in this process only for documentation and verification purposes. This data includes in particular:
- the e-mail address provided,
- the IP address of the device used,
- the date and time of the recording,
- the way of addressing,
- the date, content and time of the confirmation e-mail,
- the IP address of the device used for confirmation,
- and the date and time of your confirmation.
The legal basis used is Article 6, paragraph 1, point a) of the GDPR. We store this data until the end of the contractual relationship because we can prove the lawfulness of the sending of the newsletter. After the expiry of the said period, we will store the personal data required by law for the prescribed legal period. During such a period (usually ten years from the conclusion of the contract), the data will only be processed again in the event of an audit by the tax authorities. You can withdraw your consent at any time with effect for the future. To do so, simply click on the unsubscribe button in the corresponding e-mail or send a short notification by e-mail. For this purpose, please use the contact information of our data protection officer.
3.3.4. Right of objection
You can withdraw your consent to the processing of data for the above-mentioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. Simply send an e-mail or a letter to the contact details given in point 1.
In the event of an objection, we will block the contact address concerned for further processing of the promotional data. We will process your objection as soon as possible and implement the corresponding blocking measures immediately after verification. We would like to point out that, in exceptional cases, information or product recommendations may still be sent even after your objection has been received. This is only for technical reasons and does not mean that we will not implement your complaint. Thank you for your understanding.
- Data processing for the provision of our services
In the following, we would like to inform you about the processing of the data necessary for the provision of our Offer:
4.1. ONLINE PRESENCE AND WEBSITE OPTIMIZATION
We do not sell or rent your data to third parties for marketing purposes without your express consent. In order to provide our customers with the best possible product, to improve the quality of our Offering from time to time and to protect the interests of our customers, we will, under certain circumstances, disclose certain data to third parties; however, such disclosure will always be subject to strict restrictions, which are described in more detail below:
4.1.1. Cookies - General Information
4.1.2. Google Analytics
- browser type/version,
- the operating system used,
- the reference URL (the previously visited page),
- the host name of the accessing computer (IP address),
- the time of the server request.
are transmitted to a Google server in the United States and stored there. The information is used to evaluate the use of the Offerings, compile reports on activities and provide other services related to the use of the Offering for market research and needs-based design purposes. This information may also be passed on to third parties if required by law or if third parties are mandated to process this data. Your IP address will not be merged with other Google data under any circumstances. IP addresses are anonymized, so that an attribution is not possible (so-called IP masking).
4.1.3. Google Tag Manager
4.1.4. MOLLIE payment processing service
For the purpose of contract execution and especially for payment processing, we pass on your name and e-mail address to our payment service Mollie in accordance with Article 6, paragraph 1, points a) and b) of the GDPR. Through the use of Mollie's library, we will not process the information entered during the order process (address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) but will transmit it directly to Mollie from your browser. The data is used exclusively by Mollie for the execution and completion of the payment process and is transmitted securely via the "SSL" encryption method. Mollie is PCI DSS certified. Mollie may transfer, process and store personal information outside the European Union.
We use a text messaging platform, which is subject to the following terms and conditions. By opting-in to our text marketing and notifications, you agree to these terms and conditions.
By entering your phone number during checkout and initiating a purchase, subscribing via our subscription form or a keyword, you agree that we may send you SMS notifications (for your order, including abandoned cart reminders) and SMS marketing offers. You acknowledge that consent is not a requirement for any purchase.
Your phone number, name and purchase information will be shared with our SMS platform "SMSBump Inc, a European Union company with an office in Sofia, Bulgaria, EU. This data will be used to send you targeted marketing messages and notifications. When sending the text messages, your phone number will be transmitted to a text messaging operator to effect their delivery.
If you wish to unsubscribe from receiving SMS and notifications, reply STOP to any mobile message we have sent you or use the unsubscribe link we have provided in any of our messages. You understand and agree that other opt-out methods, such as using alternative words or requests, will not be considered a reasonable way to unsubscribe. Messaging and data charges may apply. If you have any questions, send "HELP" to the number you received the messages from. You can also contact us for more information. If you wish to unsubscribe, please follow the procedures above.
- Recipients outside the EU
As stated in points 3.4 and 3.5 above, data may also be transmitted to recipients outside the European Union or the European Economic Area. This applies in particular to the processing of the mentioned analysis and targeting technologies, which may result in the transmission of data to the servers of service providers. Other recipients may be affiliated service providers that we need to provide our services, such as hosting providers, CRM tools or analysis service providers. These servers may be located outside the European Union, including in the United States. We ensure that such service providers guarantee data protection standards equivalent to those of the GDPR and that the applicable guidelines are complied with. Thus, we only work with certified service providers. For the said certification, the European Commission has established the adequacy of the level of data protection under number C(2016) 4176) in accordance with Article 45 of the GDPR. The use of said certified service providers thus meets the European standard of data processing in accordance with the law. In addition, service providers based outside the European Union have granted us adequate contractual guarantees ensuring compliance with these European standards and the adoption of the rights of data subjects, for example based on the standard contractual clauses of the European Commission.
- Your rights
In addition to the right to contest the consents you have given us, you may exercise the following rights if the respective legal requirements are met:
- The right to information about your personal data stored with us according to Article 15 of the GDPR,
- In case of transmissions in accordance with Articles 46, 47 or 49, paragraph 1, point 2 of the GDPR, the right to information or reference to suitable or adequate safeguards and the possibility of obtaining a copy of such safeguards or if such safeguards are available,
- Your personal data stored with us in accordance with Article 15 of the GDPR,
- The right to correct inaccurate data or complete accurate data in accordance with Article 16 of the GDPR,
- The right to delete your data held with us in accordance with Article 17 of the GDPR,
- The right to restrict the processing of your data in accordance with Article 18 of the GDPR,
- The right to data portability in accordance with Article 20 of the GDPR.
6.2. RIGHT OF OBJECTION
Under the conditions provided for in Article 21, paragraph 1 of the GDPR, it is possible to withdraw your consent regarding the processing of data for reasons related to the particular situation of the data subject.
In addition, you can also contact our competent supervisory authority: Data Protection and Freedom of Information Commissioner of Berlin, Friedrichstraße 219, 10969 Berlin, Germany.
- Data security
We use the highest standards of information security for our infrastructure and the processing of your data. For example, we use computer safeguards such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Only employees who need access to our customers' personal data to conduct their business are granted access.
All the data you have personally transmitted to us, including your payment information, is transmitted via the general and secure SSL (Secure Socket Layer) standard. SSL is a proven, secure standard that is used for online banking transactions, among other things. You can recognize an SSL connection by the s after http (https://...) in the address bar of your browser or by the lock symbol in the lower part of the browser.
In addition, we use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or total loss and unauthorized access by third parties. Our security measures are constantly monitored in relation to technological progress, regularly adapted to the respective risks and, if necessary, improved.
Protecting the privacy of young children is especially important. For this reason, we do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow them to register. If you are under 16, please do not send us any information about yourself, including your name, address, telephone number or e-mail address. No one under the age of 16 is allowed to provide personal information to the Services. If we learn that we have collected personal information from a child under the age of 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we may have information about or about a child under the age of 16, please contact us at firstname.lastname@example.org.
Last update 06/11/2021.