1. Data protection information

We are pleased that you are visiting our website and thank you for your interest in our company and our products. Below we inform you about which personal data we process, when and for what purposes, and about your rights.

What is personal data? Personal data is information that identifies or can be used to identify a person (e.g., name, address, email address, telephone number).

2. Responsible person

MANePED GmbH
Grünstr. 5, 42697 Solingen, Germany
Tel.: +49 015735472608
E-mail: info@nagelzange.de

Responsible person within the meaning of the GDPR: Muhammad Usman

("we us")

No separate data protection officer has been appointed; contact person for data protection see above.

3. Data collection and use when visiting the website

(1) When you access our website, technically necessary data is processed: IP address , date and time of the request , time zone difference to GMT , content of the request (specific page/file) , access status/HTTP status code , amount of data transferred in each case , website/referrer , browser as well as operating system and interface , language and version of the browser software .

Purpose: Stability, security and provision of the website.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure operation of the website).
Storage period: Server log files are retained for 30 days .

(2) If you consent to the setting of non-essential cookies/tracking, we will process pseudonymized usage data using the analysis/marketing tools employed (see section 11).
Legal basis: Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

4. Processing during registration, ordering and customer account

When you place an order/register, we process: name, billing/delivery address, email address, telephone number, payment and order information.

Purposes: Contract fulfillment, customer service, order processing, and, if applicable, returns/warranty. Additionally – with your consent – ​​direct marketing (e.g., via email, post, or package insert), product review requests , and newsletter distribution .
Legal basis: Art. 6 para. 1 lit. b GDPR (contract), possibly lit. c (legal obligations, e.g. tax/commercial law retention), lit. f (fraud prevention, avoidance of misuse), for advertising/newsletter/review requests Art. 6 para. 1 lit. a GDPR (consent).

5. Duration of data storage

We retain contractual/business documents for up to 10 years in accordance with legal requirements (§§ 147 AO, 257 HGB). We delete other data as soon as the purpose for which it was collected no longer applies or you withdraw your consent, unless legal obligations prevent us from doing so.

6. Recipients / Disclosure to third parties

Where necessary, we use service providers (data processors) and transfer data to:

• Payment service providers: PayPal, Klarna, Stripe, SOFORT, Shopify Payments, Apple Pay, Google Pay (payment processing, fraud prevention).
• Shipping/Logistics: Excellent GmbH (Fulfillment & Shipping). Any parcel service providers used act on behalf of Excellent GmbH (e.g., DHL/DPD).
• Email/Marketing: Klaviyo (newsletter/transactional emails).
• Reviews: Judge.me, Trustpilot, Google.
• Shop platform: Shopify (see section 7).
• Communication: WhatsApp via Charles GmbH (see section 19).
• Loyalty program: LoyaltyLion (see section 20).
• Other services: goneo Internet GmbH (e.g. domain/email hosting).

Legal basis: Art. 6 para. 1 lit. b, f GDPR; in the case of marketing/review requests, possibly Art. 6 para. 1 lit. a GDPR.

6.1 Receivables Management / Debt Collection

Should payments due remain unpaid despite reminders, we reserve the right to have outstanding claims collected by external service providers (e.g. debt collection agencies or lawyers).

In this context, we may transfer the necessary personal data to these service providers. This includes, in particular:

• Name, address and contact details

• Information about the claim (invoice number, amount, date, dunning details)

• Contract and communication data, insofar as they are necessary for enforcing the claim

The purpose of the processing is the enforcement of our contractual payment claims.
The legal basis is our legitimate interest in efficient receivables management and the assertion or defense of legal claims (Art. 6 para. 1 lit. f GDPR). Insofar as the claim arises from a contract with you, Art. 6 para. 1 lit. b GDPR (performance of a contract) also applies.

The data will only be stored for as long as it is necessary to enforce the claim or to fulfill legal retention obligations.

To the extent legally permissible, data may also be exchanged with credit agencies in connection with debt collection (e.g., for creditworthiness checks or to report undisputed, unpaid claims). The legal basis for this is also our legitimate interest in assessing the risk of payment default and enforcing our claims (Art. 6 para. 1 lit. f GDPR).

7. Hosting / Platform (Shopify)

Our website/shop is operated via Shopify (Shopify International Limited, Ireland; affiliated companies, including Shopify Inc., Canada). Personal data is processed to provide shop functions.

Third-country transfers: Transfers may take place to countries outside the EEA (including Canada and the USA). These transfers are based on appropriate safeguards (including standard contractual clauses) and – in the case of Canada – on an adequacy decision by the European Commission.

Legal basis: Art. 6 para. 1 lit. b, f GDPR; for non-essential services Art. 6 para. 1 lit. a GDPR.

8. Payment processing

Payments are processed – depending on the chosen method – via the aforementioned providers. Their privacy policies also apply.
Legal basis: Art. 6 para. 1 lit. b GDPR.

9. Email Marketing (Klaviyo & Shopify)

We send newsletters/product and service information after double opt-in . Registrations are logged with IP address and timestamp. You can unsubscribe at any time via the link in every email or by contacting us.
Legal basis: Art. 6 para. 1 lit. a GDPR.

10. Review reminders

After a purchase, we may ask you for a review (Judge.me, Trustpilot, Google).
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR (or observe § 7 UWG).

11. Analysis tools & tracking

With your consent, we use, among other things, Google Analytics, Meta Pixel, TikTok Pixel, and YouTube Analytics.
Legal basis: Art. 6 para. 1 lit. a GDPR; revocation at any time in the cookie settings .

12. Google Fonts

Fonts are embedded locally or – after consent – ​​loaded from Google servers.
Legal basis: Art. 6 para. 1 lit. a GDPR.

13. Your rights

You have the right to information, rectification, erasure, restriction of processing, data portability, objection (Articles 15–21 GDPR) and to withdraw consent (Article 7(3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority, e.g. with the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) , Kavalleriestraße 2–4, 40213 Düsseldorf.

14. Storage duration

Data will be deleted when the purpose for processing no longer applies or you withdraw your consent, provided there are no legal retention obligations to the contrary. You can submit deletion requests at any time via the contact form or by email.

15. Social media links & plugins

We may link to Facebook, Instagram, and YouTube. Data is only transmitted to these providers when you actively use the site (by clicking on the link).
Legal basis: Art. 6 para. 1 lit. f GDPR.

16. Remarketing & Retargeting

We may use Facebook Custom Audiences/Lookalike Audiences, Google Ads Remarketing, etc., only with your consent.
Legal basis: Art. 6 para. 1 lit. a GDPR.

17. App tracking (if an app is available)

When using our app, Firebase Analytics/Apple Store Analytics may be used – after you have given your consent.
Legal basis: Art. 6 para. 1 lit. a GDPR.

18. Newsletter Tracking

Our newsletters may contain tracking pixels/web beacons for audience measurement. You can object to this at any time; you can also revoke your consent altogether.

19. WhatsApp communication

If you contact us via WhatsApp, the data will be processed by Charles GmbH as a service provider.
Legal basis: Art. 6 para. 1 lit. a GDPR (your request/consent) or lit. b (contract/initiation), depending on the content.

20. Loyalty Program

We use LoyaltyLion to manage a loyalty program.
Legal basis: Art. 6 para. 1 lit. b and lit. f GDPR.

21. Google Tag Manager

Used to manage tags; GTM itself does not set cookies and does not process personal data, but controls the integration of the above-mentioned tools.

22. Data security

We take appropriate technical and organizational measures (e.g. TLS encryption, access restrictions, authorization concepts) to protect your data.

23. Changes to this Privacy Policy

We reserve the right to amend this privacy policy. The current version is always available on our website.

24. Cookie Consent Management & Global Privacy Control (GPC)

We use a consent management tool. On your first visit, you can consent to or decline certain categories (e.g., marketing, analytics). Your decision will be logged in accordance with Article 7 of the GDPR and can be changed at any time via the "Cookie settings" link in the footer.

If your browser/device sends a Global Privacy Control (GPC) signal and you are located in an area where this is legally considered an opt-out requirement (especially certain US states), we will treat this signal as an objection to "selling/sharing" or targeted advertising for the device/browser in question.

25. Notes for users from certain US states

Under certain US data protection laws, the disclosure of personal data for targeted advertising or its "sale"/"sharing" may be subject to specific opt-out rights. Depending on your place of residence, you may have the right to opt out . To do so, please use our "Do-Not-Sell/Share" link or the data sharing settings in our shop, or send us a message.

If you visit our website with an active GPC signal , we will treat this – depending on the legal situation in your location – as an opt-out for the device/browser used.

26. Contact form & email contact

When you contact us via the contact form or by email, we process your information solely for the purpose of handling your request. It will not be shared for advertising purposes.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in processing inquiries); if the inquiry aims at concluding a contract, additionally Art. 6 para. 1 lit. b GDPR.
Storage period: until your request has been fully processed or until you withdraw your consent; statutory retention obligations remain unaffected.

27. Cookies – additional information

In addition to managing cookies via the consent management tool, you can delete, block, or restrict them to specific categories (transient/session or persistent cookies) in your browser. Please note: Without technically necessary cookies, the shop may only function to a limited extent.

28. Google Analytics – Additional information (if activated)

With your consent, we may use Google Analytics . We employ IP anonymization (e.g., "anonymizeIp") and offer opt-out options via the consent tool and, additionally, via a browser add-on. Please refer to the information in the consent tool and the provider's privacy policy for details.