Privacy policy

 

Status: June 10, 2025

Responsible for data processing within the meaning of the EU General Data Protection Regulation (GDPR) is

namotto Universal Brands GmbH & Co. KG 

Potsdamer Straße 125 10783 Berlin

Represented by the personally liable partner: namotto Beteiligungs GmbH, represented by the managing director Özkan Akkilic.

Phone: +49 (0) 30 12039339 (no customer service)

E-Mail: info@namotto-ub.com

Thank you for your interest in our website. The protection of your privacy and the security of your data are of central importance to us. We process your personal data confidentially and in accordance with the statutory data protection regulations (in particular the GDPR and the Telecommunications Digital Services Data Protection Act - TDDSG) and this privacy policy.

 

1. data protection officer

We have appointed an external data protection officer:

DataCo GmbH, represented by the managing directors Thomas Regier and Kivanc Semen, Sandtraße 33, 80335, Germany

Questions about data protection by e-mail: info@namotto-ub.com

We respect your data!

Data collection when visiting our website 

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you: 

- Our visited website 

- Date and time at the time of access 

- Amount of data sent in bytes

- Source/reference from which you reached the page 

- Browser used 

- Operating system used

- IP address used (if applicable: in anonymized form) 

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use. 

Rights of the data subject 

The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below: 

- Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries; 

- Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us; 

- Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

 - Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data due to unauthorized data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail; 

- Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients. 

- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible; 

- Right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; - Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

RIGHT OF OBJECTION 

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

Duration of storage of personal data 

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). 

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject withdraws their consent. 

If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage. 

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR. 

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data is required for payment processing.

Payment transactions via the common means of payment are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

 

2. data processing when visiting the website

a) Cookies

Our website uses cookies. These are small data packets that are stored on your end device (e.g. computer or smartphone). They do not cause any damage there.

We distinguish between different types of cookies:

Session cookies: These are only stored temporarily for the duration of your visit and are automatically deleted when you close your browser.

Permanent cookies: These remain stored on your end device until their lifespan expires or you delete them manually in your browser settings. They enable us to recognize your browser on your next visit.

First-party and third-party cookies: Cookies can originate directly from our website (first-party) or from external service providers (third-party) whose services we integrate, such as payment providers or analysis tools.

b) Purpose and legal basis

Cookies have various purposes. Some are technically essential for the website to function at all (e.g. the shopping cart function). Others are used to evaluate user behavior or display advertising.

The legal bases for the use of cookies and the associated data processing are:

Technically necessary cookies: We store cookies necessary for the operation of the website and the provision of basic functions on the basis of our legitimate interest in the technically error-free and optimized provision of our services (Art. 6 para. 1 lit. f GDPR). Storage on your end device takes place on the basis of Section 25 (2) TDDDG.

All other cookies (analysis, marketing, etc.): We obtain your express consent for all non-technically necessary cookies and the use of comparable technologies. The processing takes place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG).

Your consent can be revoked at any time for the future. You can adjust your settings at any time via our consent banner.

c) Our consent tool: Usercentrics

We use Usercentrics' consent technology to obtain, manage and document your consent for the use of cookies and services in a legally compliant manner.

Provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany

Website: https://usercentrics.com/de/

When you visit our website, Usercentrics ensures that only the services and cookies you have consented to are activated. For this purpose, the following data is processed and transmitted to Usercentrics:

Your consent(s) or their revocation

Your anonymized IP address

Information about your browser and device

Time of your visit

To save your selection, Usercentrics places a necessary cookie in your browser. The legal basis for the use of this tool is our legal obligation to provide proof of consent (Art. 6 para. 1 lit. c GDPR).

Order processing: We have concluded an order processing agreement (AVV) with Usercentrics in accordance with Art. 28 GDPR. This contract ensures that Usercentrics processes the data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

(Note: The Usercentrics banner used on this page was configured with the support of eRecht24. To display the eRecht24 logo in the banner, a connection to their image server in Germany is established, whereby the anonymized IP address is also transmitted).

d) Management and deactivation of cookies

You can also generally manage the storage of cookies via the settings of your browser. There you can restrict or completely prevent the setting of cookies. Please note that the functionality of our website may be restricted if cookies are completely deactivated.

b) Web hosting via WordPress

WordPress and associated functions

Our website was created using the WordPress content management system (CMS). WordPress uses cookies for basic operation and to provide certain functions and processes personal data as described below.

c) Embedded content from other websites

Posts on this website may contain embedded content (e.g. videos from YouTube, images from Instagram, maps from Google Maps, posts from Twitter, etc.).

Embedded content from other websites behaves exactly as if you as a visitor had visited the other website directly.

These external websites may collect data about you, use cookies, embed additional third-party tracking services and record your interaction with the embedded content. This applies in particular if you have an account with the respective service and are logged in there. We have no influence on this data processing.

3. analysis tools and advertising

We use analysis and advertising technologies on our website to understand user behavior, optimize our offer and display relevant advertising to you.

These services and the associated cookies or similar technologies are only activated on the basis of your express consent.

The legal basis is Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 25 para. 1 TDDDG (consent to the storage and reading of information on the terminal device).

You can revoke your consent at any time for the future by changing the cookie settings via our consent banner.

Use of Google services

We use various services provided by Google.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Order processing: We have concluded an order processing agreement (AVV) with Google in accordance with Art. 28 GDPR. This ensures that Google only processes the data in accordance with our instructions.

Data transfer to the USA: When using Google services, data may be transferred to Google servers in the USA. Google LLC (the parent company) is certified in accordance with the EU-U.S. Data Privacy Framework (DPF). This agreement guarantees an appropriate level of data protection for data processing in the USA that is comparable to that in the EU. As an additional safeguard, we base the data transfer on the EU Commission's Standard Contractual Clauses (SCC).

• Further information on the DPF certificate from Google: https://www.dataprivacyframework.gov/participant/5780

We use the following Google services:

a) Google Tag Manager Google Tag Manager is an organizational tool that enables us to centrally integrate and manage the analysis and advertising tools (so-called "tags") described below. The Tag Manager itself does not process any personal data, but collects your IP address when it is executed, which may also be transmitted to the USA. It is only used to display other services on the basis of your consent.

b) Google Analytics This service enables us to analyze the behavior of website visitors. We receive usage data such as page views, length of stay or clicks. This data is assigned to the respective end device with the help of a user ID in order to recognize users across different sessions. Google also uses machine learning technologies for data analysis.

• IP anonymization: We have activated IP anonymization. Your IP address will be truncated by Google within the EU/EEA before being transmitted to the USA.
• Google Signals: If you have consented to personalized advertising in your Google account, Google Signals allows us to receive demographic data and cross-device reports. This data is used for anonymized statistics and to optimize advertising messages.
• E-commerce measurement: We analyze purchasing behavior such as orders placed, order values and shipping costs in order to improve our marketing campaigns.
• Deactivation: You can generally prevent data collection by Google Analytics by installing the browser plugin at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
• Further information: https://support.google.com/analytics/answer/6004245?hl=de

c) Google Ads and conversion tracking Google Ads is Google's online advertising program. We use it to display advertisements in Google search or on third-party websites. With the help of conversion tracking, we can recognize which ads have led to actions (e.g. purchases or clicks) on our website. We receive statistical evaluations, but no information with which we can identify you personally.

d) Google Ads remarketing and customer matching Remarketing allows us to retarget users who have already interacted with our website with targeted advertising on the Google advertising network. With customer matching, we transfer encrypted customer data (e.g. hashed email addresses) to Google in order to display suitable advertising messages to these users when they are logged into their Google account.

• Objection: You can object to personalized advertising in your Google account: https://adssettings.google.com/anonymous?hl=de.
• Further information: https://policies.google.com/technologies/ads?hl=de

e) Google reCAPTCHA

This service checks whether an entry is made by a natural person or abusively by machine and automated processing in order to block spam and automated attacks.

Provider: Google LLC, USA. Google Fonts are used to design the Captcha window. No personal data is transmitted other than that which is already transmitted to Google through the ReCAPTCHA functionality.

To differentiate between humans and bots, the IP address, browser and operating system type as well as the date and duration of the visit are recorded and transmitted to Google servers for evaluation.

Legal basis: Our legitimate interest in preventing misuse and spam (Art. 6 para. 1 lit. f GDPR).

We have concluded a data processing agreement with Google to ensure the protection of your data.

Data transfer to the USA: Google is certified under the EU-US Data Privacy Framework, which guarantees a level of data protection comparable to that in the EU.

• Further information: https://cloud.google.com/security/products/recaptcha

Meta pixel (formerly Facebook pixel)

We use the Meta pixel on our website to measure and optimize the success of our advertising campaigns on Meta's platforms (Facebook, Instagram).

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

How it works: The pixel enables Meta to track the behavior of visitors after they have reached our site by clicking on an advertisement (conversion measurement). We can also create target groups for future ads (remarketing). The data collected is anonymous to us. However, Meta can link this data to your user profile and use it for its own advertising purposes.

Joint responsibility (Art. 26 GDPR): We and Meta are jointly responsible for the collection and forwarding of data to Meta. The details of this are set out in an agreement, which you can find here: https://www.facebook.com/legal/controller_addendum. We are responsible for data protection-compliant implementation and informing users, while Meta is responsible for data security and the implementation of your data subject rights with regard to the data stored at Meta.

Data transfer to the USA: Meta Platforms, Inc. (USA) is certified in accordance with the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.

• Further information on the DPF certificate from Meta: https://www.dataprivacyframework.gov/s/participant-search?status=Active&searchtext=meta (The link may change, search for "Meta Platforms, Inc.")
  
  

Extended matching: We use the extended matching function, in which we transmit customer data (e.g. hashed e-mail addresses, names, place of residence) to Meta in order to improve the formation of target groups and the allocation of conversions.

Objection and further information:

• You can object to the use in your Facebook settings: https://www.facebook.com/ads/preferences/
• For users without a Facebook account, an objection is possible via the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
• Further information can be found in Meta's data policy: https://de-de.facebook.com/about/privacy/

 

4. specific data processing

a) Purchase processing and payment service provider

We collect, process and use personal data (customer and contract data) to establish, execute and process contracts that you conclude with us. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or for the implementation of pre-contractual measures.

This includes in particular the forwarding of your data to service providers commissioned by us:

• Shipping service provider: We pass on your address data to the transport company commissioned with the delivery so that it can deliver the ordered goods to you.
• Payment service provider: Your payment data will be transmitted to the payment service provider commissioned to process the payment (see below).

Your e-mail address will only be passed on to the shipping service provider for the purpose of delivering parcel notifications if you have given us your express consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time.

The customer data collected will be deleted after completion of the order or termination of the business relationship, provided that there are no statutory retention obligations (e.g. under commercial or tax law) to the contrary.

b) Payment processing via external service providers

We integrate external payment service providers on our website in order to provide you with a smooth, convenient and secure payment process. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the respective provider to process the transaction.

The legal basis for the use of these services is contract processing in accordance with Art. 6 para. 1 lit. b GDPR. The respective contractual and data protection provisions of the providers apply to the processing of transactions.

We use the following payment services:

• PayPal
  - Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
  - Data transfer to the USA: PayPal is certified according to the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.
  - Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
• Apple Pay
  - Provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.
  - Data transfer to the USA: Apple is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.
  - Privacy Policy: https://www.apple.com/legal/privacy/de-ww/
• Google Pay
  - Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  - Data transfer to the USA: The parent company Google LLC is certified according to the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.
  - Privacy Policy: https://policies.google.com/privacy
• Stripe
  - Provider (for EU customers): Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
  - Data transfer to the USA: Stripe is certified according to the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.
  - Privacy Policy: https://stripe.com/de/privacy
• Klarna
  - Service provider: Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
  - Note: Klarna uses its own cookies to optimize the checkout solution. Details can be found in Klarna's cookie policy.
  - Privacy Policy: https://www.klarna.com/de/datenschutz/
• Mangopay
  - Provider: Mangopay S.A., 2 Avenue Amélie, L-1125 Luxembourg.
  - Note: As a licensed e-money institution, Mangopay also processes your data to fulfill its own legal obligations (e.g. under the Money Laundering Act) in accordance with Art. 6 para. 1 lit. c GDPR.
  - Privacy Policy: https://www.mangopay.com/de/privacy/

5. objection to advertising e-mails

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.