Login

Language

Cart

Your cart is empty

Privacy Policy

Privacy Policy

1. Data Protection at a Glance

This privacy policy explains how we collect, use, and protect your personal data when you visit our website nouxx.com and use our services. We take the protection of your personal data very seriously and treat it confidentially in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Controller:

nōuxx GmbH

Kollwitzstr. 76

10435 Berlin

Germany

 

Telephone: +491705031010

Email: privacy@nouxx.com

 

We have not appointed a Data Protection Officer, as we are not legally required to do so.

2. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

– Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to access that data.

– Right to rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you.

– Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of personal data concerning you (“right to be forgotten”), provided the legal requirements are met.

– Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.

– Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

– Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. This also applies to direct marketing.

– Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given at any time. The withdrawal does not affect the lawfulness of processing carried out based on consent before its withdrawal.

– Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is:

 

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Email: mailbox@datenschutz-berlin.de

3. Data Collection on Our Website

3.1 Server Log Files

When you visit our website, the hosting provider (Shopify Inc., 151 O’Connor Street, Ottawa, Ontario K2P 2L8, Canada) automatically collects and stores information in server log files that your browser transmits to us. This includes: browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and IP address.

This data is not merged with other data sources. The processing is based on Art. 6(1)(f) GDPR — our legitimate interest in the technically error-free presentation and optimization of our website.

3.2 Cookies and Consent Management

Our website uses cookies. Cookies are small text files stored on your device by your browser.

We use a cookie consent tool (Consentmo GDPR Compliance) to obtain your consent for cookies that are not technically necessary. You can manage or revoke your consent at any time via the cookie settings on our website.

Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. All other cookies (analytics, marketing) are only set with your express consent pursuant to Art. 6(1)(a) GDPR.

3.3 Shopify

Our online shop is operated on the Shopify platform (Shopify International Limited, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland).

When you visit our website, Shopify processes your data (including IP address, device information, browser data, and purchase history) on our behalf for the purpose of providing the online shop, processing orders, and payment handling.

Shopify may transfer data to servers in the United States and Canada. Data transfers to the US are based on the EU-US Data Privacy Framework. More information: https://www.shopify.com/legal/privacy

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest).

3.4 Shopify Network Intelligence

We use Shopify’s network intelligence features, which may share limited customer data (such as email address, browsing behavior) across Shopify’s merchant network for the purpose of fraud prevention and advertising optimization.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fraud prevention) and Art. 6(1)(a) GDPR (consent for advertising purposes, obtained via cookie consent).

3.5 Customer Accounts

You have the option to create a customer account on our website (via Shopify customer accounts). When registering, you provide personal data (name, email address, password). This data is used to manage your account, display your order history, and manage your subscriptions (via Smartrr / Loop Subscriptions).

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.6 Contact / Email

When you contact us (e.g. via email or contact form), the data you provide (name, email address, message content) will be stored and processed for the purpose of handling your inquiry and in case of follow-up questions.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

4. Order Processing and Fulfillment

4.1 Order Processing

When you place an order, we collect and process the data necessary for contract performance: name, email address, shipping address, billing address, payment data, and ordered products.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

4.2 Payment Processing

We use the following payment processors:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

Privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Payment data is transmitted directly to the payment provider. We do not store your complete credit card or bank account details.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

4.3 Shipping and Fulfillment

For order fulfillment, we share your shipping data (name, address, email, phone number if provided, and order details) with our fulfillment partner:

Hive Logistics GmbH

Hive processes this data exclusively on our behalf and in accordance with a data processing agreement pursuant to Art. 28 GDPR.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

4.4 Subscription Management

For subscription orders, we use Smartrr / Loop Subscriptions (integrated into Shopify). These services process your order data, payment authorization, and delivery schedule to manage recurring deliveries.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

5. Marketing and Analytics

5.1 Newsletter / Email Marketing (Klaviyo)

If you subscribe to our newsletter, we use Klaviyo (Klaviyo, Inc., 125 Summer Street, Boston, MA 02110, USA) to send marketing emails.

We process your email address and, where provided, your name and purchase history for personalized email marketing. Klaviyo may process data in the United States. Data transfers are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR).

You can unsubscribe from the newsletter at any time via the unsubscribe link in each email or by contacting us.

If you are an existing customer, we may send you email marketing about similar products without prior consent based on § 7(3) UWG (Bestandskundenprivileg). You may object to this at any time.

Legal basis: Art. 6(1)(a) GDPR (consent) or § 7(3) UWG for existing customers.

5.2 Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for website analytics. Google Analytics uses cookies to analyze your use of our website.

We use Google Analytics with IP anonymization. Your IP address is truncated within the EU/EEA before transmission to Google servers.

We also use server-side tracking for Google Analytics 4, where data is first sent to our server before being forwarded to Google, giving us greater control over data transmitted.

Google may transfer data to the US. Data transfers are based on the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.3 Google Tag Manager

We use Google Tag Manager (Google Ireland Limited) to manage website tags. Google Tag Manager itself does not collect personal data. It triggers other tags that may collect data. Google Tag Manager does not access this data.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient tag management).

5.4 Google Ads Conversion Tracking

We use Google Ads Conversion Tracking (Google Ireland Limited) to measure the effectiveness of our advertising campaigns. When you click on a Google ad and reach our website, a conversion cookie is set.

We use Google Ads Conversion Tracking in Advanced Consent Mode, which means tracking only activates after you have given consent via our cookie banner.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.5 Google Remarketing

We use Google Remarketing (Google Ireland Limited) to display targeted advertising to users who have previously visited our website. Ads are displayed within the Google Display Network.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.6 Meta Pixel (Facebook)

We use the Meta Pixel (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website. The Meta Pixel enables us to track user behavior after they have been redirected to our website by clicking on a Facebook/Instagram ad. This allows us to measure the effectiveness of advertising and create custom audiences for targeted advertising.

Meta may transfer data to the US. Data transfers are based on the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.7 TikTok Pixel

We use the TikTok Pixel (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin 2, D02 T380, Ireland) to measure the effectiveness of TikTok advertising campaigns and to build audiences for targeted advertising.

TikTok may transfer data to the US and other countries. Data transfers are based on Standard Contractual Clauses.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.8 Pinterest Tag / Conversion Tracking

We use the Pinterest Tag (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) for conversion tracking and audience building in connection with Pinterest advertising.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.9 LinkedIn Insight Tag

We use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) for conversion tracking and retargeting in connection with LinkedIn advertising campaigns.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

5.10 Klaviyo On-Site Tracking

In addition to email marketing, Klaviyo may collect data about your browsing behavior on our website (pages viewed, products viewed, cart activity) for the purpose of personalized marketing automation and segmentation.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

6. Third-Party Services

6.1 Google Fonts

Our website uses Google Fonts (Google Ireland Limited) for the uniform display of fonts. When you access our website, your browser loads the required fonts from Google servers. In doing so, your IP address and browser information is transmitted to Google.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the uniform presentation of our website). Note: We are working on hosting Google Fonts locally to avoid third-party data transfers.

6.2 Google Invisible reCAPTCHA

Our website uses Google Invisible reCAPTCHA (Google Ireland Limited) to protect against automated access (bots). reCAPTCHA analyzes the behavior of website visitors using various characteristics (e.g. IP address, time spent on the website, mouse movements).

Privacy policy: https://policies.google.com/privacy

Terms of service: https://policies.google.com/terms

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting our website from abusive automated access).

6.3 Reviews.io

We use Reviews.io (Reviews.io Ltd., United Kingdom) to collect and display customer reviews. When you leave a review, your name (or chosen display name), email address, and review content are processed. Reviews may be displayed on our website via an embedded widget and on the Reviews.io platform.

Legal basis: Art. 6(1)(a) GDPR (consent, by voluntarily submitting a review) and Art. 6(1)(f) GDPR (legitimate interest in building trust through authentic customer reviews).

7. Data Transfers to Third Countries

Some of our service providers are located outside the European Economic Area (EEA), in particular in the United States and Canada. Where we transfer personal data to such third countries, we ensure that appropriate safeguards are in place:

– EU-US Data Privacy Framework: Google LLC, Meta Platforms Inc., Klaviyo Inc., and Shopify Inc. are certified under the EU-US Data Privacy Framework.

– Standard Contractual Clauses (Art. 46(2)(c) GDPR): Where the Data Privacy Framework does not apply, we rely on the EU Standard Contractual Clauses.

8. Data Retention

We store your personal data only for as long as necessary for the purposes for which it was collected or as required by law:

– Order and contract data: 10 years (§ 147 AO, § 257 HGB — tax and commercial retention obligations)

– Invoice and accounting data: 10 years

– Newsletter data: Until you unsubscribe or withdraw consent

– Cookie and tracking data: As configured in the respective tool (typically 2–14 months)

– Customer account data: Until you delete your account or request deletion

– Server log files: 7–30 days

9. Obligation to Provide Data

The provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions. For the conclusion of a contract, it is generally necessary for you to provide personal data that we need for order processing. If you do not provide the required data, we may not be able to conclude the contract.

10. Automated Decision-Making

We do not use automated decision-making including profiling pursuant to Art. 22 GDPR.

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The current version is always available on our website.

 

Last updated: March 2026