Privacy Policy

Privacy Policy

Status: 01.11.2025

1. Information on Data Protection

We are pleased that you are visiting our website and thank you for your interest in our company and our products. Below, we inform you about which personal data we process, when, and for what purposes, as well as about your rights.

What is personal data?
Personal data is information that identifies or makes a person identifiable (e.g., name, address, email address, telephone number).

2. Controller

MANePED GmbH
Grünstr. 5
42697 Solingen
Germany

Tel.: +49 015735472608
E-mail: info@nagelzange.de

Responsible person in the sense of the GDPR: Muhammad Usman

("we", "us")

A separate data protection officer has not been appointed. The contact point for data protection is the contact address mentioned above.

3. Data Collection and Use when Visiting the Website

(1) Technically necessary data

When you access our website, technically necessary data is processed. This includes in particular:

  • IP address,

  • Date and time of the request,

  • Time zone difference to GMT,

  • Content of the request (specific page/file),

  • Access status/HTTP status code,

  • Amount of data transferred,

  • Website from which the request comes (referrer),

  • Browser,

  • Operating system and interface,

  • Language and version of the browser software.

Purpose:
Ensuring the stability, security, and provision of the website.

Legal basis:
Art. 6 (1) lit. f GDPR (legitimate interest in the secure operation of the website).

Storage period:
Server log files are kept for 30 days.

(2) Non-essential cookies and tracking

If you consent to the setting of non-essential cookies or tracking technologies, we process pseudonymized usage data using analysis and marketing tools.

Legal basis:
Art. 6 (1) lit. a GDPR.

Revocation:
You can revoke your consent at any time with effect for the future.

4. Processing upon Registration, Order, and Customer Account

For orders or registration, we process the following data in particular:

  • Name,

  • Billing and shipping address,

  • Email address,

  • Phone number,

  • Payment and order information.

Purposes of processing:

  • Contract fulfillment,

  • Customer service,

  • Shipping processing,

  • Return processing,

  • Warranty,

  • Fraud prevention and abuse avoidance,

  • With your consent: direct marketing, review requests, and newsletter dispatch.

Legal bases:

  • Art. 6 (1) lit. b GDPR (contract / pre-contractual measures),

  • Art. 6 (1) lit. c GDPR (legal obligations, e.g., tax and commercial law retention),

  • Art. 6 (1) lit. f GDPR (legitimate interest, e.g., fraud prevention),

  • Art. 6 (1) lit. a GDPR (consent for advertising, newsletters, review requests).

5. Duration of Data Storage

We retain contract and business documents for up to 10 years in accordance with legal requirements (Sections 147 AO, 257 HGB). In all other cases, we delete personal data as soon as the purpose of processing ceases to apply or you withdraw a given consent, provided there are no legal retention obligations to the contrary.

6. Recipients / Disclosure to Third Parties

Where necessary, we use external service providers and transmit data to the following categories of recipients:

  • Payment service providers: PayPal, Klarna, Stripe, SOFORT, Shopify Payments, Apple Pay, Google Pay

  • Shipping / Logistics: Excellent GmbH (Fulfillment & Shipping); potentially appointed parcel service providers on behalf of Excellent GmbH (e.g., DHL, GLS, DPD)

  • Email / Marketing: Klaviyo

  • Reviews: Judge.me, Trustpilot, Google

  • Shop Platform / Hosting: Shopify

  • Communication: WhatsApp via Charles GmbH

  • Loyalty Program: LoyaltyLion

  • Hosting / Email / technical infrastructure: goneo Internet GmbH

  • Advertising and Social Media Platforms: Meta Platforms Ireland Limited (Facebook, Instagram, Meta Pixel, Remarketing/Retargeting)

  • Analysis / Marketing Measurement: Profitmetrics ApS

Legal bases:
Art. 6 (1) lit. b, f GDPR; for marketing, review requests or similar optional functions, possibly Art. 6 (1) lit. a GDPR.

6.1 Debt Collection / Collection (paywise)

Should due payments not be settled despite reminders, we reserve the right to transfer the enforcement of our claims to an external debt collection service provider.

Recipient:
paywise GmbH
Bahnhofstr. 95
82166 Gräfelfing
Germany
Tel.: +49 (0) 89 9545384 0
E-mail: kontakt@paywise.de

Data categories:
Personal data necessary for enforcing claims, in particular:

  • Name,

  • Address,

  • Contact data,

  • Contract, order, and claim data,

  • Invoice number,

  • Amount,

  • Due date,

  • Reminder data,

  • Payment and communication data.

Purpose:
Enforcement of our contractual payment claims as well as processing and collection of outstanding debts.

Legal basis:
Art. 6 (1) lit. f GDPR (legitimate interest in efficient claims management and legal enforcement), possibly also Art. 6 (1) lit. b GDPR.

Note on responsibility:
paywise processes the transmitted data as an independent controller.

Storage period:
Only as long as this is necessary for enforcing the claim and fulfilling legal retention obligations.

Credit bureaus:
Insofar as the legal requirements are met, data exchange with credit bureaus can take place, e.g., for creditworthiness checks or reporting undisputed, due, and unpaid claims.

Legal basis:
Art. 6 (1) lit. f GDPR.

7. Hosting / Platform (Shopify)

Our website and online shop are operated via Shopify. The provider is Shopify International Limited, Ireland; other affiliated companies include Shopify Inc., Canada.

Personal data is processed to the extent necessary to provide the shop functions.

Third country transfer:
Transfers may take place to countries outside the EEA, including Canada or the USA. Transfers are based on appropriate safeguards, in particular standard contractual clauses. For Canada, there is also an adequacy decision by the EU Commission.

Legal bases:
Art. 6 (1) lit. b and f GDPR; for non-essential services, Art. 6 (1) lit. a GDPR.

8. Payment Processing

Payments are processed – depending on the chosen payment method – via the respective selected providers. Their data protection regulations also apply.

Legal basis:
Art. 6 (1) lit. b GDPR.

9. Email Marketing (Klaviyo & Shopify)

Newsletters as well as product and service information are sent after prior registration using the double opt-in procedure. Registrations are logged with IP address and timestamp.

You can unsubscribe at any time via the link in each email or by contacting us.

Legal basis:
Art. 6 (1) lit. a GDPR.

10. Review Reminders

After a purchase, we may ask you to submit a review, for example via Judge.me, Trustpilot or Google.

Legal basis:
Art. 6 (1) lit. a GDPR, provided consent has been given; additionally, the requirements of Section 7 UWG must be observed.

11. Analytics Tools & Tracking

We use - only with your consent via our Consent Management Tool - analysis and marketing technologies to evaluate the use of our website, improve the performance of our online shop and measure the effectiveness of our advertising measures.

The following services may be used for this purpose:

  • Google Analytics

  • Meta Pixel / Meta Business Tools

  • TikTok Pixel

  • YouTube Analytics

  • ProfitMetrics

  • other analysis and marketing services specifically named in the Consent Tool

In particular, pseudonymised usage data, technical device and browser information, pages accessed, times, referrers, interaction data and - depending on the service used - cookie IDs, event data or hashed identifiers may be processed.

Legal basis:
Art. 6 (1) (a) GDPR.

Revocation:
You can revoke any given consent at any time with effect for the future via the cookie settings.

11a. Meta Pixel / Meta Business Tools

If you have given your consent, we use the Meta Pixel and, if applicable, other Meta Business Tools on our website.

Provider:
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

The Meta Pixel is a code that allows us to track the behaviour of visitors after they have been redirected to our website via an ad on Facebook or Instagram. This allows us to measure the effectiveness of our advertising, build target audiences and optimise our advertising measures.

In particular, the following data may be processed when using the service:

  • pages and content accessed,

  • technical information about the browser, device and operating system,

  • referrer URL,

  • IP address,

  • times of page views,

  • interaction and event data (e.g. page view, product view, shopping cart, purchase),

  • cookie IDs or similar identifiers,

  • where applicable, hashed customer data as part of an extended match, provided this has been activated and you have consented to it.

The processing serves in particular:

  • the analysis of user behaviour,

  • the measurement of conversions,

  • the optimisation of our advertising campaigns,

  • the creation of target audiences for personalised advertising on Facebook and Instagram.

Legal basis:
Art. 6 (1) (a) GDPR.

Revocation:
You can revoke your consent at any time with effect for the future via the cookie settings.

If joint responsibility exists in connection with Meta Business Tools, the contractual terms provided by Meta for this purpose shall apply in addition.

Third country transfer:
A transfer of personal data to third countries, in particular to the USA, cannot be ruled out. If there is no adequacy decision, the transfer is made on the basis of appropriate safeguards, in particular standard contractual clauses pursuant to Art. 46 GDPR.

Further information:
Further information can be found in Meta's privacy policy.

11b. ProfitMetrics

If you have given your consent, we use ProfitMetrics to analyse and optimise the profitability of our online shop and our marketing measures.

7.3 ProfitMetrics
Profitmetrics ApS, Hejreskov alle 2c 1th, 3050 Humlebæk, Denmark is a provider of analysis services. Further information on how your data is processed by this provider and the corresponding contact details can be found at:
https://knowledge.profitmetrics.io/profitmetrics-as-data-processor

Purposes of processing:
Analysis and optimisation of the profitability of our shop and the performance of marketing measures.

Legal basis:
Art. 6 (1) (a) GDPR, provided the service is only used with your consent via the Consent Management Tool.

Revocation:
You can revoke your consent at any time with effect for the future via the cookie settings.

Further information:
Further information on data processing by ProfitMetrics can be found at the link mentioned above.

12. Google Fonts

Fonts are embedded locally or – with your consent – loaded from Google servers.

Legal basis:
Art. 6 (1) (a) GDPR.

13. Your Rights

You have the following rights in accordance with the statutory provisions:

  • Right to information (Art. 15 GDPR),

  • Right to rectification (Art. 16 GDPR),

  • Right to erasure (Art. 17 GDPR),

  • Right to restriction of processing (Art. 18 GDPR),

  • Right to data portability (Art. 20 GDPR),

  • Right to object (Art. 21 GDPR),

  • Right to withdraw given consents with effect for the future (Art. 7 (3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority, in particular with the authority responsible for us or the authority responsible at your place of residence.

An example of a competent authority is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf

14. Storage period

Data will be deleted when the respective processing purpose ceases to apply or you withdraw a given consent, provided there are no legal retention obligations to the contrary.

You can address deletion requests to us at any time via the contact form or by e-mail.

15. Social media links, Facebook/Instagram sharing and embeddings

15.1 Links to our social media presences

On our website, we may link to our presences on Facebook, Instagram, YouTube or other social networks. If you click on such a link, you will leave our website. The data protection provisions of the respective provider will then apply.

A data transfer to the respective provider generally only takes place when you actively click on the link.

Legal basis:
Art. 6 (1) (f) GDPR.

Our legitimate interest lies in a user-friendly external presentation of our company and the provision of further information and communication channels.

15.2 Facebook and Instagram sharing functions

If we provide functions on our website for sharing content on Facebook or Instagram, their use will only take place within the scope of your active use or – as far as technically necessary – only after corresponding consent via our Consent Management Tool.

When using such functions, the following data in particular may be transmitted to Meta:

  • IP address,

  • information about the page accessed,

  • browser and device information,

  • date and time of use,

  • possibly further Meta-related identifiers.

The processing takes place for the purpose of being able to share content from our website on social networks and to increase the reach of our content.

Legal basis:

  • for pure external sharing links without automatic data transfer: Art. 6 (1) (f) GDPR,

  • for integrated social plugins or comparable active Meta functions: Art. 6 (1) (a) GDPR.

15.3 Embedding of Instagram content / social media embeddings

If we embed content from Instagram, Facebook or other social networks on our website, technical access data may be processed by the respective provider when the relevant page is accessed.

This may include in particular:

  • IP address,

  • browser data,

  • device information,

  • information about the specific subpage accessed,

  • usage and interaction data.

The integration takes place – unless the processing is solely technically mandatory – only with your consent.

Legal basis:
Art. 6 (1) (a) GDPR.

15.4 Joint responsibility / third country transfer

If joint responsibility is to be assumed in connection with social plugins, business tools or other Meta functions, the agreements provided by Meta for this purpose shall apply in addition.

A transfer to third countries, in particular to the USA, cannot be ruled out. If there is no adequacy decision, the transfer is made on the basis of appropriate safeguards, in particular standard contractual clauses pursuant to Art. 46 GDPR.

Further information:
The data protection notices of the respective provider, in particular Meta, also apply.

16. Remarketing & Retargeting

If you have consented, we use remarketing and retargeting technologies, in particular:

  • Meta Custom Audiences,

  • Lookalike Audiences,

  • Google Ads Remarketing,

  • as well as comparable functions of other providers.

This allows interest-based advertisements to be displayed to you on third-party platforms.

Information about your user behaviour on our website may be transmitted to the respective provider or compared with existing data of the provider. This may also include the formation of pseudonymous target groups.

Legal basis:
Art. 6 (1) (a) GDPR.

Revocation:
You can revoke your consent at any time via the cookie settings.

17. App tracking (if app available)

If an app is offered and you use it, analysis or tracking services such as Firebase Analytics or Apple Store Analytics may be used – with your consent.

Legal basis:
Art. 6 para. 1 lit. a GDPR.

18. Newsletter Tracking

Our newsletters may contain tracking pixels or web beacons to measure openings, clicks and reach.

You can object to this at any time; you can also revoke your consent to the newsletter as a whole at any time.

Legal basis:
Art. 6 para. 1 lit. a GDPR.

19. WhatsApp Communication

If you contact us via WhatsApp or if we communicate with you via WhatsApp – based on your consent – processing is carried out by Charles GmbH as a service provider.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. b GDPR (contract / initiation of contract), depending on the content of your inquiry.

20. Loyalty Program

We use LoyaltyLion to manage a loyalty or bonus program.

In particular, order and customer data may be processed to the extent necessary for the implementation of the program.

Legal bases:
Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.

21. Google Tag Manager

We use Google Tag Manager to manage and deliver tags. Google Tag Manager itself does not set cookies and generally does not store personal data. However, it ensures the technical integration of other services, which in turn may process data.

The processing of such data by the respective integrated services is governed by the provisions mentioned therein.

22. Data Security

We take appropriate technical and organizational measures to protect your data against loss, destruction, manipulation and unauthorized access. These include, in particular:

  • TLS/SSL encryption,

  • Access restrictions,

  • Authorization concepts,

  • Regular technical and organizational reviews.

23. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy if necessary, so that it always complies with current legal requirements or to implement changes to our services in the privacy policy.

The current version is always available on our website.

24. Cookie Consent Management & Global Privacy Control (GPC)

We use a consent management tool. When you first visit our website, you can consent to or reject the use of certain categories of cookies and technologies, e.g. analysis or marketing.

Your decision will be logged in accordance with Art. 7 GDPR and can be changed at any time via the "Cookie Settings" link in the footer.

If your browser or end device sends a Global Privacy Control (GPC) signal and you are located in an area where this is legally considered an opt-out request, we will treat this signal as an objection to the sale, sharing or targeted advertising for the device or browser concerned.

25. Information for users from certain US states

Under individual US privacy laws, the sharing of personal data for targeted advertising or its "sale" or "sharing" may be subject to special opt-out rights.

Depending on your place of residence, you may have the right to opt out. To do so, use our "Do-Not-Sell/Share" link or the data sharing settings in our shop or send us a message.

If you visit our website with an active GPC signal, we will treat this – depending on the legal situation in your location – as an opt-out for the device used or the browser concerned.

26. Contact Form & Email Contact

If you contact us via the contact form or by email, we will process your information solely to handle your request. No disclosure for advertising purposes will take place.

Legal basis:
Art. 6 para. 1 lit. f GDPR (legitimate interest in processing inquiries).
If your inquiry aims at concluding a contract, additionally Art. 6 para. 1 lit. b GDPR.

Storage period:
Until your inquiry has been completely processed or the purpose ceases to exist; statutory retention periods remain unaffected.

27. Cookies – Supplementary Information

In addition to managing them via the consent management tool, you can delete, block or restrict cookies to certain categories in your browser.

These can be transient or session-based cookies or persistent cookies.

Please note that without technically necessary cookies, individual functions of our shop may not be usable or only to a limited extent.

28. Google Analytics – Additional information (if activated)

If consent is given, Google Analytics may be used. We use data protection-friendly settings where possible, in particular IP anonymization.

You can revoke your consent via our Consent Tool. In addition, depending on the technical design, further opt-out options are available, for example via browser extensions or the settings of the respective provider.

Details can be found in the information in the Consent Tool and the privacy notices of the service used.