Overview
The protection of personal data and the responsible handling of information that you entrust to us are very important to us. Nyctophilia OHG (Nyctophilia) processes personal data only in accordance with the legal regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
This data protection declaration informs you about the processing of personal data concerning
- the use of our website (see section 2)
- visiting our Facebook fan page (see section 3)
- the conclusion of contracts with us (see section 4)
- visiting our stores (video surveillance) (see section 5)
- the application for a job (see section 6).
This data protection declaration also contains information about recipients of personal data within the EEA (see Section 7), in third countries (see Section 8), the deletion of your personal data and retention periods (see Section 9), your rights as a data subject (see Section 10) and about automated decision-making (see Section 11).
1. Responsible
Responsible: Nyctophilia OHG, Landwehr 5, 22087 Hamburg [https://nyctophilia-shop.de/impressum/]
2. The use of our website
When you visit our website ( [www .nyctophilia-shop.de]), we process personal data to enable you to use it (usage data) as described in Section 2.1. We also process personal data for web analysis and other purposes as described in section 2.2 ff. Below you will find information about the legal basis, the purposes as well as legitimate interests and the need to process your personal data.
2.1 Data processing to enable website use
Usage data include your IP address and data about the start, end and subject of your use of the website as well as data for identification, if applicable (e.g. your login data when you log in to a secure area). This also includes the technical data transmitted by your browser, such as browser type / browser version, the previously visited website (referrer URL), monitor resolution, operating system, possibly device information (e.g. device type) etc. We process this data in order to provide and to design this website in line with requirements our legitimate interest (Article 6 (1) (f) GDPR).
2.2 Cookies and web analysis
When you visit our website, information in the form of cookies can be stored on your device. A cookie is a small text file that is sent to your browser by a web server and stored on your device. If you visit our website again, cookie data will be transferred to our web server. For example, we can recognize you and take your individual settings into account when displaying the website. Cookies can be divided into first-party cookies (used by Nyctophilia) and third-party cookies (used by third parties). We also categorize cookies as follows:
| Type: | Description: |
| Category 1:
technically required cookies |
These cookies are essential to ensure the technical functionality of the website (e.g. enabling the shopping cart function or logging in during a session, etc.). Without these cookies, we cannot properly offer use of the website. |
| Category 2:
fuctional cookies |
These cookies serve to design a pleasant surfing experience on our website, with a maximum of individual user conformity (e.g. enabling cross-session login, high surfing speed through search suggestions or saving individual page settings such as language or text size, etc.) .. |
| Category 3:
Performance Cookies |
These cookies are used to continuously optimize our website and lead to a continuously improved surfing experience (e.g. by evaluating the use of website functions offered, reporting display errors, etc.). |
| Category 4:
Social network and advertising cookies |
Some of these cookies give you the opportunity to connect to your social networks and thus share content. The other part helps to better individualize advertising for you by adapting it to your interests by collecting information. |
Categories 2 to 4 cookies can be used for web analysis. They can be combined with further information about your activities on our website and are processed in pseudonymised usage profiles. This helps us analyze information about web traffic and improve our website to adapt it to the needs of users. We only use this information for statistical evaluations. In addition to the cookie-based web analysis, there is a non-cookie-based web analysis with other means, such as your individual device settings, to recognize you when you visit our website again.
The legal basis for the use of category 1 cookies is our legitimate interest in providing our website in accordance with Art. 6 para. 1 bed. f GDPR. The legal basis for the use of category 2 to 4 cookies and web analysis is your consent in accordance with Art. 6 para. 1 bed. a GDPR. We will inform you when you visit our website for the first time or when you visit again (i) inform about the use of category 2 to 4 cookies and web analysis and (ii) ask for your consent. In order to declare your consent, we will show you a corresponding banner. If you click on “Accept” or “OK”, you declare your consent. You can restrict your consent in whole or in part by configuring your browser settings and deactivating cookies in whole or in part.
You can also install a browser plug-in. Plugins offer the possibility to prevent web analytics – e.g. AdBlock, Ghostery. NoScript or uBlock Origin (please note the data protection information of the respective plugin provider).
Furthermore, some web analytics providers are members of industry associations whose websites make it possible to prevent the use of web analytics centrally. Below you will find a link to the websites of these associations to explain your choice regarding web analysis and data processing in pseudonymous profiles.
- “European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
- “Digital Advertising Alliance“ (DAA): www.aboutads.info/choices/
- “Network Advertising Initiative“ (NAI): http://optout.networkadvertising.org/?c=1
If you do not give your consent to the use of cookies or delete cookies from your device, this may affect your options for using the website or individual functions. Detailed information on the individual cookies used on our website can be found in the following table.
| Cookie | Category | Access possible through | purpose | Retention period |
| datr | 4 | facebook.com | Marketing | |
| dpr | 4 | facebook.com | Marketing | |
| fr | 4 | facebook.com | Marketing | |
| sb | 4 | facebook.com | Marketing | |
| sfau | 4 | facebook.com | Marketing | |
| sfiu | 4 | facebook.com | Marketing | |
| wd | 4 | facebook.com | Marketing | |
| _fbp | 4 | nyctophilia-shop.de | Analysis of Facebook advertising measures | |
| _ga | 4 | nyctophilia-shop.de | user experience and marketing | |
| _gat_gtag_UA_91823060_2 | 4 | nyctophilia-shop.de | Targeting | |
| _gid | 4 | nyctophilia-shop.de | user experience | |
| cookielawinfo-checkbox-necessary | 2 | nyctophilia-shop.de | Cookie-Consent-Tool | |
| cookielawinfo-checkbox-non-necessary | 2 | nyctophilia-shop.de | Cookie-Consent-Tool | |
| tk_ai | 1 | nyctophilia-shop.de | Website usage | |
| tk_lr | 1 | nyctophilia-shop.de | Website usage | |
| tk_or | 1 | nyctophilia-shop.de | Website usage | |
| tk_qs | 1 | nyctophilia-shop.de | Website usage | |
| tk_r3d | 1 | nyctophilia-shop.de | Website usage | |
| tk_rl | 1 | nyctophilia-shop.de | Website usage | |
| tk_ro | 1 | nyctophilia-shop.de | Website usage | |
| tk_tc | 1 | nyctophilia-shop.de | Website usage | |
| viewed_cookie_policy | 2 | nyctophilia-shop.de | Cookie-Consent-Tool | |
| wordpress_logged_in_[hash] | 1 | nyctophilia-shop.de | Website usage | |
| wordpress_sec_[hash] | 1 | nyctophilia-shop.de | Website usage | |
| wordpress_test_cookie | 1 | nyctophilia-shop.de | Website usage | |
| wp-settings-3 | 1 | nyctophilia-shop.de | Website usage | |
| wp-settings-time-3 | 1 | nyctophilia-shop.de | Website usage | |
| 1P_JAR | 3 | google.com | Website usage | |
| ANID | 3 | google.com | Website usage | |
| CONSENT | 3 | google.com | Website usage | |
| NID | 3 | google.com | Website usage | |
| DV | 3 | google.com | Website usage | |
| OTZ | 3 | google.com | Website usage | |
| KHcl0EuY7AKSMgfvHl7J5E7hPtK | 1 | paypal.com | Payment process | |
| WELCOME_ASYNC | 1 | paypal.com | Website usage | |
| X-PP-ADS | 1 | paypal.com | Website usage | 10 Months |
| _ga | 3 | paypal.com | user experience | 2 years |
| _gcl_au | 2 | paypal.com | user experience | |
| _gid | 3 | paypal.com | user experience | 24 hours |
| cookie_check | 1 | paypal.com | Website usage | 13 Months |
| cookie_prefs | 1 | paypal.com | Website usage | |
| enforce_policy | 1 | paypal.com | Website usage | |
| login_email | 1 | paypal.com | Website usage | 22 Months |
| rmuc | 1 | paypal.com | Website usage | 22 Months |
| s_pers | 1 | paypal.com | Website usage | 22 Months |
| ts | 1 | paypal.com | Website usage | 3 years |
| ts_c | 1 | paypal.com | Website usage | 22 Months |
| tsrce | 1 | paypal.com | Website usage | 1 Minute |
| ui_experience | 1 | paypal.com | Website usage | 22 Months |
| x-cdn | 1 | paypal.com | Website usage | |
| x-csrf-jwt | 1 | paypal.com | Website usage | |
| x-pp-p | 1 | paypal.com | Website usage | 1 year |
Detailed information on the web analysis services used on our website and the associated providers can be found in the following table. In addition, the table contains links to the privacy policy of the provider and a description of how you can prevent web analytics. In such cases, an “anti-tracking cookie” is usually stored on your device, which prevents the provider from collecting usage data from your device. Please note: If you delete cookies from your device, you may have to set the “anti-tracking cookie” again.
| Tool/ | ||
| Google Analytics: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Web analysis, interest-based advertising | https://www.google.de/intl/de/policies/
Prevent processing: Via browser plug-in (see add-on) and further information in section 2.4. |
| Google Double-Click, Google AdWords Conversion, Google Dynamic Remarketing: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Web analysis, interest-based advertising | https://www.google.de/intl/de/policies/
Prevent processing: Via Google’s Ads Preferences Manager and for more information, see section 2.5. |
2.3 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies (see section 2.4) to enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Your IP address will, however, be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Cookies are only saved and analyzed by Google if you give your consent to the setting of performance cookies when you first visit the page.
Further information on data protection at Google Analytics can be found at: https://www.google.de/intl/de/policies/.
Google is after the EU-U.S. Privacy Shield Framework certified, which ensures that the level of protection of natural persons guaranteed by the GDPR is not impaired by data transfers (https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Active).
2.4 Google Double-Click (einschließlich Floodlight und Spotlight), Google AdWords Conversion, Google Dynamic Remarketing
We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. In order to improve our offers, we can analyze what happens after a user clicks on our ad, e.g. whether the user bought our product or viewed the ad from a mobile phone. You will also receive interest-based advertising through these services. Your consent is required for this (see Section 2.4). If you do not want this, you can prevent this, in addition to the variant described in section 2.4, via the Google Ads Settings Manager: http://www.google.com/settings/ads/onweb/?hl=de.
The storage of cookies and processing within the scope of Google Doubleclick only takes place if you give your consent to the setting of performance cookies when you first visit the page.
Google is after the EU-U.S. Privacy Shield Framework certified, which ensures that the level of protection of natural persons guaranteed by the GDPR is not impaired by data transfers (https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Active).
2.5 Social Networks and Social Plugins
Our website contains links to social networks (e.g. Facebook or Instagram). These services are operated exclusively by third parties. If you follow the links or play videos, information may be transmitted to these providers. We use the so-called “Shariff solution” for links to social networks. This means that when you visit our website, no personal data will be passed on. Only when you click on one of the social share buttons will data be transmitted to the respective provider. The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights and setting options for protecting your privacy can be found in the data protection information of the respective provider. You can find it here:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
http://www.facebook.com/policy.php/
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
https://help.instagram.com/155833707900388
2.6 contact form
We process your personal data when you use our contact form. If you contact us via the specified contact form, your data will be saved in order to answer your request. The legal basis is either the fulfillment of a contractual obligation or our legitimate interest in providing a contact form (Art. 6 Para. 1 b GDPR or Art. 6 Para. 1 letter f GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise there will be no consequences for you. If you would like detailed information on the balancing of interests, please contact one of the addresses mentioned in section 1
2.7 Trustpilot
We may contact you by email to invite you to rate the service and/or products you have received from us, in order to obtain your feedback and improve our service [and products] (the “Purpose”). As we have contracted with an external company, Trustpilot A/S (“Trustpilot”), to collect customer feedback, we will share your name, email address and reference number with Trustpilot for this purpose. If you would like to know more about how Trustpilot processes your data, you can view their privacy policy here. We may also use such reviews in other promotional and advertising materials.
3.Visit our Facebook fan page (Facebook insights data)
If you visit or interact with our Facebook fan page, your personal data (e.g. “Like” information) will be processed as described in this section.
3.1 Shared responsibility
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, D2 Dublin, Ireland, (“Facebook”) provides us with statistics and insights that help us to understand the use of our fan page (“Page Insights”). In this case, Facebook and Nyctophilia are jointly responsible for data processing (“joint controllers”).
3.2 Legal basis, purpose and necessity of processing your personal data
The legal basis for the processing of your personal data is Art. 6 para. 1 bed. f GDPR. We use information that you provide to us via your Facebook profile or by visiting our fan page via your browser to provide the functionality of our fan page. This can include checking the reach of our posts, defining our audience more precisely, adapting advertisements to our audience and designing our Facebook fan page to the actual interests of our visitors. This includes:
- demographic information
- Interests
- place of residence
We process this data in our legitimate interest in order to maintain the functions of our fan page, to check our reach and to design and display our fan page according to your interests. If you would like detailed information on the balancing of interests, please contact one of the addresses mentioned in section 1.
3.3 More information about our shared responsibility with Facebook
In order to transparently and explicitly define the responsibilities for compliance with the GDPR obligations between Nyctophilia and Facebook, we have concluded an agreement with Facebook that states that Facebook is primarily responsible for data processing when you visit our fan page. Facebook is especially responsible if you exercise your rights under Art. 12 and 13 GDPR, Art. 15 to 22 GDPR, and for compliance with the obligations in Art. 32 to 34 GDPR.
You can also address your request for data processing in connection with our fan page to us at any time or exercise your rights in relation to the address given in section 1 (further information on your rights can be found in section 11). If it is necessary for the execution of your request or the exercise of your rights, we will forward your matter to Facebook.
Further information on the Page Insight data and the exercise of your rights can be found in the information from Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data.
For more information on the definition of responsibilities within the shared responsibility within the meaning of Art. 26 GDPR, see Agreement with Facebook:https://www.facebook.com/legal/terms/page_controller_addendum
For more information about setting cookies when visiting our fan page, see Facebook’s Cookie Policy:https://www.facebook.com/policies/cookies/
For more information on protecting your privacy on Facebook, see Facebook’s privacy policy:https://www.facebook.com/privacy/explanation.
4. Conclusion and execution of contracts
In order to conclude or execute contracts with you (purchase contracts that you conclude in the online shop or in our shop), we process personal data relating to you. The legal basis for this processing is Art. 6 para. 1 bed. b DSGVO. The purpose of the processing is to establish and carry out the contractual relationship with you. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not provide them, the establishment and implementation of the contractual relationship is not possible. Otherwise there will be no consequences for you.
5.Visit our shop (video surveillance)
The public premises of our shop are partly monitored by video systems. These areas are identified by pictograms. The legal basis for the processing of your personal data is Art. 6 para. 1 bed. f DSGVO und § 4 Abs. 1 Nr. 2, Nr. 3 BDSG. The purpose we pursue lies in the prevention, detection and investigation of criminal offenses, the preservation of house rights and the fulfillment of traffic safety obligations. Our legitimate interest within the meaning of Art. 6 para. 1 bed. f GDPR is the protection of our property as well as the property and physical integrity of all visitors and employees.
6. Job application
We process your personal data within the application process, regardless of whether the application is made by email or by post. The legal basis for the processing of your personal data is § 26 para. 1, para. 8 p. 2 BDSG or § 26 para. 2, para. 8 S. 2 BDSG. The processing takes place for the purpose of establishing contact and evaluating your suitability for the position to which you are applying. It is not possible to apply to Nyctophilia without providing personal data. You are neither obliged to apply to Nyctophilia nor to provide personal data. If you do not provide us with personal data, we will not be able to consider your application. Otherwise there will be no consequences for you.
7. Transmission to recipients of personal data within the EEA
We only transfer personal data to third parties insofar as this is necessary for the provision of our service or is required by law within this framework. In the context of the purposes mentioned here, personal data are forwarded to service providers who work for us and support us in particular in the provision of services. In addition to your legal obligation to comply with all data protection regulations, these service providers are bound by us to other contractual data protection requirements. This includes in particular an obligation as a processor according to Art. 28 GDPR. In particular, we pass on personal data, where necessary and permissible, to the following categories of service providers:
- Accounting, financial institutions (for payment processing), tax and legal advice;
- IT support and maintenance;
- Data destruction;
For the rest, we only transfer personal data to other recipients if there is a legal permission for this or you have given your prior consent. You can revoke any consent you have given at any time with future effect. We only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or judicial decision and only to the extent permitted by data protection law.
8. Transmission to recipients of personal data in countries outside the EEA
If necessary for our purposes, we may also transfer your data to recipients outside the EU. This is particularly the case if we have to transmit this data to recipients in countries as part of contract processing or due to legal regulations. For the rest, we only transfer data to third countries if it is ensured that the recipient of the data has an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46 para. 2 and para. 3 GDPR and no other legitimate interests speak against the data transmission. We use to ensure an adequate level of protection for the recipient of the data, unless an adequacy decision within the meaning of Art. 45 para. 1 GDPR by the EU Commission, in particular the standard contractual clauses of the EU Commission for the transfer of personal data to third countries (processors to processors). We may transfer your data to the following third countries: USA. We can transfer your data to the following categories of service providers:
- Webanalysis;
In addition to the categories already mentioned, other categories of service providers can exist or be added at any time.
9. Deleting
We delete your personal data as soon as it is no longer required for the aforementioned purposes of processing, in the event of an objection there are no compelling reasons worthy of protection by Nyctophilia or in the event of a revocation there is no other legal basis for the processing. In certain cases, e.g. if there is a legal retention requirement, your personal data will initially be blocked and deleted when the retention period expires.
Video surveillance recordings are usually deleted after 72 hours at the latest. In justified individual cases, in particular for criminal investigations or preservation of evidence, records are kept longer and deleted after fulfillment of this purpose.
Applicant data will be kept until decision-making and then deleted after six months at the latest or transferred to your personnel file in the event of a successful application.
10. Your rights
As a data subject, you have the right, insofar as the respective legal requirements exist, to confirm whether Nyctophilia processes personal data and, if this is the case, the right to information about this personal data (Art. 15 GDPR), a right to correct your incorrect data (Art. 16 GDPR), a right to deletion (Art. 17 GDPR) and a right to restriction (blocking) of your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Art. 6 para. 1 bed. e or f GDPR object to the processing (Art. 21 GDPR), whereby you have to provide a special reason, except in the case of direct advertising. If you have provided this data, you can request the transfer of the data (Art. 20 GDPR). Whether and to what extent these rights exist in individual cases and under what conditions they apply is specified by law in the named standards. If the processing is based on consent i.S.d. Art. 6 S. 1 para. 1 bed. a or Art. 9 para. 2 bed. a GDPR, you can revoke this at any time for the future (Art. 7 Para. 3 GDPR). You also have the right to contact the responsible data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at Nyctophilia, we recommend that you first contact our data protection officer (see the contact details under section 1).
11. No automated individual decision
We do not use your personal data for automated individual decisions within the meaning of Art. 22 para. 1 GDPR.
12. Changes to the data protection declaration
New legal requirements, business decisions or technical developments may require changes to our data protection declaration. You can always find the latest version on our website.