top of page

Data privacy

1. General information:

We are very pleased about your interest in our website. The use of this website is usually possible without providing personal data. However, if you make use of certain services of our company via our website, it may be necessary to process personal data. If this is the case and there is no legal basis for such processing, we will always obtain your consent.
Personal data will always be treated confidentially and in accordance with the basic data protection regulation and in accordance with the country-specific data protection regulations applicable to NYA Company. In the following text we would like to inform you which of your personal data we collect in relation to your visit to our website and for what purposes they are used. In addition, this privacy policy will inform you about your rights.
As the operator of this website, we have implemented numerous technical and organizational measures to ensure that your personal data processed via this website is protected as completely as possible. However, data transmissions on the Internet may have security gaps, so that we cannot guarantee absolute protection.

Responsible person:
Maria Eckl
Pognerstraße 22
81379 Munich, Germany
Phone: +49 (0)176 32131415
E-Mail: maria.eckl.89@gmail.com

Contact data protection officer According to article 37 DSGVO we are not obliged to appoint a data protection officer. Nevertheless, we make sure that the legal regulations are observed. If you wish to claim any of the rights listed below or have any questions about data protection, simply write to us at maria.eckl.89@gmail.com

 

 

2. What exactly is personal data

Personal data is information that can be used to find out personal or factual information about you. Information where we cannot (or only with a disproportionate effort) establish a connection to your person, e.g. by pseudonymising or anonymising the information, is not personal data.

 

 

3. Which data are collected and processed by us?

As soon as you call up our website or our website is called up by an automated system, a series of general data and information is collected, which is stored in the log files of the server. This includes the following data and information:

  • the date and time of an access to our website 

  • the Internet Protocol address (IP address) of the requesting computer 

  • the Internet service provider of the accessing system 

  • the browser types and versions used 

  • the operating system used by the accessing system 

  • the website from which an accessing system accesses our website (so-called referrer) 

  • the sub-websites that are accessed via an accessing system on our website 

  • as well as other similar data and information that serve to avert danger in the event of attacks on our information technology systems

    When using this general data and information, no personal evaluation takes place, i.e. we do not draw any conclusions about you or your person. Rather, we use this information to improve our website and its contents as well as the advertising for it on the one hand, and to be able to guarantee the functionality of our information technology systems and the technology of our website in the long term as well as to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack.

    For this reason, this anonymously collected data and information is evaluated statistically on the one hand and also with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data processed by us.

    These anonymous data and information of the server log files are also stored separately from all personal data provided by you.

    SSL Encryption
    Our website uses SSL (Secure Socket Layer) encryption for the transmission of data from your browser to our server and to servers that provide files that we embed on our website. With SSL, data is transmitted in an encrypted form. The data cannot be altered and the sender can be identified. You can recognise the presence of SSL encryption by the prefixed text “https” in front of the address of the website you are visiting in your browser.

 

 

4. Data deletion and storage duration


Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies or if this has been provided for by the European Directives and Regulations or any other legislator in laws or regulations to which we as a company are subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.

 

 

5. Transfer of data


Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:

you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, 

the transfer in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary to safeguard our legitimate interests or to safeguard the legitimate interests of third parties and there is no reason to assume that you have an overriding interest worthy of protection in not passing on your data, 

in the event that the transfer in accordance with Art. 6 paragraph 1 sentence 1 lit. c DSGVO and 

this is permitted by law and is necessary for the processing of contractual relationships with you in accordance with Art. 6 paragraph 1 sentence 1 lit. b DSGVO.

6. Cookies

Like many websites and servers, we use cookies on all our websites. Cookies are text files which are filed and stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identification of the cookie. It consists of a string of characters which can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. In this way, a specific Internet browser can be recognised and identified by means of the unique cookie ID. Through the use of cookies, we can optimise information and offers on our website in your interest and thus provide you as a user of our website with even more user-friendly services that would not be possible without the setting of cookies.

As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, as this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online shop. The online shop uses a cookie to remember the items that a customer has placed in the virtual shopping cart.

If you wish, you can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. In addition, you can delete cookies already set at any time using an internet browser or other software programs. This is possible in all common internet browsers. Should you actually deactivate the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be fully used.

7. Contact form

You have the possibility to contact us via a contact form on our website. In this case, we will collect your first name and your e-mail address as well as your last name, your address and your telephone number for the purpose of contacting you and providing the respective services. The personal data you enter is collected and stored exclusively for internal use and for our own purposes. As a matter of principle, this data is not passed on to third parties, unless there is a legal obligation to do so or the passing on of such data serves criminal or legal prosecution.

However, if, for example, you order products via our website, this data may be passed on to one or more processors, for example to a parcel service provider, who will also use the personal data exclusively for internal use attributable to the person responsible for the processing.

Any use of personal data beyond this will not take place or will only take place with your prior consent. Personal data will be deleted as soon as they are no longer required for the purpose of the storage.

 

8. External tools

Use of Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which as already mentioned are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of our website (including your IP address, which is, however, anonymised using the _anonymizeIp() method so that you can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. As already explained, you can prevent the installation of cookies by setting your browser software accordingly. However, we would like to point out once again that in this case you may not be able to use all the functions of our website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can object to the collection of data by Google Analytics with effect for the future by installing a deactivation add-on for your browser.

Google Remarketing
Furthermore, our website uses the remarketing function of Google Inc. (“Google”). This function is used to present interest-based advertisements to visitors to our website within the framework of the Google advertising network. Again, this works by your browser storing so-called “cookies”, text files which are stored on your computer and which make it possible to recognise you as a visitor when you call up our website. Incidentally, this applies to all pages that belong to Google’s advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function. According to its own information, Google does not collect any personal data during this process. However, if you do not wish to use Google’s remarketing function, you can deactivate it by making the appropriate settings at www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for Google’s remarketing function. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing and Google’s privacy policy can be found here: http://www.google.com/privacy/ads/

Use of Facebook Social Plugins
Our website also uses social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are recognisable by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or by the addition “Facebook Social Plugin”. You can see the list and the appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/

When you visit our website, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform you according to our state of knowledge:

By integrating the plugin, Facebook receives the information that you have accessed our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you use the plugins, such as clicking the Like button or posting a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and store your IP address.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: http://www.facebook.com/policy.php.

If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your membership data stored on Facebook, you must log out of Facebook before visiting our website.

You also have the option of blocking Facebook social plugins with add-ons for your browser, for example with the “Facebook Blocker”.

Use of Facebook Custom Audience
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website. When you visit our website, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our website with your IP address. This enables Facebook to associate your visit to our website with your user account. We can use the information obtained in this way to display Facebook Ads.
We would like to point out that we, as the operator of the website, have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook’s privacy policy (www.facebook.com/about/privacy/). If you do not wish any data to be collected via Custom Audiences, you can deactivate Custom Audiences here: www.facebook.com/ads/website_custom_audiences/

Instagram
Our website may include functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the call-up of the above-mentioned content and functions to the user’s profile there. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

Pinterest
Our website may also include functions and content from the Pinterest service, offered by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the Pinterest platform, Pinterest can assign the call-up of the above-mentioned content and functions to the user’s profile there. Pinterest privacy policy: https://policy.pinterest.com/en/privacy-policy

Vimeo
We integrate the videos of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy.

Youtube
We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Jetpack (WordPress Stats)
We use the plugin Jetpack (WordPress Stats) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) the plugin Jetpack (here the sub-function “WordPress Stats”), which embeds a tool for the statistical analysis of visitor accesses and is operated by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site.

Automattic is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
The information generated by the cookie about your use of our website is stored on a server in the USA. The processed data can be used to create user profiles, which are only used for analysis and not for advertising purposes. Further information can be found in the privacy statements of Automattic: https://automattic.com/privacy/ and notes on Jetpack cookies: https://jetpack.com/support/cookies/.

SumoMe
Our website uses SumoMe, a service provided by Sumo Group Inc, 1305 E. 6th St 3, Austin, TX 78702, USA. SumoMe uses, among other things, cookies which are stored on your computer and which allow an analysis of the use of the website. In the course of use, data, such as in particular the IP address and activities of the user, may be transmitted to a server of Sumo Group Inc. and stored there. Sumo Group Inc. may transfer this information to third parties where required to do so by law, or where such third parties process the information. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the execution of Java script in your browser or by installing a tool such as ‘NoScript’. Further information on data protection when using SumoMe can be found at the following link: http://www.appsumo.com/privacy/.

Leaddyno
We use LeadDyno on our website to better understand what content might be of most interest to you. LeadDyno is a service provided by LeadDyno, LLC, 1600 H Street, Suite 409, Sacramento, CA 95814, USA. LeadDyno allows you to track links based on your previous interaction on partner websites.
You can opt-out of targeted advertising from LeadDyno and its partners on this site. While you can read LeadDyno’s privacy policy here.

Google Maps
We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts
We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Affiliate
Our website may contain automated affiliate marketing links. This means that we receive commissions on sales generated by links to products or services we write about. However, our editorial content is not influenced by merchants or affiliate partnerships.

Transmission of data for orders and bookings on our website

We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the credit institute commissioned with the payment processing. Your data will not be transmitted further, for example for advertising purposes. You can object to the use of the e-mail address stored as part of the order at any time and free of charge. To do so, simply send an e-mail to maria.eckl.89@gmail.com  .

Encrypted payment transactions on this website
Payment transactions via the common means of payment (Visa/Mastercard, direct debit) are made exclusively via an encrypted SSL connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Button and widgets for PayPal (Paypal)
The PayPal button and widgets are services for interacting with the PayPal network of PayPal Inc. Personal data collected: Cookie and usage data.
Processing location: See the PayPal privacy statement: https://www.paypal.com/webapps/mpp/ua/privacy-full

Stripe
On our website we offer, among other things, payment via Stripe. The provider of this payment service is Stripe Inc. with headquarters at 185 Berry Street, Suite 550, San Francisco, CA 94107, USA Contact in Germany: https://stripe.com/contact If you select payment via Stripe, the payment data you enter will be transmitted to Stripe. The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

 

 

12. Your rights

 

a) Right to confirmation
You have the right granted by the European Directive and Regulation to request confirmation from the controller as to whether personal data relating to you is being processed. If you wish to exercise this right of confirmation, you can contact us at any time.

b) Right of access
As a data subject of the processing of personal data, you have the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored about you and a copy of that information. Furthermore, the European Directive and Regulation has granted you access to the following information:

the purposes of the processing

the categories of personal data processed

the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

the existence of a right to obtain the rectification or erasure of personal data concerning you, or to obtain the restriction of processing by the controller, or a right to object to such processing

the existence of a right of appeal to a supervisory authority

if the personal data are not collected from the data subject: Any available information on the origin of the data

the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, you have the right to be informed whether personal data have been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
If you would like to make use of this right to information, you can contact us at any time.

c) Right to rectification
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation to request the immediate rectification of any inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.
If you wish to make use of this right of rectification, you can contact us at any time.

d) Right to erasure (right to be forgotten)
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation to request that the controller erases the personal data concerning you without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

Your personal data have been collected or otherwise processed for purposes for which they are no longer necessary.

You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.

You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

Your personal data has been processed unlawfully.

The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

Your personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and you want to arrange for the deletion of personal data stored by my website, you can contact us at any time. We will then ensure that the request for deletion is complied with immediately.
If your personal data have been made public and our company as the controller is obliged to erase your personal data pursuant to Article 17 (1) of the Data Protection Regulation, reasonable measures, including technical measures, will be taken, taking into account the available technology and the cost of implementation, to inform other data controllers which process your published personal data that you have requested from them to erase all links to your personal data or copies or replications of such personal data, unless the processing is necessary. We will arrange the necessary in individual cases.

e) Right to restriction of processing
As a data subject of the processing of personal data, you have the right granted by the European Directive and Regulation to request the controller to restrict the processing if one of the following conditions is met:

The accuracy of your personal data is contested by you for a period enabling the controller to verify the accuracy of your personal data.

The processing is unlawful, you refuse to erase your personal data and instead request the restriction of the use of your personal data.

The controller no longer needs your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.

You have objected to the processing pursuant to Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate grounds of the controller outweigh yours.
If one of the above conditions is met and you wish to request the restriction of personal data stored by my website, you can contact us at any time. We will then arrange for the restriction of processing.

f) Right to data portability
As a data subject of the processing of personal data, you have the right granted by the European Directive and Regulation to receive the personal data concerning you, which has been provided by you to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom your personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have your personal data transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
To assert the right to data portability, you can contact us at any time.

g) Right to revocation
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation-maker to object at any time, on grounds arising from their particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DS-GVO. This also applies to profiling based on these provisions.
Your personal data will no longer be processed in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If your personal data is processed by me for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to the website owner to the processing for direct marketing purposes, the website owner will no longer process your personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by the Website Owner for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise your right to object, you can contact us directly. You are also free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

h) Automated decisions in individual cases including profiling
As a data subject of personal data processing, you have the right granted by the European Directive and Regulation to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and legitimate interests, or (3) is made with your explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between you and the controller, or (2) is made with your explicit consent, the website owner shall take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the involvement of a person from the controller, to express your point of view and to contest the decision.
If you wish to exercise any rights in relation to automated decisions, you may contact us at any time.

i) Right to withdraw consent under data protection law
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation to revoke your consent to the processing of your personal data at any time.
If you wish to exercise your right to withdraw your consent, you can contact us at any time.

​

​

​

bottom of page