Data Protection Policy

The following Data Protection Policy applies to use of our website content [] (hereinafter “the website”).

We take data protection very seriously. Your personal data is collected and processed in compliance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

1 Controller

The party responsible for collecting, processing and using your personal data (the controller) within the meaning of Art. 4(7) GDPR is

[Nordmetall GmbH, Adorfer Hauptstr. 16, 09221 Neukirchen, Germany]

Please contact the controller if you wish to object to your data being collected, processed and used by us in accordance with these data protection provisions, either in general or in individual cases.

You can store and print out this Data Protection Policy at any time.

2 General purposes of data processing

We use personal data to operate the website and to perform contracts to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)b) GDPR).

3 What data we use and why

3.1 Access data

We collect information about you when you use this website. We automatically collect information about your user behavior and your interaction with us, and we record data about your computer or mobile device. We collect, store and use data each time our website is accessed (server log files). This access data includes:

  • name and URL of the accessed file
  • date and time of access
  • amount of data transmitted
  • notification of successful access (HTTP response code)
  • browser type and version
  • operating system
  • referrer URL (the site visited prior to our website)
  • websites accessed by the user’s system via our website
  • the user’s Internet service provider
  • IP address and the requesting provider

Without personally identifying you or otherwise creating a profile, we use this log data for statistical evaluations in order to operate, secure and optimize our website, but also to anonymously record the number of visitors to our website (traffic) and the scope and nature of use of our website and services, as well as for accounting purposes to measure the number of clicks received from cooperation partners. With this information, we are able to provide personalized and location-based content, analyze data traffic, troubleshoot and fix errors and improve our services.

This also constitutes our legitimate interest pursuant to Art. 6(1)f) GDPR.

3.2 Cookies

We use “session cookies” to optimize our website. A session cookie is a small text file that is sent from the respective servers when you visit a website and stored temporarily on your hard drive. This file contains what is known as a session ID, which allows us to assign various requests from your browser to the same session. In this way, your computer can be recognized if you return to our website. These cookies are deleted when you close your browser.

We also occasionally use persistent cookies to a limited extent; these are also small text files that are stored on your end device, but in this case, they remain there, allowing us to recognize your browser on your next visit. These cookies are stored on your hard drive and are automatically deleted after a specified period. Their lifespans range from 1 month to 10 years. These cookies help us to make our website more user-friendly, efficient and secure for you and allows us, for example, to display information that is specifically tailored to your interests on the website.

Our legitimate interest in the use of cookies pursuant to Art. 6(1)f) GDPR lies in making our website more user-friendly, efficient and secure.

The data and information stored in the cookies includes the following:

  • language settings
  • search terms entered
  • information on the number of times our website was called up and on how individual features of our website are used.

When a cookie is enabled, it is given an ID number; this ID number is not used to personally identify you. Your name, IP address or similar data that would enable the cookie to personally identify you are not stored in the cookie. The cookie technology only allows us to receive pseudonymized information on, for example, which pages of our store were visited, which products were viewed, etc.

You can configure your browser so that you are informed before cookies are installed and can decide on an individual basis whether to accept them in specific cases, reject them in general, or block them completely. This may result in the website not functioning properly.

3.3 Data necessary to fulfil our contractual obligations

We process the personal data necessary for us to fulfil our contractual obligations, such as your name, address, email address, ordered products, billing and payment details. We need to collect this data in order to form the contract with you.

This data is deleted upon the expiry of the warranty and the statutory retention periods. Data linked to a user account (see below) will, in all cases, be retained as long as this account is still active.

The legal basis for the processing of this data is Art. 6(1)b) GDPR, as we require this data to fulfil our contractual obligations towards you.

3.4 Email contact

If you contact us (e.g. using the online form or by email), we process your information in order to handle your request and to answer any subsequent questions you may have.

If data is processed in order to take steps at your request prior to entering into a contract or, if you are already a customer, to perform the contract, the legal basis for this processing is Art. 6(1)b) GDPR.

We process other personal data only where you give us your consent to do so (Art. 6(1)a) GDPR) or where we have a legitimate interest in processing your data (Art. 6(1)f) GDPR). A legitimate interest includes replying to your email, for example.

4 Web analysis, tracking & tracing

We use AWStats ( and Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses ‘cookies’, which are text files that are stored on your computer and make it possible to analyze how you use the website. The information generated by the cookie about the use of this website by the visitor is usually transmitted to a Google server in the USA and stored there.

This also constitutes our legitimate interest pursuant to Art. 6(1)f) GDPR.

Google is subject to and certified under the Privacy Shield agreement between the European Union and the USA. This means that Google is obliged to comply with the standards and provisions of European data protection law. You can find more information in the following linked entry:

IP anonymization is enabled on this website (anonymizeIp). This means that your IP address will first be truncated by Google within the Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports about website activity and to provide us with other services relating to website usage and Internet usage.

The IP address transmitted by your browser within the context of Google Analytics will not be associated with any other data held by Google. You can prevent cookies from being stored by adjusting your browser settings accordingly; we should point out, however, that in this case you may not be able to use all of the features of this website to their full extent.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being transmitted to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:

As an alternative to the browser plug-in or in browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in future (this opt-out cookie will work only on this browser and only for this domain. If you delete the cookies in your browser, you will have to click this link again): [Disable Google Analytics]

5 Use of Google Maps

This website uses Google Maps API to display geographical information in a visual form. When Google Maps is used, Google also collects, processes and uses data relating to the use of map functions by visitors. Please refer to Google’s Privacy Policy for more information on data processing by Google. You can also change your personal data protection settings in the safety center there.

You can find detailed instructions on how to manage your own data in connection with Google products here.

6 Embedded YouTube videos

We embed YouTube videos on some of our web pages. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection to YouTube servers is established. This gives YouTube information about the pages you visit. If you are logged in to your YouTube account, YouTube can associate your surfing behavior with you. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is played, the provider uses cookies that collect information on user behavior.

If you have disabled cookies for the Google Ads program, you will not have to reckon with cookies of this nature when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you have to block cookies from being stored in your browser.

You can find further information on data protection at YouTube in the provider’s data privacy policy at:

7 Duration of storage

Unless specifically stated, we store your personal data only as long as we need it to fulfil the purposes pursued.

In some cases, there is a statutory requirement to retain personal data, for example under tax or commercial law. In these cases, we store the data only for these statutory purposes; we do not use it for any other purposes and delete it upon the expiry of the statutory retention period.

8 Your rights as the data subject

In accordance with the applicable law, you have various rights with regard to your personal data. If you wish to exercise these rights, please send your request by email or post to the address stated in Section 1 above, including all the details needed to clearly identify you.

Your rights are listed below.

8.1 Right to confirmation and access to information

You have the right to obtain clear information about how your personal data is processed.

In detail:

You have the right, at any time, to obtain from us confirmation as to whether or not personal data relating to you is processed. If so, you have the right to obtain from us, free of charge, information about the personal data relating to you that is stored by us, as well as a copy of this data. You also have the right to the following information:

  1. the purposes of processing;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular recipients in third countries or in international organizations;
  4. where possible, the period for which the personal data is stored, or, if this is not possible, the criteria used to determine that period;
  5. the existence of a right to rectification or erasure of the personal data relating to you, or the right to have the processing by the controller restricted, or the right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. where the personal data is not collected from you, any available information as to its source;
  8. the existence of automated decision-making including profiling in accordance with Arts. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.

If personal data is transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

8.2 Right to rectification

You have the right to request that we rectify and, where necessary, complete personal data concerning you.

In detail:

You have the right to request that we rectify any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

8.3 Right to erasure (“right to be forgotten”)

In a number of cases, we are obliged to erase personal data concerning you.

In detail:

Pursuant to Art. 17(1) GDPR, you have the right to request that we erase personal data concerning you without undue delay; we are also obliged to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing pursuant to Art. 6(1)a) GDPR or Art. 9(2)a) GDPR was based, and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data has been processed unlawfully.
  5. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
  6. The personal data was collected in relation to the offer of information society services in accordance with Art. 8(1) GDPR.

Where we have made personal data public and are obliged pursuant to Art. 17(1) GDPR to erase this data, we shall, taking account of the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested that they erase any links to, or copies or replications of, this personal data.

8.4 Right to restriction of processing

In a number of cases, you are entitled to request that we restrict the processing of your personal data.

In detail:

You have the right to request that we restrict processing where one of the following conditions applies:

  1. where you contest the accuracy of the personal data, for a period of time that enables us to verify the accuracy of the personal data;
  2. where the processing is unlawful and you have declined the erasure of the personal data and request that its use be restricted instead;
  3. where we no longer need the personal data for the purposes of the processing, but you need it to establish, exercise or defend legal claims; or
  4. where you have filed an objection to processing pursuant to Art. 21(1) GDPR, pending the verification of whether the legitimate interests of our company override your interests.
8.5 Right to data portability

You have the right to receive, transmit or have us transmit personal data concerning you in a machine-readable format.

In detail:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without any hindrance from us, where:

  1. the processing is based on consent pursuant to Art. 6(1)a) GDPR or Art. 9(2)a) GDPR or on a contract pursuant to Art. 6(1)b) GDPR, and
  2. the processing is carried out by automated means.

In exercising your right to data portability under paragraph 1, you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

8.6 Right to object

You have the right to object to the lawful processing of your personal data if you have grounds for doing so relating to your particular situation and we do not have any overriding interests in the processing.

In detail:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)e) or f) GDPR; this also applies to any profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defense of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing.

You also have the right, on grounds relating to your particular situation, to object to our processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

8.7 Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or significantly affects you in a similar manner.

We do not perform automated decision-making on the basis of the personal data collected.

8.8 Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

8.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you live or work or in which the alleged infringement took place, if you are of the opinion that the processing of personal data relating to you is unlawful.

9 Data security

We do our best to ensure the security of your data in accordance with the applicable data protection laws and the available technical means.

We transmit your personal data in encrypted form. This applies to your orders and your customer log-in. We use the coding system SSL (Secure Sockets Layer); please note, however, that the transfer of data on the Internet (e.g. in communication by email) may be subject to security vulnerabilities. It is not possible to protect data completely against access by third parties.

We apply technical and organizational safeguards pursuant to Art. 32 GDPR to ensure that your data is secure; these safeguards are regularly updated to reflect the latest developments in technology.

In addition, we cannot guarantee that our website will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

10 Disclosure of personal data to third parties, no transmission of data to non-EU countries

As a rule, we use your personal data only within our own company.

If and when we use the services of third parties (e.g. logistics companies) to perform contracts, these companies receive the personal data only within the extent that they need it to provide the particular service.

If we outsource some of the data processing (“commissioned processing”), we contractually oblige data processors to use personal data only in accordance with the requirements of data protection laws and to ensure that the rights of the data subject are protected.

We do not transfer data to places or persons outside the EU in cases other than those stated in Section 4 above, nor do we intend to do so in future.

11 Miscellaneous

Should you have any further questions or concerns about data protection, please do not hesitate to contact us.