Privacy policy
Privacy Policy
1. Data Controller
The data controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is:
Nabila Aslam - Nabsha
Frankfurterstr. 36
63069 Offenbach am Main
Germany
Email: contact@nabsha.com
Phone: +49160 96254488
Website: www.nabsha.com
2. General Information
We take the protection of your personal data very seriously. This Privacy Policy informs you about what data we collect, how we use it, and what rights you have regarding your personal data.
All processing of personal data is carried out in accordance with the GDPR and applicable national data protection legislation.
3. Hosting – Shopify
Our online shop is hosted on the Shopify platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Victoria Road, Dublin 2, Ireland.
When you visit our shop, the following data is automatically collected and stored on Shopify's servers:
• IP address
• Date and time of access
• Pages accessed / URLs
• Browser type and operating system
• Referring URL (previously visited page)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the shop).
Shopify may transfer data to the United States. Shopify is certified under the EU-US Data Privacy Framework and uses EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) as the basis for transfers to third countries.
Further information: https://www.shopify.com/legal/privacy
4. Order Processing and Contract Data
When you place an order, we collect the following data to process your purchase:
• Name and address
• Email address
• Phone number (optional)
• Payment details (transmitted encrypted directly to the payment provider — not stored on our servers)
• Ordered products and order value
• Delivery address
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Retention period: We are legally required to retain invoicing and accounting records for 10 years (§ 147 AO, § 257 HGB). After this period, data will be deleted.
5. Customer Account
You have the option to create a customer account with us. When doing so, we collect:
• Name
• Email address
• Password (stored in encrypted form)
• Delivery addresses
• Order history
Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(b) GDPR (pre-contractual measures).
You may delete your customer account at any time. Please note that order data may be retained even after account deletion due to statutory retention obligations (see Section 4).
6. Payment Processing
We use Shopify-integrated payment providers (e.g. Shopify Payments, PayPal) to process payments. Payment data is transmitted directly to the respective provider and is not stored on our servers.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Please refer to the privacy policies of the respective payment providers for further details.
7. Cookies
Our shop uses cookies — small text files stored on your device. We use only technically necessary cookies required for the operation of the shop (e.g. shopping cart, session management).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Technically necessary cookies cannot be declined, as the shop would not function without them. They are automatically deleted at the end of your session or after a short period.
8. Contact Enquiries
If you contact us by email or through a contact form, we store your enquiry including all provided information in order to process it.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in processing enquiries) or Art. 6(1)(b) GDPR (where the enquiry relates to a contract).
Retention period: Enquiries are deleted once they are no longer needed, and at the latest after 3 years.
9. Disclosure of Data to Third Parties
Your data is only shared with third parties in the following cases:
• With shipping service providers (e.g. DHL, DPD) to deliver your order — legal basis: Art. 6(1)(b) GDPR
• With payment service providers to process your payment — legal basis: Art. 6(1)(b) GDPR
• With Shopify as our technical service provider (a data processing agreement pursuant to Art. 28 GDPR is in place)
• Where we are legally required to do so (e.g. to tax authorities)
Your data will not be shared for advertising or marketing purposes.
10. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
• Right of access (Art. 15 GDPR): You may request information about the personal data we hold about you.
• Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
• Right to erasure (“right to be forgotten”, Art. 17 GDPR): You may request the deletion of your data, unless statutory retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR): You may request that the processing of your data be restricted.
• Right to data portability (Art. 20 GDPR): You may request a copy of your data in a commonly used, machine-readable format.
• Right to object (Art. 21 GDPR): You may object to processing of your data carried out on the basis of a legitimate interest.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time with effect for the future.
To exercise your rights, please contact us at: [your@email.com]
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Hesse, Germany is:
The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de
12. Data Security
Our shop uses SSL/TLS encryption for the transmission of all data. You can identify an encrypted connection by the “https://” prefix in your browser’s address bar.
13. Updates to this Policy
We reserve the right to update this Privacy Policy in response to changes in our shop or applicable law. The current version is always available on our website.