Privacy Policy

PRIVACY POLICY
Version: 15 March 2025

Contents

1. Controller
2. Overview of Processing Activities
3. Relevant Legal Bases
4. International Data Transfers
5. General Information on Storage and Deletion
6. Rights of Data Subjects
7. Provision of the Online Offer & Web Hosting
8. Use of Cookies
9. Contact & Enquiry Management
10. Amendments and Updates

1. Controller
Peter Nachtigal
E-mail: info@nachtigal-services.com
Phone: +49 1573 32 032 75

2. Overview of Processing Activities
The following overview summarises the categories of data we process, the purposes of processing, and the groups of data subjects involved.

Categories of Data Processed

• Inventory data
• Contact data
• Content data
• Usage data
• Meta-, communication- and procedural data
• Log data

Categories of Data Subjects

• Communication partners
• Users

Purposes of Processing

• Communication
• Security measures
• Organisational and administrative procedures
• Feedback
• Provision of our online offer and user-friendliness
• IT infrastructure

3. Relevant Legal Bases
Below is a summary of the GDPR legal bases on which we process personal data. National data-protection rules of the country in which you or we are located may also apply.

German National Legislation

In Germany, the Federal Data Protection Act (BDSG) and, where applicable, the data-protection acts of the federal states also apply.

Note on the Swiss Federal Act on Data Protection (FADP)

These privacy notices serve both the GDPR and the Swiss FADP. For readability we use the GDPR terminology; the legal meaning under Swiss law remains unaffected.

4. International Data Transfers
If we process data in a third country (i.e. outside the EU/EEA) or disclose it to third parties there, we do so only:

• on the basis of an adequacy decision (Art. 45 GDPR),
• under Standard Contractual Clauses (Art. 46 (2) c GDPR),
• with your explicit consent, or
• where the transfer is contractually or legally required (Art. 49 (1) GDPR).

EU-US Data Privacy Framework

Some US providers we use are certified under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023). Certified companies are listed at dataprivacyframework.gov.

5. General Information on Storage and Deletion
We erase personal data as soon as:

• consent is withdrawn, or
• no other legal basis exists (e.g. the processing purpose no longer applies).

Exceptions arise where statutory retention duties or overriding interests require longer storage.

Statutory Retention Periods (Germany)

• 10 years – e.g. accounting records, invoices (§ 147 AO, § 257 HGB).
• 6 years – e.g. commercial correspondence (§ 147 AO, § 257 HGB).
• 3 years – data relevant to potential warranty or damages claims (§§ 195, 199 BGB).

Where multiple retention periods apply, the longest period prevails. Periods of at least one year that are not linked to a specific start date begin at the end of the calendar year in which the triggering event occurred.

6. Rights of Data Subjects
Under Art. 15-21 GDPR you have in particular:

• Right to object (Art. 21 GDPR) to processing on Art. 6 (1) e or f grounds or for direct marketing.
• Right to withdraw consent at any time.
• Right of access to your data.
• Right to rectification of inaccurate data.
• Right to erasure or restriction of processing.
• Right to data portability.
• Right to lodge a complaint with a supervisory authority.

7. Provision of the Online Offer & Web Hosting
We process users’ IP addresses to deliver website content and functions to their browsers or devices.

• Data processed: usage data; meta-, communication- and procedural data; log data.
• Purpose: provision of the online offer, IT infrastructure, security.
• Legal basis: legitimate interests (Art. 6 (1) f GDPR).
• Retention: log files are stored for max. 30 days, then deleted or anonymised, unless needed as evidence.

8. Use of Cookies
Cookies store and retrieve information on user devices (e.g. login status, cart contents, analytics).

• Consent: obtained where legally required; not required for cookies strictly necessary to provide the service requested by the user.
• Legal basis: consent (Art. 6 (1) a GDPR) or legitimate interests (Art. 6 (1) f GDPR).
• Types:
  • Session cookies – deleted when the browser is closed.
  • Persistent cookies – remain stored (up to two years unless otherwise stated).

Users can withdraw consent or object via browser settings.

9. Contact & Enquiry Management
When you contact us (e-mail, form, phone, social media) we process the information you provide to handle the enquiry and any related actions.

• Data processed: inventory, contact, content and usage data; meta-data.
• Purpose: communication; organisational and administrative procedures; feedback; user-friendliness.
• Legal basis: contract performance / pre-contractual steps (Art. 6 (1) b GDPR) and legitimate interests (Art. 6 (1) f GDPR).
• Retention: see “General Information on Storage and Deletion”.

10. Amendments and Updates
Please review this Privacy Policy regularly. We will update it whenever changes in our data processing make this necessary and will inform you if individual cooperation (e.g. renewed consent) is required.

Note: Company addresses may change over time; please verify before contacting.

Generated with the free Datenschutz-Generator.de by Dr Thomas Schwenke