Authenticity Guaranteed

Each fragrance is sourced directly from the Maison.

COMPLIMENTARY DELIVERY

Enjoy free express shipping on select regions.

EFFORTLESS RETURNS

Change of heart? Returns made simple within 14 days.

BIRTHDAY PRIVILEGE

Exclusive surprises await you when you celebrate with us.

Privacy and Data Protection New

Last updated: 01.06.2024

1. Contact information

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).Company: Niche Story UG
Street and house number: Franz Joseph Straße 11
Postal code, city, country: 80801 Munich, Germany
Commercial register/registration number: HRB253020
Telephone number: +49 (0) 89 20190986
Email address: sr@nichestory.eu

2. Privacy Policy

General information:
This privacy policy informs you how, to what extent, and for what purpose your personal data (hereinafter referred to as “data”) is processed in connection with our website, as well as associated web pages, functions, content, and external websites such as our social media profiles (hereinafter collectively referred to as our “website”). Terms such as “processing” and “controller” are used in accordance with the definitions in Article 4 of the General Data Protection Regulation (GDPR): Article 4 GDPR

Types of data processed:
– Inventory data (e.g. names, addresses, etc.).
– Contact data (e.g. email addresses, telephone numbers, etc.).
– Content data (e.g. texts, photos, videos, etc.).
– Contract data (e.g. contract subject, contract duration, customer category, etc.).
– Payment data (e.g. bank details, payment history, etc.).
– Usage data (e.g. websites visited, content preferences, access times, etc.).
– Meta/communication data (e.g. device information, IP addresses, etc.).

Processing of special categories of personal data (GDPR Art. 9 para. 1):
No special categories of data are processed.

Categories of data subjects:
– Customers, interested parties, visitors and users of the website, business partners.
– Visitors and users of the website. Data subjects are hereinafter referred to collectively as “users.”

Purposes of data processing:
– Provision of the website, its content, and shop functions.
– Fulfillment of contractual obligations and customer service.
– Processing contact requests and communication with users.
– Marketing, advertising, and market research.

Version: June 2024

1. Definition of terms
1.1. “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broadly defined and essentially covers any handling of data.
1.3 The “controller” is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

2. Relevant legal bases
In accordance with Art. 13 GDPR, we hereby inform you about the legal basis for our data processing. If the legal basis is not mentioned in this data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and implement contractual measures as well as to answer inquiries is Art. 6 (1) (b) GDPR; the legal basis for fulfilling our legal obligations is Art. 6 (1) (c) GDPR; the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. The legal basis for processing necessary to protect the vital interests of the data subject or another natural person is Art. 6 (1) (d) GDPR.

3. Changes and updates to this privacy policy

We reserve the right to adapt or update this Privacy Policy as needed in accordance with applicable data protection regulations. This allows us to respond to current legal requirements and to reflect changes to our services, such as the introduction of new services. The current version of this Privacy Policy applies to your visit.

We ask you to regularly inform yourself about the current content of this privacy policy. Changes to our data processing procedures will result in immediate adjustments. We will inform you of such changes if they require action on your part (e.g., declaration of consent) or if individual notification is necessary.

4. Security measures

4.1. In accordance with GDPR Art. 32 and taking into account the state of the art, the implementation costs and the nature, scope, context and purposes of data processing as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the respective risk. This includes, among other things, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access, input, disclosure, securing availability and segregation. We have also put in place procedures to ensure that the rights of data subjects are protected, that data is deleted and that data threats are responded to. Furthermore, we consider the protection of personal data already during the development and/or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

4.2. Security measures include, among other things, the encrypted transmission of data between your browser and our server.

5. General

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Our privacy policy is intended to be simple and understandable for everyone. The privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
When you use this website, various personal data is collected and processed. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect, what we use it for (purposes), and the legal basis for processing your personal data. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., when communicating via email) may be subject to security gaps. Complete protection of data from access by third parties is not possible.

5.1. Data processing when visiting the website

When you visit our website, it is technically necessary that data be transmitted via your Internet browser to our web server. During an ongoing connection for communication between your Internet browser and our web server, the following data is collected:

We collect this data to ensure a smooth connection to the website and to enable users to use our website comfortably. The log file is also used to evaluate system security and stability, as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 (1) (f) GDPR, as we have a legitimate interest in the smooth operation of the website.

For technical security reasons, particularly to prevent attacks on our web server, we store this data for a short time. Once the data is no longer needed, it is anonymized by shortening the IP address at the domain level, so that no connection to the individual user can be established.

5.2 Communication by mail, email, fax or telephone

We conduct business transactions and marketing activities using various means of distance communication, including postal correspondence, telephone calls, and electronic mail (“email”). This involves processing basic data, address and contact details, and contractual data of data subjects in the form of customers, participants, interested parties, and communication partners.

Processing is carried out in accordance with Art. 6 (1) (a) GDPR, Art. 7 GDPR, and Art. 6 (1) (f) GDPR in conjunction with statutory requirements for advertising communication. Contact will only be made with the consent of the respective counterparty or if this is legally permissible. The processed data will be deleted as soon as it is no longer required or deletion becomes necessary due to an objection/revocation or the invalidity of the basis for further storage and/or statutory archiving obligations.

Our newsletter contains information about our products, offers, promotions, and the company. Information on data protection, revocation, logging, and performance analysis, to which your consent also applies, can be found in our privacy and data protection policy.

5.3. Sharing and transmission of data

5.3.1. We will only share, transmit or otherwise grant access to data to other persons or companies (here: processors or third parties) if we are legally entitled to do so (e.g. if the transfer of data to third parties such as payment service providers is necessary to fulfil the contract in accordance with Art. 6 (1) (b) GDPR), if you have given your consent, if we are legally obliged to do so or if we are entitled to do so based on our legitimate interests (e.g. in connection with the use of authorised representatives, hosting providers, tax, business or legal advisors or external customer service, accounting, bookkeeping or similar services to ensure the efficient and effective fulfilment of our contractual obligations, administrative tasks and other obligations).

5.3.2. The commissioning of third parties to process data on our behalf on the basis of a so-called “order processing agreement” is carried out in accordance with Art. 28 GDPR.

6. Rights of Data Subjects

6.1 GDPR Art. 15 grants you the right to request confirmation as to whether or not data concerning you is being processed and to receive information about this data as well as further information and copies of the data.

6.2. GDPR Art. 16 grants you the right to request the completion of inaccurate data concerning you or the rectification of inaccurate data concerning you.

6.3 GDPR Art. 17 grants you the right to demand the immediate erasure of personal data concerning you, or alternatively GDPR Art. 18 grants you the right to demand restriction of data processing.

6.4. GDPR Art. 20 grants you the right to receive the personal data concerning you that you have provided to us and to request its transmission to other controllers.

6.5. GDPR Art. 77 grants you the right to lodge a complaint with a supervisory authority.

7. Rights of Withdrawal

GDPR Art. 7 Para. 3 grants you the right to revoke consent once given with effect for the future.

8. Rights of Objection

Article 21 of the GDPR grants you the right to object to the further processing of your personal data at any time. In particular, your right of objection can be used to prevent data processing for direct marketing purposes.

9. Cookies

Our website uses “cookies,” which are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically removed by your web browser.

Cookies fulfill various functions. Many are technically necessary for certain website features to function correctly (e.g., the shopping cart function or language settings). Other cookies are used to analyze user behavior or display advertising.

Technically necessary cookies

are stored on the basis of Art. 6 (1) (f) GDPR, as we have a legitimate interest in the technically error-free and optimized provision of our services. Details on the processing purposes and legitimate interests can be found in the specific information on data processing.

Other cookies

are only stored with your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time with future effect. Art. 6 (1) (b) GDPR can also serve as the legal basis if the processing is necessary to fulfill a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract. If cookies are used for analysis purposes, we will inform you separately in this privacy policy and obtain your consent.

You can configure your browser so that:

Cookie settings can be managed for each browser using the following links:

You can also individually manage cookies from many companies and features used for advertising using the following tools:

Most browsers also offer a “Do Not Track” feature. When enabled, the browser tells ad networks, websites, and applications that you do not want to be tracked. Information and instructions on how to enable this feature can be found at the following links, depending on your browser provider:

Additionally, you can prevent scripts from loading by default. Tools like “NoScript” allow JavaScript, Java, and other plug-ins to run only on domains you trust. Information and instructions on how to enable this feature are available from your browser provider (e.g., for Mozilla Firefox, see: https://addons.mozilla.org/de/firefox/addon/noscript/  ).

Please note that deactivating cookies may limit the functionality of our website.

10. Order processing in the online shop, customer accounts

10.1. We process our customers’ data during order processing in our online shop to enable them to select, order, pay for and ship/perform the selected products and services.

10.2. The data processed includes basic data, communication data, contract data, and payment data. Data subjects include our customers, prospective customers, and other business partners. The processing facilitates the provision of contractual services within the scope of operating an online shop, invoicing, shipping, and customer service. This includes the storage of session cookies (to store the contents of the customer’s shopping cart) and permanent cookies (to store the customer’s login status).

10.3. Processing is justified pursuant to Art. 6 (1) (b) GDPR (order processing) and Art. 6 (1) (c) GDPR (archiving in accordance with legal obligations). Entries marked as “required” are essential for the conclusion and fulfillment of the contract. We only share data with legal advisors and authorities for the purposes of shipping, payment, and compliance with legal rights and obligations. Data will only be processed in third countries if this is necessary to fulfill the contract (e.g., due to customer inquiries regarding shipping and payment).

10.4. Users have the option of setting up a user account, which, among other things, allows them to view their orders. Users will be informed about which entries are required for registration. User accounts are not public and cannot be indexed by search engines. If a user deletes their user account, the data contained therein will be deleted, unless there is a need to retain this data for business or tax reasons in accordance with Art. 6 (1) (c) GDPR. Data will remain in the user’s account until the account is deleted; after that, it may be archived due to legal obligations. In the event of an account deletion, it is the user’s responsibility to back up their data before the end of the contract.

10.5. The time the user is active and the IP address of their device are stored when they register, log in, or use our website. This data is stored based on our legitimate interests and as a means of protecting the user from misuse and unauthorized use. As a general rule, the data will not be disclosed unless this is necessary to enforce our claims or we are legally obligated to do so in accordance with Art. 6 (1) GDPR.

10.6. Deletion occurs after expiration of statutory archiving periods and comparable obligations. The extent to which data continues to be required to be stored is reviewed every three years. Data subject to statutory archiving obligations will be deleted after the respective period has expired (six years for commercial archiving obligations, ten years for tax archiving obligations). Data remains in the user’s account until the account is deleted.

11. Data transfer to payment providers

In order to fulfill the contract in accordance with Art. 6 (1) (b) GDPR, we will pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select during the ordering process, the payment data collected for this purpose will be forwarded to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this case, the data protection declaration of the respective payment service provider applies.

11.1 Data collection and processing for payments via PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “installment payment” via PayPal, we will transfer your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. This transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “payment by installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of a payment default to decide whether to provide the respective payment method. The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is used to calculate the score values. For further data protection information, including information about credit agencies, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

11.2. Data collection and processing for payments via Klarna: Purchase on account, installment purchase

If a Klarna payment service is selected, payment processing will be carried out by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). To enable payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, item, delivery method) will be transmitted to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this during the ordering process in accordance with Art. 6 (1) (a) GDPR. You can see which credit agencies your data may be forwarded to here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. Further information on data protection can be found in Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/

11.3. Data collection and processing for payments via Stripe

If you choose a payment method from the payment service provider “Stripe”, payment processing will be carried out via Stripe Payments Europe Ltd., C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland, to which we will pass on the payment information you provided during the ordering process as well as information about your order (name, address, account number, bank sort code, if applicable credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that this is necessary for this purpose. Further information on data protection can be found in Stripe’s privacy policy: https://stripe.com/de/privacy#translation .

11.4. Data collection and processing for payments via SEPA direct debit

For SEPA direct debit payments, the purchase price claim is assigned to Wise Europe SA, Rue du Trône 100/3, 1050 Brussels, Belgium. The data required for payment processing will be transmitted to Wise Europe SA for identity and credit checks, based on Art. 6 (1) (f) GDPR. Further information can be found in Wise’s privacy policy: https://wise.com/gb/legal/global-privacy-policy-en#chapter6

11.5. Data collection and processing for payments via Mollie

Payments via Mollie are processed by Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands. Your payment and order data will be transmitted to Mollie in accordance with Art. 6 (1) (b) GDPR, only to the extent necessary for payment processing. Further information can be found in Mollie’s privacy policy: https://www.mollie.com/de/privacy.

For all payment methods, data transmission is necessary for the payment process and is carried out in compliance with applicable data protection regulations. You can object to data processing at any time by notifying the respective payment provider; however, this may affect the availability of certain payment options.

11.6. Data collection and processing for payments via Mollie: Credit card, iDEAL, Bancontact, TWINT, SOFORT, Apple Pay, Giropay

When paying via “Mollie,” this is done via the financial institution Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands, in accordance with the Mollie Terms of Use, available at https://www.mollie.com/de/user-agreement. The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

You may be asked by Mollie and/or Mollie’s affiliated payment service providers to provide personal information. This information will then be processed by Mollie, but not by us. For more information about data protection, please see Mollie’s privacy policy: https://www.mollie.com/de/privacy

12. General data processing on the website

12.1 Contact form and customer service

If you contact us via the contact form or by email, the data you provide (including your contact details) will be stored by us to process your inquiry and answer any follow-up questions. We will never share this data without your consent.

The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6 (1) (f) GDPR. If your inquiry is aimed at concluding a contract, Art. 6 (1) (b) GDPR also serves as the legal basis.

12.2. Data retention and storage period of personal data

Data retention:

General data deletion guidelines:

Statutory retention periods:

If data is required to fulfill or initiate a contract, or if we have a legitimate interest in further storage, the data will be deleted when it is no longer required for these purposes or when you exercise your right of revocation or objection. In cases where Art. 6 (1) (f) GDPR applies, you can object to the processing of your personal data at any time with future effect.

12.3 Sending review reminders by email

If you have given us your express consent during or after your order in accordance with Art. 6 (1) (a) GDPR, we will use your email address as a reminder to provide a review of your order using the rating system we use. This consent can be revoked at any time by sending a message to the contact option.

12.4. Transfer of data to Trustpilot reviews

We use the rating system of the provider Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark (“Trustpilot”).

Trustpilot offers users of our online services the opportunity to review our services. Users who have used our services are asked to consent to receive a review request. If users consent (e.g., by clicking a checkbox or a link), they will receive a review request with a link to a review page. To ensure that users have actually used our services, we send Trustpilot the necessary data about the user and the service used, including name, email address, and a reference number. This data is used to verify the user’s authenticity and address.

The legal basis for the processing of the user’s data within the framework of the evaluation process is the user’s consent in accordance with Article 6 (1) (a) GDPR.

To submit a review, users must open a customer account with Trustpilot. In this case, Trustpilot’s Terms and Conditions and Privacy Policy apply. To ensure the neutrality and objectivity of the reviews, we have no direct influence on the reviews and cannot delete them ourselves. If users wish to delete individual reviews or their Trustpilot account, they must contact Trustpilot directly. In this case, Trustpilot acts as the controller. Trustpilot can be reached at privacy@trustpilot.com .

We can also integrate the Trustpilot widget into our website. A widget is a functional and content element that is integrated into our online offering and displays changing information. The corresponding content is displayed within our online offering, but is retrieved at that moment from Trustpilot’s servers. This is the only way to always display the most up-to-date content, especially the most recent reviews. For this to happen, a data connection must be established from our website to Trustpilot, and Trustpilot receives technical data (access data, including the IP address). This is necessary to display the content. Trustpilot also receives information that users have visited our online offering. This information can be stored in a cookie and used by Trustpilot to identify which online offerings that participate in the Trustpilot review process have been visited by the user. This information can be stored in a user profile and used for advertising or market research purposes.

The legal basis for processing user data when integrating the widget is our legitimate interest in informing our users about the quality of our services, pursuant to Article 6 (1) (f) GDPR. If we ask users for consent to process their data through the use of cookies, the legal basis for processing is Article 6 (1) (a) GDPR.

We have entered into a data processing agreement with Trustpilot.

Further information on data processing by Trustpilot as well as on the rights of objection and other rights of users can be found in Trustpilot’s privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms .

12.5. Transmission of data to Trusted Shops reviews

For review reminders, we use the services of the following provider:

Trusted Shops AG

Data Protection Officer
Subbelrather Str. 15c
50823 Cologne
Email: privacy@trustedshops.com

If you have any questions about the collection, processing or use of your personal data, if you wish to request information, correction, restriction of processing or deletion of data, or if you wish to revoke consent given or object to a specific use of data, please contact our data protection team at the email address provided above.

Only on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR will we transmit your email address and, if applicable, other customer data to the provider so that they can contact you by email with a review reminder.

You can revoke your consent to us or the provider at any time with effect for the future.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information can be found in the privacy policy of Trusted Shops AG: https://www.trustedshops.de/impressum-datenschutz/#datenschutz .

13. Email newsletter

13.1. In this section, we inform you about the content of our newsletter, the registration process, its dispatch, the statistical evaluation methods, and your right of objection. By subscribing to our newsletter, you automatically agree to receive it and the described procedures.

13.2. Newsletter content:

We only send newsletters, emails, and other electronic notifications containing promotional information (hereinafter collectively referred to as “newsletters”) with the recipient’s consent or legal permission. The content of the newsletter is decisive for the user’s consent, provided this content is clearly described during the newsletter registration process. Our newsletters also contain information about our products, offers, promotions, and our company.

13.3. Double opt-in and logging:

We use the so-called “double opt-in” process to register for our newsletter. This means that after registering, you will receive an email asking you to confirm your registration. This “double” confirmation is necessary to prevent people from registering with unfamiliar email addresses. Newsletter registrations are logged to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the user’s IP address. Changes to your data stored by the shipping service provider are also logged.

13.4. Shipping service provider:

The newsletter is sent by Intuit Inc., which has appointed Intuit France SAS as its legal representative in the European Union pursuant to Regulation (EU) 2016/679. The address of the legal representative is 7 Rue de la Paix, 75002 Paris, France (hereinafter referred to as the “Shipping Service Provider”). The shipping service provider’s privacy policy is available at the following link: https://quickbooks.intuit.com/eu/gdpr/.

13.5. If we use a shipping service provider, the provider has confirmed to us that it may use pseudonymized data (i.e., data in a form that cannot be assigned to a specific person) to optimize and improve its own services (e.g., for the technical optimization of the delivery and presentation of the newsletter) and for statistical analysis (e.g., to analyze the recipients’ countries of origin). The shipping service provider neither uses the data of our newsletter recipients to contact them directly, nor does it pass the data on to third parties.

13.6. Login details:

Providing your email address is sufficient to subscribe to the newsletter. Optionally, you can provide your name to be addressed personally in the newsletter.

13.7. Measuring success: 

Our newsletters contain a so-called “web beacon.” This is a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from the mailing service provider’s server. During this retrieval, technical information such as information about your browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve the services based on the technical data or to determine the target groups and their reading behavior based on the retrieval location (which can be determined using the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients; however, it is neither our aim nor that of the mailing service provider to monitor individual users. Rather, the evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content based on the interests of our users.

13.8. The newsletter is sent and its success is measured on the basis of the recipient’s consent in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 of the German Unfair Competition Act (UWG) or on the basis of legal permission in accordance with Section 7 (3) of the UWG.

13.9. The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR and serves as proof of consent to receive the newsletter.

13.10. Newsletter recipients can cancel their subscription to our newsletter at any time (i.e., revoke their consent). You will find a link to unsubscribe from the newsletter at the end of each newsletter. Upon unsubscribing, your consent to performance measurement will also expire. Unfortunately, a separate revocation of performance measurement is not possible; in this case, the entire newsletter subscription must be canceled. After unsubscribing, your personal data will be deleted unless its retention is legally required or justified; in these cases, processing will be limited to these exceptional cases. In particular, it is in our legitimate interest to store the email addresses of former newsletter recipients for up to three years on the basis of our legitimate interest in order to be able to prove the previously given consent. In this case, the processing of the data will be limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

14. Business analysis and market research

14.1. We analyze the data available to us on business transactions, contracts, inquiries, etc. in order to operate our business economically and to identify market trends and customer and user wishes. In doing so, we process inventory data, communication data, contract data, payment data, usage data, and metadata in accordance with Art. 6 (1) (f) GDPR. The data subjects include customers, interested parties, business partners, visitors, and users of our online offering. The analyses are carried out for the purpose of business evaluations, marketing, and market research. The profiles of registered users with information on their purchasing transactions may, for example, be included. The analyses serve to increase user-friendliness, optimize our offering, and improve business efficiency. The analyses are carried out solely for our own purposes and are not disclosed externally unless they are anonymized analyses with summarized values.

14.2. If analyses and profiles are personal, they will be deleted or anonymized upon termination of the user’s contract, otherwise after two years from the end of the contract. Otherwise, the business analyses and general trend determinations will be created anonymously wherever possible.

15. Web analysis and advertising tracking

15.1. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This service helps us analyze the use of our website and ensure that advertising is only shown to users who have shown an interest in our website or who meet certain characteristics communicated to us by Google. This includes the creation of “Remarketing Audiences” or “Google Analytics Audiences” to ensure that our advertising matches users’ potential interests.

Use of cookies:

When using Google Analytics, so-called “cookies” are used. The information collected by the cookies about your use of the website (including the IP address transmitted by your device) is usually transmitted to a Google server, where it is stored and processed. This may involve transferring the information to servers of Google LLC located in the USA.

IP anonymization:

By activating IP anonymization on this website, the IP address transmitted by your device is automatically collected and processed in abbreviated form. This ensures that the information collected cannot be directly assigned to a person. The IP address is shortened by Google within the member states of the European Union (EU) or in other contracting states to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted as part of Google Analytics is generally not merged with other Google data.

Privacy Shield:

Google’s Privacy Shield certification provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Data processing and storage:

Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity or usage behavior, and provide other services related to website and internet usage. The shortened IP address transmitted by your device will not be merged with other Google data. The data collected through the use of Google Analytics is stored for two months and then deleted.

Demographic characteristics:

Google Analytics also uses a special feature called “demographic characteristics” to compile statistics with information about the age, gender, and interests of website users. This data is based on an analysis of interest-based advertising and the use of third-party data and helps optimize marketing efforts. However, this data cannot be assigned to a specific individual and is stored for two months before being deleted.

Consent and legal basis:

All processing described above, in particular the placement of Google Analytics cookies, only takes place if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without your consent, Google Analytics will not be used as long as you use the website. Our use of Google Analytics is also justified by our legitimate interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6 (1) (f) GDPR.

Data protection and data transfers:

We have entered into a data processing agreement with Google for our use of Google Analytics, which ensures that Google protects our website users’ data and does not share it with third parties. Because personal data is transferred to the USA, additional safeguards are necessary to ensure a level of data protection compliant with the GDPR. We have agreed to standard data protection clauses with Google, which oblige the recipient of the data in the USA to process it in accordance with European data protection standards. For more information on the legal framework of Google Analytics, including a copy of the standard contractual clauses, please see the Google policies .

Cookie management and opt-out:

Users can prevent the storage of cookies by setting their browser software accordingly. Furthermore, users can prevent the collection of data generated by cookies and related to their use of the website as well as the processing of this data by Google by downloading and installing a browser plug-in available under Google Opt-out. Alternatively, users can use this link to prevent future data collection by Google Analytics on this website. An opt-out cookie will be stored on your device, and if you delete your cookies, you will need to click the link again.

For more information about how Google uses data, settings and options for opting out, please visit the following Google websites:

15.2. Google Fonts

Our website uses external fonts from Google Fonts to ensure consistent font display. Google Fonts is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

When you visit our site, your browser loads the required web fonts directly from a Google server into the browser cache to correctly display text and fonts. The server is informed which of our websites you have visited. In addition, Google stores the IP address of the browser on the device of the visitor to these websites. If your browser does not support web fonts, a standard font from your computer will be used.

The legal basis for the use of Google Fonts is Art. 6 (1) (f) GDPR. Our legitimate interest arises from our need to present the fonts in a uniform format.

Google LLC is certified under the US Privacy Shield, which ensures an adequate level of data protection in accordance with the GDPR. Further information on data processing by Google can be found in Google’s privacy policy and the opt-out options:

15.3. Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows you to manage website tags via a single interface. Google Tag Manager simply implements tags; no cookies are used, and only the user’s IP address is transmitted to Google to establish a connection.

Google Tag Manager triggers other tags, which in turn can collect data. However, Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, this will remain in effect for all tracking tags as long as they are implemented with Google Tag Manager.

We use Google Tag Manager based on your consent in accordance with Art. 6 (1) (a) GDPR. Since the IP address is transferred to Google in the USA, additional protective mechanisms are required to ensure the level of data protection required by the GDPR. For this purpose, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with European data protection standards. In cases where this cannot be guaranteed even through this contractual extension, we will obtain additional regulations and commitments from the recipient in the USA.

15.4. Google Marketing and Remarketing Services

Our website uses various Google Marketing and Remarketing services (collectively, “Google Marketing Services”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). These services are used to analyze, optimize, and commercially operate our website. The use of these services is justified by our legitimate interests pursuant to Art. 6 (1) (f) GDPR.

Overview of Google Marketing Services1. Purpose and functionality:

2. Data processing:

3. Pseudonymized data:

4. Google AdWords :

5. Other Google services:

6. Legal basis and consent:

7. Google AdWords Remarketing:

Data protection and data transfers:

Since personal data is transferred to the USA, additional safeguards are required to ensure the level of data protection required by the GDPR. We have agreed to standard data protection clauses with Google in accordance with Art. 46 (2) (c) GDPR. These clauses oblige the recipient in the USA to process the data in accordance with European data protection standards. In cases where this cannot be guaranteed, we will obtain additional regulations and commitments from the recipient in the USA.

For more information about how Google uses data for marketing purposes, see:

If you wish to opt out of interest-based advertising through Google Marketing Services, you can do so through the settings and opt-out options provided by Google: Google Ad Settings .

15.5. Google AdSense

Our website uses Google AdSense, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to integrate advertisements. Google AdSense enables analysis of website usage and uses web beacons (invisible graphics) to evaluate information such as visitor traffic on these pages.

Data collection and transfer:

The information generated by cookies and web beacons about your use of this website (including your IP address) and the delivery of advertising formats will be transmitted to and stored by Google on servers in the United States. Google may share this information with its contractual partners. However, Google will not associate your IP address with any other data stored about you.

Consent and legal basis:

If you have given your consent to the storage of AdSense cookies, this is done on the basis of Art. 6 (1) (a) GDPR. Without your consent, no Google AdSense cookies will be used while you use the website.

Cookie management and opt-out:

You can prevent the installation of cookies by setting your browser software accordingly. Please note, however, that doing so may limit the functionality of our website. Additionally, you can prevent Google from collecting and processing the data generated by cookies and related to your use of the website by downloading and installing the Google Opt-out browser plug-in available. You can also deactivate the cookie using this link.

Data protection and data transfers:

Since personal data is transferred to the USA, additional safeguards are required to ensure a GDPR-compliant level of data protection. Pursuant to Art. 46 (2) (c) GDPR, Google has committed to standard data protection clauses that oblige the recipient of the data in the USA to process the data in accordance with European data protection standards. In cases where this cannot be guaranteed even through this contractual extension, we will obtain additional regulations and commitments from the recipient in the USA.

For more information about Google AdSense, please see Google’s privacy policy: Google Privacy Policy

15.6. Facebook Pixel

Our website uses “Facebook Pixel”, a service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”).

Purpose and consent:

If you have given us your consent in accordance with Art. 6 (1) (a) GDPR, we use Facebook Pixel for marketing and optimization purposes. This enables us to show you relevant and interesting ads on Facebook, improve our offerings, and make them more interesting for you as a user, while avoiding annoying ads.

Functionality:

Facebook Pixel enables Facebook to show our advertisements, known as “Facebook Ads,” only to users who have visited our website or shown interest in our online offerings. It also allows us to check whether a user was redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, small text files that are stored in the cache of your web browser on your device. If you are logged in to Facebook with your user account, your visit to our online offering will be recorded in your user account. The data collected about you is anonymous to us and does not allow us to identify you personally. However, Facebook can link this data to your Facebook user account.

Data protection and data transfers:

a If personal data is transferred to the USA, additional safeguards are required to ensure a GDPR-compliant level of data protection. In accordance with Art. 46 (2) (c) GDPR, we have agreed standard data protection clauses with the provider that oblige the recipient in the USA to process the data in accordance with European data protection standards. If this cannot be guaranteed even through this contractual extension, we will obtain additional regulations and commitments from the recipient in the USA.

Managing settings and opting out:

You can manage the types of ads you see within Facebook through Facebook Ad Settings . Please note that this setting will be deleted if you delete your cookies. You can also disable cookies used for audience measurement and advertising purposes through the following websites:

Please note that these settings will also be deleted if you delete your cookies.

For more information about Facebook Pixel, see the following resources:

16. Social Media

16.1. Social Media Linking

Social networks (Facebook, Twitter, YouTube, Instagram, Pinterest, and WhatsApp) are integrated into our website only as links to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the respective provider’s website. User data is only transferred to the respective provider after the redirection. Information on how your personal data is handled when using these websites can be found in the respective privacy policies of the providers you use.

16.2. Social Media Presence

Below, we inform you about how we process your data collected through the use of our social media presence on social networks and platforms. Your data will be processed in accordance with legal regulations.

Online presence in social media:

In accordance with our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, we maintain online presences on social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. Access to these networks and platforms is subject to the general terms and conditions and data processing policies of the respective providers.

When you visit our social media presence, your data may be automatically collected and stored for market research and advertising purposes. User profiles are created from this data using pseudonyms. These profiles can be used to display advertisements within and outside the platforms that are likely to match your interests. For this purpose, cookies are typically stored on your device to record visitor behavior and user interests.

Pursuant to Art. 6 (1) (f) GDPR, this data processing protects our legitimate interests in an optimized presentation of our offering and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent to data processing (e.g., via a checkbox), the legal basis for data processing is Art. 6 (1) (a) GDPR.

Data collection and use:

The purpose and scope of data collection and the further processing and use of the data by the providers on their websites as well as your rights and setting options for protecting your privacy can be found in the data protection information of the respective providers:

Opt-out options:

To the extent that the aforementioned social media platforms are based in the USA, the European Commission has issued an adequacy decision based on the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.

If you need further support, please contact us.

16.3 Facebook Fan PageResponsible body:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for data processing within the meaning of the GDPR for the data you transmit to us (hereinafter referred to as “Meta/Facebook”). We have concluded a joint data processing agreement (Controller Addendum) with Meta/Facebook in accordance with Art. 26 GDPR. This agreement specifies which data processing operations we or Meta/Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: Controller Addendum .

Since personal data is transferred from Meta/Facebook to the USA, additional safeguards are required to ensure the level of data protection required by the GDPR. In accordance with Art. 46 (2) (c) GDPR, Meta/Facebook uses standard data protection clauses that oblige the recipient of the data in the USA to process the data in accordance with European data protection standards. In cases where this cannot be guaranteed even through this contractual extension, we will obtain additional regulations and commitments from the recipient in the USA.

If you, as a visitor to the site, wish to exercise your rights (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact Meta/Facebook or us.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: Facebook Ad Settings or Your Online Choices .

For further details, please refer to Meta/Facebook’s privacy policy: Facebook Privacy Policy .

Data Protection Officer of Meta/Facebook

To contact Meta/Facebook’s Data Protection Officer, you can use the online contact form provided by Meta/Facebook at the following link: Contact form .

Data processing for statistical purposes using Page Insights:

Meta/Facebook provides so-called Page Insights for our Facebook fan page: Page Insights . These are aggregated data that provide information about how people interact with our page. Page Insights may be based on personal data collected in connection with a person’s visit to or interaction with our page and in connection with the content provided.

Please be careful about which personal data you provide to us via Meta/Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Meta/Facebook or do not have a Meta/Facebook account. For example, profiles may be created based on user behavior and the resulting interests. These profiles can be used to display ads both within and outside the platforms that are likely to match users’ interests. This data is collected using cookies stored on your device. Device-independent data may also be stored in user profiles, particularly if users are members of the respective platforms and are logged in to them.

The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR. Please note that we have no influence on the data collection and further processing by Meta/Facebook. Therefore, we cannot provide any information about the extent, where, and for how long Meta/Facebook stores data. Furthermore, we cannot make any statements about the extent to which Meta/Facebook complies with existing deletion obligations, what evaluations and links are made with the data by Meta/Facebook, and to whom Meta/Facebook passes the data on. If you wish to prevent Meta/Facebook from processing your personal data, please contact us by another method.

16.4 Data transmission and recipients

When visiting and using the platforms listed below, personal data may be transferred to the USA or other third countries outside the EU. In these cases, additional safeguards are required to ensure the level of data protection in accordance with the GDPR. Further information on whether and what appropriate safeguards the providers can provide in this regard can be found in the list below.

We have no influence on the processing of your personal data by the provider and how this data is handled. For more information, please refer to the privacy policy of the respective provider and, if applicable, use the opt-out/personalization options regarding data processing by the provider:

16.5. YouTube

On our website, we embed videos from “YouTube,” a social media platform provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR.

If embedded YouTube videos are played with your consent, the provider “YouTube” uses cookies to collect information about user behavior. According to “YouTube,” these cookies are used to create video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want your YouTube profile to be assigned, you must log out before activating the button. Google stores this data as usage profiles and uses it for advertising, market research, and/or to tailor its websites to meet your needs. Such evaluations are carried out in particular (even for users who are not logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly.

Since personal data is transferred to the USA, additional safeguards are required to ensure the GDPR level of data protection. For this purpose, Google uses standard data protection clauses pursuant to Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with European data protection standards. In cases where this cannot be guaranteed even through this contractual extension, we will obtain additional regulations and commitments from the recipient in the USA.

For more information about privacy and data usage by Google, please visit the following Google website: Google Privacy Policy

16.6. WhatsApp

WhatsApp is not a secure data transmission channel. By installing and using WhatsApp on your mobile device, you agree to the terms and conditions of WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025 (USA). Niche Story UG has no influence on data processing by WhatsApp Inc. Your data transmitted via WhatsApp is stored on the servers of WhatsApp Inc., which are not subject to European or German data protection regulations. Therefore, we recommend that you do not send us any sensitive data via WhatsApp.

If you contact us via WhatsApp, you agree that we may communicate with you via this channel. Niche Story UG will never actively contact you via WhatsApp and will only respond to your inquiries. We will not contact you for marketing purposes. Your WhatsApp number will be stored in our chat history but will not be added to your customer data in the online store or otherwise processed. Your WhatsApp number will not be actively shared with third parties.

Features provided by the WhatsApp service/platform may be embedded on our website. WhatsApp is operated by WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, United States of America.

Privacy Policy: https://www.whatsapp.com/legal/?l=de ,
Opt-Out: https://www.whatsapp.com/legal/?eea=1#privacy-policy-managing-and-deleting-your-information.

17. Embedded services and third-party content

Our use of third-party services and content is justified by our legitimate interests pursuant to Art. 6 (1) (f) GDPR (here: our interest in the analysis, optimization, and economic operation of our website) and includes the embedding of these third-party services and content, such as videos and fonts (hereinafter referred to as “content”). This always requires that the third-party providers of this content record the user’s IP address, since without the IP address the content cannot be sent to the user’s browser. The IP address is therefore a prerequisite for displaying the respective content. We endeavor to only use content from providers who use the user’s IP address exclusively to deliver the content. Third-party providers may also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical analysis and marketing purposes. Pixel tags can be used to evaluate data about visitor traffic on the web pages of this website. The pseudonymised data may also be stored in cookies on the user’s device and may contain technical information about the respective browser and operating system, referrer URLs, visit times and other information about the use of our website; it may also be compared with data from other sources.

18. Privacy Policy for the Use of Google reCAPTCHA

To protect against misuse of our web forms and spam, we use the Google reCAPTCHA service in some forms on this website. Google reCAPTCHA is provided by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). By verifying manual entries, this service prevents automated software (so-called bots) from conducting abusive activities on the website. The legal basis for this data processing is Art. 6 (1) (f) GDPR, which protects our legitimate interests in protecting our website from misuse and ensuring an uninterrupted online presence.

Google reCAPTCHA uses JavaScript, a code embedded in the website, as part of its verification methods, such as cookies, to analyze your use of the website. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.

To determine whether a specific entry in our contact or newsletter form was made by a person or a computer, Google uses the following data: IP address of the device used, the website visited on our site that contains the CAPTCHA, the date and duration of the visit, the identification data of the device used, the browser and operating system type, your Google Account if you are logged in to Google, mouse movements in the reCAPTCHA areas, and tasks that require you to identify images. No personal data is read or stored from the input fields of the respective form.

To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can prevent Google from collecting and processing the data generated by JavaScript or cookies and related to your use of the website (including your IP address) by adjusting your browser settings accordingly to prevent JavaScript or cookies from being set. Please note that this may limit the functionality of our website for your use.

For more information about Google’s privacy policy, please visit: https://policies.google.com/privacy?hl=de

19. Miscellaneous

External links:

If links to other websites are provided, we have no influence or control over the linked content and the privacy policies applicable there. We recommend that you review the privacy policies of these websites when you visit linked websites to determine whether and to what extent personal data is collected, processed, used, or disclosed to third parties.

Legal obligations:

The provision of personal data for the purpose of deciding whether to enter into a contract, fulfilling the contract, or taking pre-contractual steps is voluntary. However, we can only decide within the scope of contractual measures if you provide personal data that is necessary for the conclusion or fulfillment of the contract or for taking pre-contractual measures.

Automated decision-making:

Automated decision-making or profiling pursuant to Art. 22 GDPR does not take place.