Privacy policy

Privacy Policy

Last Updated: May 30, 2026

1. Data Controller

The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Marlo Hartmann & Robin Hilscher GbR

Project Name: Nivoxx

Mahndorfer Heerstraße 109

28307 Bremen, Germany

Email: info@nivoxx.com

2. General Information

The protection of your personal data is of great importance to us. We process personal data exclusively within the framework of the applicable statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Digital Services Data Protection Act (TDDDG).

This privacy policy informs you about the type of personal data we process in connection with your visit to our landing page and your entry into our list of interested parties.

3. Hosting and Platform (Shopify)

Our website is provided via the Shopify platform.

Provider: Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

And for data transfers to third countries: Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada.

Shopify provides the technical infrastructure to display our website and accept your email entries. In doing so, Shopify processes personal data such as your IP address, device information, browser information, and the email address you entered.

Legal Basis:

Processing is carried out on the basis of Art. 6 (1) (f) GDPR (Legitimate Interest). Our legitimate interest lies in the technically error-free, secure, and efficient provision as well as the statistical optimization of our online offer. If you sign up for our list of interested parties, your email address will be processed on the basis of your consent pursuant to Art. 6 (1) (a) GDPR.

Third-Country Transfer: Data transfer to third countries (in particular Canada and the USA) takes place. Canada has an adequacy decision from the EU Commission. For transfers to the USA, Shopify Inc. is certified under the EU-US Data Privacy Framework (DPF). In addition, Standard Contractual Clauses are used. Further information: shopify.com.

4. Access Data and Server Log Files

When you visit our website, information is automatically collected by the hosting provider and stored in server log files. This includes:

IP address (anonymized if applicable)
Browser type and version
Operating system used
Date and time of access
Referrer URL (the previously visited page)

This data is processed exclusively to ensure the secure, stable, and error-free operation of the website.

Legal Basis: Art. 6 (1) (f) GDPR (Legitimate interest in the technical optimization and security of our website).

5. SSL/TLS Encryption

For security reasons and to protect confidential content (such as your email address in the form), our website uses SSL or TLS encryption. You can recognize an encrypted connection by the lock symbol in your browser address bar and the "https://".

6. Email Registration (Interest List / Newsletter)

If you enter your email address in the form on our website to receive updates on the launch of our project, we will use your email address exclusively to inform you about this project. Registration takes place via the double opt-in procedure (you will receive a confirmation email that you must click first).

Legal Basis: Art. 6 (1) (a) GDPR (Consent). Withdrawal of consent is possible at any time via the unsubscribe link in any email or by sending a message to info@nivoxx.com. The lawfulness of the processing carried out up to the time of withdrawal remains unaffected.

Platform Service: Shopify Forms / Shopify Messaging.

7. Contacting Us

If you contact us directly by email, we process your data (name, email address, message) to answer your inquiry.

Legal Bases: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in processing inquiries).

8. Cookies and Similar Technologies

Our website uses cookies. Technically necessary cookies are loaded to provide the website functions. Non-essential cookies are set exclusively after your explicit consent via our consent banner.

Legal Bases:

Technically necessary: Section 25 (2) No. 2 TDDDG in conjunction with Art. 6 (1) (f) GDPR.
Non-essential: Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR (Consent).

9. Social Media

We maintain online presences (e.g., Instagram, TikTok) to communicate with interested parties. When visiting these platforms, the data protection regulations of the respective operators apply.

10. Storage Duration

We only store your email address for as long as you wish to remain registered in our list of interested parties. If you withdraw your consent, your data will be deleted immediately, unless statutory retention obligations prevent this.

11. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR) regarding your data. You can withdraw any consent granted at any time informally with effect for the future.

12. Right to Lodge a Complaint

You have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The locally competent authority for us is:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen

Langenstraße 5-7 (Kontorhaus am Markt)

28195 Bremen, Germany

Email: office@datenschutz.bremen.de

13. International Data Transfers

Personal data is processed outside the European Union (EU) or the European Economic Area (EEA) (in particular by Shopify).

In doing so, we ensure an adequate level of data protection through appropriate safeguards in accordance with Art. 44 et seq. GDPR. For this purpose, we use:

Adequacy decisions of the EU Commission (e.g., for Canada or the EU-US Data Privacy Framework for certified US companies).
EU Standard Contractual Clauses (SCC).
Additional technical and organizational security measures.

14. Automated Decision-Making

Automated decision-making, including profiling pursuant to Art. 22 GDPR, which has legal effects on you, does not take place on our website.

15. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changing legal situations or technical innovations on our website. The version currently published on our website shall apply.

16. Contact

For questions regarding data protection or to exercise your rights, please contact us informally at: