Privacy policy

1) Information on the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the German Data Protection Act (DSGVO) is Genthner & Heuchel GmbH, Im Fuchsloch 5, 69221 Dossenheim, Germany, Tel.: 01590 1378943, E-Mail: kontakt@nordlichtbags.de. The person responsible for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to the responsible person), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website
When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you call up our website, we collect the following data, which are technically necessary for us to display the website:
– Our visited website
– Date and time of access
– Amount of data sent in bytes
– Source/reference from which you reached the site
– Used Browser
– Operating system in use
– IP address used (if necessary: in anonymised form)
Processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our justified interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data are also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract, in accordance with Art. 6 Para. 1 letter a DSGVO in the case of a granted consent or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that the functionality of our website may be limited if cookies are not accepted.

4) Contact us
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Data processing when opening a customer account and for contract processing
In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide us with this information for the purpose of executing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with to process the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.

6) Comment function
As part of the comment function on this website, in addition to your comment, information on the time of the comment’s creation and the commentator name you have chosen will be saved and published on this website. Furthermore, your IP address will be logged and saved. This storage of the IP address is done for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment submitted. We need your e-mail address in order to contact you if a third party should complain about your published content as illegal. The legal basis for the storage of your data is article 6 paragraph 1 lit. b and f DSGVO. We reserve the right to delete comments if they are objected to as illegal by third parties.

7) Use of customer data for direct advertising
7.1 Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will send you regular information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a DSGVO. When you register for the newsletter, we save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for the purpose of advertising in the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.
7.2 Newsletter dispatch via Klaviyo
Our e-mail newsletters are sent via the technical service provider “Klaviyo”, 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on the data you provided when you registered for the newsletter. This forwarding is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using a promotional, secure and user-friendly newsletter system. Please note that your data is usually transferred to a Klaviyo server in the USA and stored there.
Klaviyo uses this information to send the newsletter on our behalf. Klaviyo does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
In order to protect your data in the USA, we have a data processing agreement with Klaviyo (“Data-Processing-Agreement”) in which Klaviyo undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and in particular not to pass it on to third parties.
Furthermore, Klaviyo is certified under the us-European data protection agreement “Privacy Shield” and thus undertakes to comply with the EU data protection regulations.
You can view Klaviyo’s data protection regulations here: https://www.klaviyo.com/privacy

8) Data processing for order processing
8.1 In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.
8.2 In order to fulfil our contractual obligations towards our customers, we work together with external shipping partners. We will pass on your name and delivery address and, if necessary for delivery, your telephone number to a shipping partner selected by us exclusively for the purpose of delivering goods in accordance with Art. 6 Para. 1 lit. b DSGVO.
8.3 Use of special service providers for order processing and handling
– Billbee
The order is processed by the service provider “Billbee” (Billbee GmbH, Paulinenstrasse 54, 32756 Detmold). Name, address and, if applicable, other personal data will be passed on to Billbee in accordance with Art. 6 Para. 1 letter b DSGVO exclusively for processing the online order. Your data will only be passed on if this is actually necessary for processing the order. Details on Billbee’s data protection and its data protection declaration can be viewed on the Billbee website under “billbee.io”.
8.4 Use of payment service providers (payment services)
– Klarna
If a Klarna payment service is selected, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna). In order to enable the processing of the payment, your personal data (name, surname, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit assessment, provided that you have expressly agreed to this in accordance with article 6 paragraph 1 letter a DSGVO during the ordering process. Here you can see to which credit agencies your data can be forwarded:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.
You may withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still process your personal data if this is necessary to process your payment in accordance with the contract.
Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for persons concerned with a registered office in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
treated.

– Mollie
If you choose a payment method from the payment service provider Mollie, the payment will be processed via the payment service provider Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, the Netherlands, to whom we will pass on the information you provide during the ordering process, together with the information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 letter b DSGVO. Your data will only be passed on for the purpose of payment processing with the payment service provider Mollie and only to the extent necessary for this purpose.
– Paypal
In the case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) within the framework of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for the processing of payments.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. Further information on data protection, including information on the credit agencies used, can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract.
– IMMEDIATELY
If you select the payment method “IMMEDIATELY”, the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “IMMEDIATELY”), to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The passing on of your data takes place exclusively for the purpose of the payment processing with the payment service provider IMMEDIATELY and only to the extent that it is necessary for this. At the following internet address you will find more information about the data protection regulations of SOFORT: https://www.klarna.com/sofort/datenschutz.

9) Use of evaluation and test seal graphics
ShopVote graphics
We have included ShopVote graphics on this website to display our ShopVote seal and any collected and/or aggregated ratings.
This serves to safeguard our legitimate interests, which predominate in the context of weighing up interests, in the optimum marketing of our product range in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. The ShopVote graphics and the services advertised with them are an offer from Blickreif GmbH, Alter Messeplatz 2, 80339 Munich.
When calling up the ShopVote graphics, the web server automatically saves a so-called server log file which contains, for example, your IP address, date and time of the call, transferred data volume and the source of the call (access data) and documents the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site. Other personal data is not recorded or stored by the ShopVote graphics.

10) Online marketing
10.1 Google AdSense
This website uses Google AdSense, a web advertising service Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies, which are text files that are stored on your computer and which enable an analysis of your use of the website. In addition, Google AdSense also uses so-called “web beacons” (small invisible graphics) for the collection of information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and evaluated. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website is usually transferred to a Google server and stored there. This may also result in a transfer to the servers of Google LLC. in the USA.
Google uses the information thus obtained to evaluate your usage behaviour with regard to the AdSense ads. The IP address transmitted by your browser in the context of Google AdSense is not merged with other data from Google. The information collected by Google may be transferred to third parties if this is legally required and/or if third parties process this data on behalf of Google.
The described processing of data is carried out in accordance with Art. 6 Para. 1 letter f DSGVO for the purpose of targeting the user in advertising by advertising third parties whose ads are displayed on this website on the basis of the evaluated user behavior. This processing also serves our financial interest in exploiting the economic potential of our website by inserting personalised third-party advertising content against payment.
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about Google’s privacy policy at the following web address: https://www.google.de/policies/privacy/
You can permanently deactivate cookies for ad preferences by making the appropriate setting in your browser software to prevent them from being used or you can download and install the browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be used to a limited extent if you have deactivated the use of cookies.
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the procedure described above for making an objection.
10.2 Hub spot

This site uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
HubSpot provides a single interface to digitally synchronize and manage a variety of customer service and customer management services. HubSpot enables the generation of leads, centralized e-mail and newsletter marketing, contact management through the classification of user groups with the help of CRM, and the administration of contact forms.
To fulfill the various functions HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your device and allow an analysis of your use of the site by us. The cookies collect certain information, such as IP address, location, time of page view, etc. Information collected by HubSpot is stored on HubSpot servers and evaluated on our behalf.
If personal data are processed, the data processing is used for statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f DSGVO. Other legal bases for data processing, which are used in the context of specific HubSpot services (such as the need for express consent under Art.6 para. 1 lit. a DSGVO when sending newsletters), remain unaffected.
We have entered into an order processing contract with HubSpot, by which we commit HubSpot to protect the data of our customers and not to disclose them to third parties.
You can permanently object to the collection of data by HubSpot using cookies and the setting of cookies by preventing the storage of cookies through your browser settings accordingly.
For more information about Hubspot’s privacy policy, please visit https://legal.hubspot.com/de/datenschutz
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the above-mentioned option to make an objection.

11) Web analysis services
Jetpack (formerly WordPress.com-Stats)
This offer uses the Jetpack web analytics service (formerly WordPress.com-Stats), which is operated by Automattic Inc. 60 29th Street #343, San Francisco, CA 94110-4929, USA, using tracking technology provided by Quantcast Inc. 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. With the help of Jetpack, pseudonymised visitor data is collected, evaluated and stored on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f DSGVO. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Jetpack uses so-called cookies, i.e. small text files which are stored locally in the cache of the visitor’s Internet browser. These cookies are used, among other things, to recognize the browser and thus enable a more precise determination of statistical data. The data of the user’s IP address is also collected, but it is pseudonymised immediately after the collection and before it is saved in order to exclude the possibility of a personal reference.
The information generated by the cookie about your use of this website (including the pseudonymised IP address) is transferred to a server in the USA and stored there in order to safeguard the above-mentioned interests.
Automattic Inc. with headquarters in the USA is certified for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
To opt-out of future collection and storage of your visitor data, you can download an opt-out cookie from Quantcast using the following link, which will prevent future collection and storage of your browser’s visitor data by Jetpack: https://www.quantcast.com/opt-out
The opt-out cookie is set by Quantcast.
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your given consent at any time with effect for the future. In order to exercise your revocation, please follow the above-mentioned option to make an objection.

12) Rights of the data subject
12.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
– Right of access in accordance with Art. 15 DSGVO: In particular, you have a right of access to your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
– Right of rectification under Art. 16 DPA: You have the right to have incorrect data relating to you corrected without delay and/or to have your incomplete data stored by us completed;
– Right of deletion in accordance with Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
– Right to limit processing pursuant to Art. 18 DPA: You have the right to request the limitation of the processing of your personal data for as long as the accuracy of your data which you dispute is verified, if you refuse to delete your data on the grounds of unlawful processing and instead request the limitation of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require such data after the purpose has been achieved, or if you have lodged an objection on grounds of your particular situation, as long as it has not yet been established that our legitimate reasons outweigh the objection;
– Right to information in accordance with Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
– Right to data transferability in accordance with Art. 20 DSGVO: You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another person responsible, insofar as this is technically feasible;
– Right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO: You have the right to revoke at any time with effect for the future any consent to the processing of data once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
– right of appeal under Art. 77 DSGVO: If you believe that the processing of personal data relating to you is in breach of the DPA, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.
12.2 RIGHT OF APPEAL
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF YOUR PERSONAL DATA.

13) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed on the basis of express consent pursuant to Art. 6 para. 1 letter a DSGVO, these data are stored until the person concerned revokes his or her consent.
If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b DSGVO, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage.
When personal data are processed on the basis of Art. 6 Para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 DSGVO, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
When personal data are processed for the purpose of direct advertising on the basis of Art. 6 Para. 1 letter f DSGVO, these data are stored until the data subject exercises his or her right of objection under Art. 21 Para. 2 DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.