Privacy Policy

1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can be used to personally identify you.

1.2 The responsible party for data processing on this website under the General Data Protection Regulation (GDPR) is nextReality.Hamburg e.V., Am Sandtorkai 27/28, 20457 Hamburg, Germany, Tel.: 01703149119, Email: lars.eckernkemper@nextreality.hamburg. The party responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection when Visiting Our Website

2.1 2.1 When you use our website for informational purposes only, i.e., when you do not register or provide us with information in another way, we only collect data that your browser transmits to our server (so-called “server logfiles”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• The website you visited
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you accessed the page
• Used browser
• Used operating system
• Used IP address (possibly anonymized)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no sharing or further use of the data. However, we reserve the right to review server logfiles later if there are specific indications of illegal use.

2.2 This website uses SSL or TLS encryption for security purposes and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

For hosting our website and displaying the page content, we use a provider who delivers their services either directly or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and to prevent unauthorized disclosure to third parties.

4) Cookies

To make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files placed on your device. Some of these cookies are automatically deleted after closing your browser (so-called “session cookies”), while others remain on your device longer and enable saving of site settings (so-called “persistent cookies”). In the latter case, you can find out the storage duration in your browser’s cookie settings.

If personal data is processed by individual cookies we use, the processing is in accordance with Art. 6 (1) (b) GDPR for the performance of the contract, Art. 6 (1) (a) GDPR with your consent, or Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser to notify you when cookies are set and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request, and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once it is clear that the matter has been resolved, unless there are legal retention obligations.

6) Data Processing for Opening a Customer Account

In accordance with Art. 6 (1) (b) GDPR, personal data will be collected and processed to the extent necessary when you provide it to us for the opening of a customer account. The required data for account creation can be found in the input mask of the relevant form on our website.

You can delete your customer account at any time by sending a message to the above-mentioned address. After the deletion of your customer account, your data will be deleted, provided all contracts entered into through it have been fully processed, no legal retention periods apply, and we do not have a legitimate interest in further retention.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will send you regular information about our offerings. The only mandatory information for sending the newsletter is your email address. The provision of additional data is voluntary and is used to personally address you. We use the so-called double opt-in procedure to ensure that you only receive the newsletter after explicitly confirming your consent by clicking a verification link sent to the provided email address.

By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 (1) (a) GDPR. We store the IP address registered by your Internet service provider (ISP), as well as the date and time of the subscription, to track any misuse of your email address at a later time. The data collected during the subscription to the newsletter is used exclusively for this purpose.

You can unsubscribe from the newsletter at any time by using the link provided in the newsletter or by contacting the responsible party mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list, unless you explicitly consent to further use of your data or we reserve the right to use it beyond that, which is legally permissible and about which we inform you in this statement.

7.2 MailerLite

Our email newsletter is sent through the provider: UAB “MailerLite,” J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data you provide during newsletter registration to this provider in accordance with Art. 6 (1) (f) GDPR, so they can send the newsletter on our behalf.

Subject to your explicit consent under Art. 6 (1) (a) GDPR, the provider may also conduct statistical analysis of newsletter campaigns using web beacons or tracking pixels in the sent emails, which measure open rates and specific interactions with the newsletter content. Information such as device details (e.g., time of access, IP address, browser type, and operating system) will be collected and analyzed but not combined with other data.
You can withdraw your consent to newsletter tracking at any time with effect for the future.

We have entered into a data processing agreement with the provider to ensure the protection of our visitors’ data and prevent unauthorized disclosure to third parties.

8) Data Processing for Order Processing

8.1 As far as necessary for contract performance, delivery, and payment purposes, we pass on personal data collected by us to the commissioned transport company and the commissioned bank in accordance with Art. 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or digital products based on a corresponding contract, we process the contact data you provided during ordering (name, address, email) to inform you personally about upcoming updates within the legally required period in accordance with Art. 6 (1) (c) GDPR.

To process your order, we also work with the following service provider(s) who assist us, in whole or in part, with the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Use of Payment Service Providers

– Stripe

This website offers one or more online payment methods from the following provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

If you choose a payment method from this provider where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number) will be passed to them as necessary for payment processing in accordance with Art. 6 (1) (b) GDPR.

If you select a payment method where the provider pays in advance (e.g., invoice or installment payments), you will also be asked to provide certain personal details (first and last name, street address, house number, postal code, city, date of birth, email address, phone number, and possibly information about an alternative payment method) during the order process.

To safeguard our legitimate interest in assessing the payment ability of our customers, this data is forwarded to the provider for a credit check in accordance with Art. 6 (1) (f) GDPR. The provider checks, based on the personal data you provide, as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the selected payment method can be granted based on payment and/or default risk.

The credit report may contain probability values (so-called score values). If score values are part of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractually agreed payment processing.

9) Website Functionality

9.1 Youtube

This website uses plugins to display and play videos from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transferred to: Google LLC., USA.

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. During this process, certain information, including your IP address, is transmitted to the provider.

If you start playing embedded videos through the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider during your visit, your data will be directly associated with your account when you click on a video. If you do not want this association, you must log out of your account before activating the play button.

All of the aforementioned processes, especially the use of cookies to read information from the device being used, only occur if you have given us your explicit consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by disabling this service using the “Cookie-Consent-Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

9.2 Google reCAPTCHA

This website uses the CAPTCHA service from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” i.e., fonts loaded from the internet by Google. No further data processing than what is already transferred to Google through the functionality of reCAPTCHA occurs.

The service checks whether an input is made by a human or is automated through machine processing and blocks spam, DDoS attacks, and similar malicious automated access. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the used device, browser, and operating system type identification, as well as the date and duration of the visit, and transmits this data for analysis to the provider’s servers.

The legal basis for this is our legitimate interest in establishing individual accountability on the internet and preventing misuse and spam in accordance with Art. 6 (1) (f) GDPR.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

10) Tools and Other

Cookie-Consent-Tool

This website uses a “Cookie-Consent-Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie-Consent-Tool” is presented to users upon visiting the website in the form of an interactive user interface, where users can give consent for specific cookies and/or cookie-based services by checking the corresponding boxes. By using this tool, only those cookies/services that require consent are loaded after the user grants consent by checking the boxes.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie preferences, this will be done in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in ensuring legally compliant, user-specific, and user-friendly consent management for cookies, and thus ensuring a legally compliant structure of our website.

Further legal basis for the processing is also Art. 6 (1) (c) GDPR. As the responsible party, we are legally obliged to make the use of technically unnecessary cookies dependent on the user’s consent.

If necessary, we have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.

For more information about the operator and settings options of the Cookie-Consent-Tool, please refer to the corresponding user interface on our website.

11) Rights of the Data Subject

11.1
The applicable data protection law grants you the following rights regarding the processing of your personal data, with the exercise requirements depending on the referenced legal basis:

• Right of access according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to notification according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consent according to Art. 7 (3) GDPR;
• Right to lodge a complaint according to Art. 77 GDPR.

11.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON A LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of storage of personal data is determined based on the respective legal basis, the processing purpose, and – if applicable – the statutory retention periods (e.g., commercial and tax retention periods)

When processing personal data based on an explicit consent in accordance with Art. 6 (1) (a) GDPR, the affected data will be stored until you withdraw your consent.

If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations based on Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, unless it is still necessary for the fulfillment of the contract or for the initiation of a contract, or we have a legitimate interest in further retention.

When processing personal data based on Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 (1) (f) GDPR, the data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise stated in this privacy statement regarding specific processing situations, stored personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.