Privacy Policy - vivora-nest.shop | GDPR Compliant Data Protection

Privacy Policy

Comprehensive GDPR-compliant privacy policy ensuring transparent data handling and protecting your fundamental rights

Last Updated: June 23, 2025 | Effective Date: June 23, 2025

πŸ‡ͺπŸ‡Ί Our GDPR Commitment

We are fully committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and providing you with complete transparency and control over your information.

πŸ”’ Data Protection by Design

Privacy considerations built into every system and process from the ground up

βš–οΈ Your Rights First

Full respect for your data subject rights with easy exercise procedures

πŸ“‹ Complete Transparency

Clear information about what data we collect, why, and how we protect it

πŸ›‘οΈ Maximum Security

State-of-the-art security measures and regular compliance audits

πŸ“‹ Quick Navigation

Data Controller
Data Collection
Legal Basis
Data Sharing
Data Security
Your Rights
Cookies
Contact DPO

🏒 Data Controller Information

Who is responsible for your personal data and how to contact us

Data Controller Details

Company Name: Vivora Nest GmbH

Legal Form: Gesellschaft mit beschrΓ€nkter Haftung (GmbH)

Registration: Handelsregister Berlin HRB 123456B

Share Capital: €80,000.00 (fully paid)

VAT Number: DE123456789

Address: Musterstraße 123, 12345 Berlin, Germany

Managing Director: [Name], responsible for data processing decisions

πŸ“ž Contact Information

  • General Inquiries: info@vivora-nest.shop
  • Privacy Inquiries: privacy@vivora-nest.shop
  • Data Protection Officer: dpo@vivora-nest.shop
  • Phone: +49 (0) 30 123 456 789
  • Response Time: Maximum 30 days as required by GDPR Article 12

πŸ›‘οΈ Data Protection Officer (DPO)

We have appointed a qualified Data Protection Officer who monitors our compliance with GDPR and serves as your primary contact for all privacy-related matters. Contact our DPO directly at dpo@vivora-nest.shop for any data protection concerns.

πŸ“Š What Personal Data We Collect

Comprehensive overview of all personal data we collect and the purposes

We collect personal data only when necessary for specific, legitimate purposes. Below is a complete overview of all data categories we collect:

βœ… Essential Data

Required for Service Provision

  • Full name (first and last name)
  • Email address
  • Shipping and billing addresses
  • Phone number
  • Order history and purchase details
  • Payment information (encrypted)

πŸ”§ Technical Data

Automatic Collection

  • IP address and location data
  • Browser type and version
  • Operating system information
  • Device identifiers
  • Website usage patterns
  • Cookies and tracking technologies

πŸ“ Optional Data

With Your Consent

  • Marketing preferences
  • Product reviews and feedback
  • Survey responses
  • Social media interactions
  • Customer service communications
  • Loyalty program information

⚠️ Sensitive Data

Special Categories (Minimal)

  • Health data (only if relevant for product safety)
  • Biometric data (for high-value authentication)
  • Special dietary requirements (for applicable products)
  • Note: Processed only with explicit consent
Data Category Collection Method Primary Purpose Retention Period
Account Information User Registration Account management, order processing Until account deletion + 3 years
Order Data Purchase Process Order fulfillment, warranty, support 10 years (legal requirement)
Payment Data Checkout Process Payment processing, fraud prevention As required by payment regulations
Communication Data Customer Service Support, complaint resolution 3 years after last contact
Technical Data Website Visits Security, performance, analytics 26 months (cookies policy)

🀝 Data Sharing and Third Parties

Complete transparency about who we share your data with and why

We only share your personal data when necessary for service provision or legal compliance. Below are all third parties who may receive your data:

Third Party Category Purpose Data Shared Safeguards
Payment Processors
(PayPal, Stripe, etc.)		 Secure payment processing Payment details, order amount, billing address PCI DSS compliance, encryption, data processing agreements
Shipping Partners
(DHL, UPS, FedEx)		 Order delivery and tracking Name, delivery address, phone, order details Contractual data protection obligations, limited purpose
Cloud Service Providers
(AWS, Google Cloud)		 Data storage and processing All categories (encrypted and secured) GDPR compliance certification, data processing agreements
Customer Service Tools
(Zendesk, Intercom)		 Customer support and communication Contact details, order history, support tickets EU-based servers, GDPR compliance, access controls
Analytics Providers
(Google Analytics)		 Website performance and user experience Anonymized usage data, IP addresses (truncated) Data anonymization, opt-out options, privacy settings
Legal/Regulatory
(Courts, authorities)		 Legal compliance and law enforcement As required by valid legal requests Legal review, minimum necessary principle, notification where possible

🌍 International Data Transfers

Third Country Transfers: Some service providers may be located outside the EU/EEA. All international transfers are protected by adequate safeguards including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Additional technical and organizational measures

πŸ”’ Data Processing Agreements

All third parties who process personal data on our behalf are bound by comprehensive data processing agreements that ensure GDPR compliance, including data security, confidentiality, and deletion requirements.

πŸ”’ Data Security Measures

Comprehensive technical and organizational measures protecting your data

We implement state-of-the-art security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

πŸ›‘οΈ Technical Measures

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication, role-based access, principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, VPN access
  • Data Backup: Encrypted backups with tested recovery procedures
  • Vulnerability Management: Regular security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and incident response

πŸ‘₯ Organizational Measures

  • Staff Training: Regular GDPR and security awareness training
  • Access Management: Background checks, confidentiality agreements
  • Incident Response: Documented procedures for data breach response
  • Data Minimization: Collection and processing limited to necessary data
  • Regular Audits: Internal and external security and compliance audits
  • Documentation: Comprehensive records of processing activities

πŸ“‹ Certifications and Compliance

Security Standards: ISO 27001, SOC 2 Type II, PCI DSS | Privacy Compliance: GDPR, ePrivacy Directive | Regular Assessments: Annual third-party security audits and penetration testing

🚨 Data Breach Notification

In the unlikely event of a data breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay when the breach is likely to result in high risk to rights and freedoms.

βš–οΈ Your Data Protection Rights

Complete overview of your rights under GDPR and how to exercise them

Under the GDPR, you have the following rights regarding your personal data. These rights are fundamental and we are committed to facilitating their exercise:

πŸ‘οΈ

Right to Information

Article 13-14

Clear information about data processing (this policy)

πŸ“‹

Right of Access

Article 15

Access to your personal data and processing information

✏️

Right to Rectification

Article 16

Correction of inaccurate or incomplete data

πŸ—‘οΈ

Right to Erasure

Article 17

Deletion of personal data ("right to be forgotten")

⏸️

Right to Restriction

Article 18

Limitation of data processing in certain circumstances

πŸ“€

Right to Portability

Article 20

Receive your data in structured, machine-readable format

🚫

Right to Object

Article 21

Object to processing based on legitimate interest

πŸ€–

Automated Decision-Making

Article 22

Protection against solely automated decisions

πŸ“ž How to Exercise Your Rights

Contact Methods:

  • Email: dpo@vivora-nest.shop (preferred method)
  • Privacy Form: Available in your account settings
  • Phone: +49 (0) 30 123 456 789
  • Post: Vivora Nest GmbH - Data Protection, Musterstraße 123, 12345 Berlin

Response Time: Maximum 30 days (may be extended by 60 days for complex requests)

Verification: We may request additional information to verify your identity

βš–οΈ Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

German Supervisory Authority: Bundesbeauftragte fΓΌr den Datenschutz und die Informationsfreiheit (BfDI)
Website: bfdi.bund.de | Email: poststelle@bfdi.bund.de

πŸͺ Cookie Policy

Complete information about cookies and similar technologies we use

We use cookies and similar technologies to provide, protect, and improve our services. This section explains what cookies we use and your choices regarding them.

βœ… Essential Cookies

Always Active

  • Session management and shopping cart
  • User authentication and security
  • Language and region preferences
  • GDPR consent management
  • Load balancing and performance

These cookies are necessary for website functionality and cannot be disabled.

πŸ“Š Analytics Cookies

Requires Consent

  • Google Analytics (anonymized)
  • Website performance monitoring
  • User experience improvements
  • Traffic and usage statistics
  • Error tracking and debugging

Retention: 26 months | Purpose: Website optimization

πŸ“’ Marketing Cookies

Requires Consent

  • Advertising personalization
  • Retargeting and remarketing
  • Social media integrations
  • Campaign effectiveness tracking
  • Cross-device recognition

Retention: 13 months | Purpose: Personalized advertising

πŸ”§ Cookie Management

Your Choices: You can manage cookie preferences through our cookie banner, browser settings, or account preferences. Disabling certain cookies may limit website functionality.

Browser Controls: Most browsers allow you to block, delete, or receive notifications about cookies. Refer to your browser's help section for instructions.

πŸ“ž Contact Our Data Protection Officer

Our qualified Data Protection Officer is your primary contact for all privacy-related questions, rights requests, and data protection concerns.

πŸ›‘οΈ Data Protection Officer Contact

Email: dpo@vivora-nest.shop

Phone: +49 (0) 30 123 456 789

Response Time: Within 30 days as required by GDPR

Languages: German, English, French, Spanish, Italian

🎯 When to Contact Our DPO

  • Exercise any of your data protection rights
  • Questions about data processing
  • Privacy concerns or complaints
  • Data breach notifications
  • General GDPR compliance questions

πŸ“ Policy Updates and Changes

How we handle updates to this privacy policy

πŸ”„ Policy Updates

We may update this privacy policy to reflect changes in our practices, legal requirements, or service offerings. We will handle updates as follows:

  • Material Changes: 30-day advance notice via email and prominent website notice
  • Minor Updates: Updated policy posted with revision date
  • Legal Changes: Immediate updates when required by law
  • Version Control: Previous versions archived and available upon request

πŸ“… Current Version Information

Version: 2.1 | Effective Date: June 23, 2025 | Last Review: June 23, 2025 | Next Review: December 2025

πŸ“‹ Continued Use

Continued use of our services after policy updates constitutes acceptance of the new terms. If you disagree with updates, you may exercise your right to data deletion and discontinue service use.

Scroll to Top