1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. Their contact details can be found in the „Information on the Data Controller“ section of this privacy policy.

How do we capture your data?

Your data is collected, firstly, when you provide it to us. This can include, for example, data that you enter into a contact form.

Other data is collected automatically by our IT systems or with your consent when you visit the website. This primarily includes technical data (e.g. internet browser, operating system, or time of access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order requests.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent for data processing, you can withdraw this consent at any time with future effect. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to complain to the relevant supervisory authority.

You can contact us at any time regarding this and other data protection queries.

2. Hosting

We host the content of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS). When you visit our website, IONOS collects various log files, including your IP addresses. For details, please refer to IONOS's privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If the appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Order processing

We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

By using this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g. during email communication) may have security vulnerabilities. It is not possible to protect data completely from access by third parties.

Information on the responsible body

The controller responsible for data processing on this website is:

Eric Lanners
6 um Mierscherbierg
L-7526 Mersch

Telephone: +3522632531
E-Mail: info@nac.lu

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons no longer apply.

General Information on the Legal Basis for Data Processing on this Website

If you have consented to data processing, we shall process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, where special categories of personal data pursuant to Art. 9(1) GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing shall also be based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to the access of information on your end device (e.g. via device fingerprinting), data processing shall additionally be based on § 25(1) TDDDG. Consent can be withdrawn at any time. If your data are required for the performance of a contract or for the implementation of pre-contractual measures, we shall process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we shall process your data if this is necessary for the fulfilment of a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The respective legal bases applicable in individual cases shall be informed about in the following paragraphs of this privacy policy.

Recipients of personal data

As part of our business activities, we work with various external parties. This sometimes requires the transfer of personal data to these external parties. We only transfer personal data to external parties if it is necessary for the performance of a contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, we only transfer our customers' personal data on the basis of a valid order processing agreement. In the event of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw consent that has already been given at any time. The lawfulness of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.

Right to object in special circumstances and to direct marketing (Art. 21 GDPR)

If the data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. Please refer to this privacy policy for the respective legal basis on which processing is based. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING WHEREVER IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right of complaint to the responsible supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. The right to complain shall be without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, rectification and deletion

You have the right at any time to free access to information about your stored personal data, its origin and recipients, and the purpose of data processing, and where applicable, a right to correct or delete this data, in accordance with applicable legal provisions. You can contact us at any time for this purpose, as well as for any further questions about personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us about this at any time. The right to restrict processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification, you have the right to request a restriction on the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the establishment, exercise or defence of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection under Article 21(1) GDPR, a balancing of your interests against ours must be carried out. As long as it has not yet been determined whose interests take precedence, you have the right to request the restriction of the processing of your personal data.

Where you have restricted the processing of your personal data, that data may – apart from being stored – only be processed with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

This page uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content, such as orders or enquiries, that you send to us as the site operator. You can tell that a connection is encrypted by the fact that the browser's address bar changes from „http://“ to „https://“ and by the padlock icon in your browser bar.

If SSL or TLS encryption is enabled, the data you send us cannot be read by third parties.

Encrypted payment transactions on this website

If a paid contract is concluded and you are obliged to provide us with your payment details (e.g. bank account number for direct debit), these details will be used for payment processing.

Payments made using common payment methods (Visa/MasterCard, direct debit) are exclusively processed via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the address bar in your browser changing from „http://“ to „https://“ and by the padlock icon in your browser's address bar.

When communicating via an encrypted connection, your payment details, which you submit to us, cannot be read by third parties.

4. Data Collection on this Website

Biscuits

Our websites use so-called „cookies“. Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable certain services from third-party companies to be integrated into websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used for analysing user behaviour or for advertising purposes.

Cookies that are necessary for the electronic communication process, for the provision of certain functions desired by you (e.g. for the shopping cart function) or for the optimisation of the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically flawless and optimised provision of its services. If consent has been requested for the storage of cookies and comparable recognition technologies, the processing will be carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); the consent can be revoked at any time.

You can set up your browser to inform you about the placement of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in our privacy policy.

Consent with Usercentrics

This website uses Usercentrics' consent technology to obtain your consent for storing certain cookies on your device or for using certain technologies, and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter „Usercentrics“).

When you enter our website, the following personal data will be transferred to Usercentrics:

  • Your consent(s) or the withdrawal of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website
  • Geolocation

Furthermore, Usercentrics stores a cookie in your browser to be able to assign the consents you have given or their revocation. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.

The Usercentrics banner on this website was configured with the help of eRecht24. You can tell this because the eRecht24 logo appears on the banner. To display the eRecht24 logo on the banner, a connection is established with eRecht24's image server. Your IP address will also be transferred, but it will only be stored in anonymised form in the server logs. eRecht24's image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.

Usercentrics is used to obtain the legally required consents for the use of specific technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Server request time
  • IP address

Merging this data with other data sources will not be carried out.

The processing of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimisation of its website – to this end, the server log files must be collected.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. We will not pass these data on without your consent.

The processing of this data is carried out on the basis of Art. 6 para. 1 lit. b GDPR, provided your request is related to the fulfilment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form remains with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – particularly retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone, or fax, your request, including all personal data arising from it (name, request), will be stored and processed by us for the purpose of handling your query. We will not pass on this data without your consent.

The processing of this data is carried out on the basis of Art. 6 para. 1 lit. b GDPR, provided your request is related to the fulfilment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be withdrawn at any time.

The data you send us via contact requests will remain with us until you request its deletion, withdraw your consent for its storage, or the purpose for storing the data ceases to apply (e.g. after your enquiry has been fully processed). Mandatory legal provisions – particularly statutory retention periods – remain unaffected.

Communication via WhatsApp

We use, among other things, the instant messaging service WhatsApp for communication with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp does gain access to metadata generated during the communication process (e.g. sender, recipient, and time). We also point out that WhatsApp, according to its own statements, shares personal data of its users with its US-based parent company Meta. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

We use WhatsApp based on our legitimate interest in the fastest and most effective communication possible with customers, prospective customers, and other business and contractual partners (Art. 6(1)(f) GDPR). Where consent has been requested, data processing is carried out solely on the basis of consent; this can be withdrawn at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp will remain with us until you request deletion, withdraw your consent for storage, or the purpose for data storage ceases to apply (e.g., after your request has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

The company has certification under the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/7735.

5. Plugins and Tools

Google Fonts (local hosting)

This page uses so-called Google Fonts, provided by Google, for consistent font display. The Google Fonts are installed locally. No connection is made to Google's servers.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use „Google reCAPTCHA“ (hereinafter „reCAPTCHA“) on this website. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to check whether data input on this website (e.g. in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyses the website visitor's behaviour based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, the website visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

Data is stored and analysed on the basis of Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and spam. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) of the GDPR and § 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

For further information about Google reCAPTCHA, please refer to the Google Privacy Policy and Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company has certification under the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

6. eCommerce and payment providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data to establish, define the content of, and change our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 Para. 1 lit. b of the GDPR.

Customer data collected will be deleted once the order is completed or the business relationship is terminated, and after any applicable statutory retention periods have expired. Statutory retention periods shall remain unaffected.

Data transmission upon conclusion of a contract for online shops, retailers, and goods dispatch

When you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery, as well as to the payment service provider responsible for processing the payment. Only such data will be passed on as the respective service provider requires to fulfil their task. The legal basis for this is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6(1)(a) GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that they can inform you by e-mail about the shipping status of your order; you can revoke your consent at any time.

Data transmission upon conclusion of contracts for services and digital content

We only pass on personal data to third parties if this is necessary within the scope of the contract, for example to a credit institution commissioned with payment processing.

Your data will not be passed on any further, or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or in order to take steps prior to entering into a contract.

Payment services

We integrate third-party payment services on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective terms and conditions and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract processing) as well as in the interest of the smoothest, most convenient and secure payment process possible (Art. 6(1)(f) GDPR). If your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consents can be withdrawn for the future at any time.

The following payment services/providers are used on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as „PayPal“).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal's privacy policy https://www.paypal.com/de/webapps/mpp/ua/privacy-full.