NewNiche

Legal — Datenschutz

Privacy Policy

Privacy policy

(Please note: This is a translation of our German Privacy Policy. In case of any differences, the German version is legally binding.)

1. Name and Contact of the Controller

The data controller for this website is New Niche GmbH, Wilhelmshöher Str. 2, 12161 Berlin. If you have any questions or concerns about data protection, you can reach us at info@newniche.com. We are pleased about your interest in our online shop, and we take the protection of your personal data very seriously. In the following, we inform you in detail about how we handle your data (collection, use, and sharing) when you visit our website or use our services.

2. Access Data and Hosting

You may visit our website without providing personal information. However, each time you access our site, the web server automatically records certain access data in so-called server log files. This includes, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider. These access logs are collected and used solely to ensure the stable operation of the site and to improve our services. This is done on the basis of our legitimate interests in presenting our website correctly and securely (legal basis: Art. 6(1)(f) GDPR). All access logs are deleted no later than seven days after your visit.

Hosting by Third-Party Provider: Our website is hosted by an external service provider (e.g. Shopify) on our behalf. All data that is collected on this website – whether through browsing or via forms – is processed on the servers of this hosting provider. Our hosting provider may in part be located outside the EU/EEA. Specifically, the provider uses servers in countries including Canada (which is recognized by the EU Commission as providing an adequate level of data protection) and the USA. Data transfers to the USA are not covered by an adequacy decision, so we have entered into EU Standard Contractual Clauses (SCCs) with the provider to ensure a European level of data protection for your personal information. Nevertheless, we note that data stored in the USA could potentially be subject to access by US authorities under local laws, which is an aspect considered risky by the European Court of Justice. We have taken contractual measures to safeguard your data. If you have questions about our hosting arrangements and data protection guarantees, feel free to contact us.

3. Processing of Data for Contract Execution and Contact

Order Processing: When you place an order through our online shop, we collect and process the personal data you provide (e.g. name, billing and shipping address, email address, payment details) for the purpose of fulfilling your order and managing our contractual relationship (Art. 6(1)(b) GDPR). Fields that are required for order processing are marked as mandatory – without this information, we cannot process your order. The specific data collected can be seen from the input forms on our site. We use these data solely to process your order (including any warranty claims or required updates to products). After complete fulfillment of the contract and payment, your data will be restricted from further use and deleted upon expiry of the applicable commercial and tax retention periods, unless you have consented to a further use or we have a legal basis to retain the data longer (e.g. storage of invoices for tax purposes).

Sharing data with shipping companies: For the purpose of delivering your ordered goods, we will pass on the necessary information (typically your name and delivery address, and if needed your email/phone for notification) to the shipping company entrusted with the delivery (e.g. DHL, UPS, DPD). This data transfer is strictly for fulfilling the contract (delivery of your purchase) and is based on Art. 6(1)(b) GDPR. If you have given us your explicit consent during or after the order, we will also provide your email address or phone number to the shipping provider so they can contact you with shipping updates or delivery scheduling (legal basis: Art. 6(1)(a) GDPR). You can revoke such consent at any time by notifying us or the shipping provider, after which the data will be deleted unless other legal grounds allow further processing.

Sharing data for payment processing: Depending on the payment method you choose during checkout, we may need to share relevant data with the corresponding payment service provider or bank in order to process the payment (Art. 6(1)(b) GDPR). For example, if you pay by credit card, your card details will be transmitted to our payment processor or the credit card company. If you choose PayPal, we will provide necessary order identifiers to PayPal, etc. In some cases, the payment providers collect these data themselves via their own interface integrated on our site – in such cases, the privacy policy of the respective payment provider applies. We do not receive full payment information like your credit card number (except possibly the last few digits for reference). We only get a confirmation of payment or transaction ID. Please consult the privacy notices of the payment service you selected (e.g. PayPal, Stripe, Klarna, etc.) for details on their data processing. If you have any questions about our payment partners and the basis of our cooperation with them, you can reach out to us at any time.

Fraud prevention: If necessary, we may transmit additional data to our payment service providers (or anti-fraud service providers) along with the payment data to help prevent fraud and ensure secure payment transactions (e.g. verification data, device information). This is done under our legitimate interest in preventing fraud and is covered by Art. 6(1)(f) GDPR.

Customer account: If our website allows the creation of a customer account and you choose to register, we will use the data you provide to set up and manage your account (based on your consent, Art. 6(1)(a) GDPR). The account stores your personal data for future orders (so you don't have to re-enter everything). You can delete your account at any time through the account settings or by contacting us, upon which your data will be erased unless we are permitted or required to retain it under law.

Contact inquiries: When you contact us (e.g. via a contact form on the website or by email), we collect the personal data you provide (your email address, name, and any information included in your message) solely for the purpose of responding to and processing your inquiry. The legal basis for this is Art. 6(1)(b) GDPR (performance of pre-contractual measures or answering your request). You are not obliged to provide additional data beyond the information needed to handle your request. We use this information exclusively to respond to your inquiry. Once your request is fully resolved, we will delete the correspondence and any related data, unless you have given consent to further storage or further processing is justified by another legal basis (e.g. if your inquiry leads to an order or contract).

4. Newsletter and Email Marketing

Newsletter Sign-Up: If you subscribe to our email newsletter, we will use the data necessary for this (usually just your email address, and possibly your name if provided) to send you our newsletter regularly, based on your consent (Art. 6(1)(a) GDPR). We employ a double opt-in process for the newsletter registration when required by law: after signing up, you will receive an email asking you to confirm your subscription. This confirmation ensures that the email address provided is really yours and that you agree to receive the newsletter. Only after confirmation will your address be added to our mailing list.

Newsletter Content: Our newsletters contain information about our products, promotions, and company news which we believe may be interesting to you based on our relationship. The exact content is outlined when you subscribe or in the welcome email.

Unsubscribing: You can unsubscribe from the newsletter at any time. Each newsletter email includes an “unsubscribe” or “opt-out” link that you can click to stop receiving future newsletters. Alternatively, you can send us an email request to remove you from the list. Once you unsubscribe, we will promptly remove your email from our mailing list, unless you have explicitly consented to further use of your data or we are legally permitted to retain it for other purposes.

Newsletter analytics (tracking): If you have given us separate consent to do so, we may analyze your interaction with our newsletters to optimize our email content. This includes measuring how often newsletters are opened and which links are clicked, in order to understand what content is most interesting to our subscribers. For this analysis, our emails may contain small tracking technologies (like tracking pixels or web beacons). When you open an email, these pixels connect to our server (or the server of our email service provider) and allow us to collect technical information such as your IP address, the time of opening, the type of email client (browser or mail app) used, and whether you click on links in the email. We might link this information with your email address or an internal newsletter ID to evaluate which subscribers are reading our newsletters and what links they find interesting. No profiling beyond newsletter optimization occurs – we do not, for example, make any automated decisions based on your newsletter behavior. The insights help us adjust our future newsletters to the interests of our readers (for example, to send more of what appears to be useful and less of what doesn’t). If you do not wish to be tracked in this way, you can either refrain from giving the extra consent for analytics or, if you already did, you can revoke this consent at any time. We will then exclude your newsletter interactions from our analysis. Unsubscribing from the newsletter will also stop any tracking for you. We store the newsletter interaction data as long as you remain subscribed; once you unsubscribe, this data is either deleted or sufficiently anonymized.

Email Service Providers: Our newsletter may be sent using external email service providers who act on our behalf as data processors. These providers help us manage subscriber lists and distribute emails efficiently. We ensure that any service provider we use protects your data in compliance with GDPR. If such providers operate servers outside the EU (for example, in the USA), we have made sure that Standard Contractual Clauses or equivalent safeguards are in place to protect your data, given that an EU-equivalent privacy level may not be guaranteed in those countries.

The providers we currently use are:

  • Klaviyo: We use Klaviyo for managing our email newsletter list and sending emails. The service provider is Klaviyo Inc., 125 Summer St, Boston, MA 02110, USA. Klaviyo is an email marketing platform. When you subscribe to our newsletter, the data required (email address, and if provided your name) is stored on Klaviyo’s servers. Klaviyo may also collect certain technical data (like email open rates, IP address at open time, etc.) to provide us with analytics on our newsletter performance. Because Klaviyo is a US-based company, it may process your personal data on servers in the United States. According to the European Court of Justice, the US is currently not considered to have an adequate level of data protection. To cover this, we have signed the European Commission’s Standard Contractual Clauses (SCCs) with Klaviyo, obligating Klaviyo to comply with EU data protection standards for data it processes on our behalf. Klaviyo has also published a Data Processing Agreement including these SCCs. In practical terms, this means Klaviyo must protect your data and not use it for any purposes other than sending our newsletter and analyzing it as instructed by us. For more details, please see Klaviyo’s privacy policy. You can withdraw your newsletter consent at any time (see above), and then we will remove your data from Klaviyo, too, unless retention is necessary by law.

  • Beehiiv: We occasionally distribute newsletters via beehiiv. Beehiiv is a newsletter platform provided by beehiiv Inc., 228 Park Avenue #2329976, New York, NY 10003, USA. If you subscribe to a newsletter that we send through Beehiiv, your email address (and any other info you optionally provide for that newsletter) will be stored on Beehiiv’s systems. Beehiiv processes this data strictly for sending out our newsletters and for analytics on our behalf. Similar to Klaviyo, Beehiiv might use tracking pixels in the emails to inform us, for instance, how many subscribers opened the email and from which region. Beehiiv may also collect technical metadata such as your IP address and approximate location at the time of subscription or email open, primarily to prevent fraudulent sign-ups and give us insight into our subscriber base distribution. Beehiiv is a US-based company, meaning your data could be transferred to or stored in the USA. We have also entered into Standard Contractual Clauses with Beehiiv (or rely on Beehiiv’s adherence to such EU safeguards) to legitimize these transfers and ensure protection of your data. Beehiiv’s privacy practices are detailed in their privacy policy (available on their website). If you unsubscribe from a Beehiiv-powered newsletter, we will ensure your data is deleted from Beehiiv’s database as well, unless continued retention is legally required.

5. Cookies and Tracking Technologies

To make our website user-friendly and to enable certain features, we use cookies and similar technologies on various pages. Some of these technologies are essential for the operation of the website, while others serve analytics and marketing purposes. In this section, we explain what these technologies are, what they do, and how you can control them.

What are cookies? Cookies are small text files that your browser stores on your device. Cookies can store information like user preferences, login status, or identifiers that allow a site to recognize your browser across visits. Session cookies are temporary cookies that are deleted when you close your browser, whereas persistent cookies remain on your device for a set period or until you delete them, so that the site can remember you on your next visit.

Essential cookies: Some cookies are technically necessary for the website to function properly. For example, if our site has a shopping cart, a cookie might remember the items you added so that your cart isn’t empty when you navigate between pages. Other essential cookies may be needed for security or to remember your privacy settings. These essential cookies do not require consent, as without them the site cannot provide the service you explicitly request (per EU ePrivacy rules). We process data collected by essential cookies based on our legitimate interest in providing a functional website (Art. 6(1)(f) GDPR).

Analytics and marketing cookies: We also use cookies and scripts for website analytics (to understand how users use our site) and for advertising/marketing (to personalize ads and measure their effectiveness). These cookies are not essential, meaning we will use them only if you give us your consent (Art. 6(1)(a) GDPR). When you first visit our site, you will see a cookie consent banner where you can choose which categories of cookies you accept. You can accept all cookies, or only certain types (like “analytics” and “marketing” cookies), or decline those that are not essential. We will respect your choice: if you choose “Decline” or “Only essential cookies,” we will not set any cookies or use any trackers that are not necessary for site operation.

Cookie consent management: We use a dedicated cookie consent management platform (CMP) to obtain and document your choices regarding cookies. When you make your selection on the cookie banner, our CMP will set a cookie to remember your preferences and log an entry that you gave (or denied) consent at a certain time. This log includes an anonymized IP address, the date and time, browser information, and a consent ID or key, together with your chosen settings. The purpose is to have an audit trail of consent as required by law (Art. 7(1) GDPR). The consent records are stored securely and automatically deleted after 12 months, unless we are legally required to retain them longer. The CMP we use is provided by beeclever GmbH (“GDPR Legal Cookie”), which processes the data on our behalf. You can adjust your cookie preferences at any time by accessing the “Cookie Settings” link on our website (usually in the footer) or by clearing cookies in your browser (upon which the banner will reappear).

Below, we detail the specific third-party cookies and tools we use for analytics and marketing, provided you have consented to them. You can withdraw consent for any of these at any time via our cookie settings or other opt-out mechanisms described.

5.1 Google Analytics (Website Analytics)

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. in Dublin, Ireland. Google Analytics helps us understand how visitors interact with our site – for example, which pages are most popular, how long users stay, and what sources bring visitors to our site. We use this information to improve the website’s content and user experience.

Data collected: Google Analytics automatically collects certain data when you visit our site, such as your IP address, the date and time of your visit, device and browser type, and information on your on-site behavior (e.g. which pages you viewed, clicks, and other interactions). Google Analytics may set cookies or use similar tracking technologies to recognize your browser across page loads and subsequent visits. However, we have activated IP anonymization in Google Analytics: this means Google truncates your IP address within the EU/EEA before storing it, by removing the last octet (last part) of the IP, so that it cannot be easily linked to you. Only in rare cases will the full IP address be sent to a Google server in the USA and shortened there. Also, Google Analytics does not combine the data collected through our site with other information Google may have (for instance, from your Google account) – Google Analytics data for our site is meant to be analyzed in aggregate, not to identify you as an individual. We have signed a Data Processing Agreement with Google, meaning Google acts as a processor on our behalf and is contractually bound to handle the data in compliance with GDPR.

Use of data: Google uses the collected data to analyze your use of our website on our behalf and compile reports on website activity. Google may also use this data to provide other services related to website and internet usage for us. We primarily receive statistical reports (for example, total page views, or demographic breakdowns if available) from Google Analytics. These reports do not include personal data, only aggregated information.

Google Analytics 4: If we are using Google Analytics 4, note that it operates slightly differently from Universal Analytics: GA4 might track events instead of pageviews and can integrate with Google’s advertising ecosystem. GA4 by default also masks IP addresses (does not log full IP) and uses country-level geolocation. The privacy principles remain similar – no usage without your consent.

International data transfer: Google Analytics data is typically transmitted to Google servers in the United States and stored there. The U.S. is considered to have inadequate data protection by EU standards, so Google’s data transfers rely on Standard Contractual Clauses as safeguards. Google LLC (based in California, USA) is the entity providing the infrastructure for Google Analytics. By agreeing to analytics cookies, you acknowledge that your data will be processed in the USA. While we and Google have taken steps to protect your data, U.S. authorities may have access to personal data under U.S. law. For more information on how Google handles user data, you can review Google’s Privacy Policy and specifically Google Analytics’ data practices.

Opt-out options: You have several options to opt-out or limit Google Analytics tracking:

- Cookie settings: As mentioned, you can refuse or withdraw consent for analytics cookies via our website’s consent tool at any time, which will disable Google Analytics on our site.

- Browser plugin: Google offers an opt-out browser add-on which, once installed, prevents Google Analytics from collecting information on any site you visit (in that browser). It’s available here: https://tools.google.com/dlpage/gaoptout.

- Browser settings: You can also set your web browser to block or delete cookies. However, note that if you disable all cookies, some website functionality (including things unrelated to analytics) might be impaired.

- Mobile opt-out: If you access our site on a mobile device, the above browser add-on might not work. In such cases, you can use our site’s opt-out link (if provided) which will set a cookie named ga-disable-***** to disable analytics for that browser environment. This requires that cookies are allowed for our site on your device. If you clear your cookies, you’d need to click the opt-out link again.

We respect “Do Not Track” signals and similar settings – if your browser is set to Do Not Track, our analytics scripts should recognize that and not run (to the extent it’s technically feasible).

5.2 Google Ads & Conversion Tracking (Advertising)

We utilize Google Ads (an online advertising platform by Google) to display advertisements for our site on Google search results and on third-party websites. In connection with Google Ads, we use two key features: Remarketing and Conversion Tracking.

Google Ads Remarketing: This website uses Google’s remarketing technology to show you relevant ads on other sites within Google’s ad network if you’ve visited our site. How it works: when you visit our website, Google sets a unique cookie (the Google Ads Remarketing cookie) on your browser, provided you consent to marketing cookies. This cookie uses a pseudonymous identifier to gather information about your visit (such as which pages or products you viewed). It allows Google to recognize your browser and, using the info about your visit to our site, display tailored ads for our products when you later browse other websites or use Google Search. For example, if you looked at product X on our site, you might see an ad for product X or related products on another site later. All this happens in a pseudonymous manner – we as the advertiser do not know your identity, only that an unidentified user with a certain cookie visited certain pages. Google ties the interest profile to that cookie ID. No remarketing will happen if you opt out or don’t give consent for marketing cookies.

If you also have a Google account and are signed in, and you have allowed Google to use your Web & App activity for ad personalization, Google might further link your site usage with your Google account and serve you ads across devices (cross-device marketing). For instance, you could see our ads on your phone based on browsing our site on your laptop. We (as advertisers) can create remarketing lists via Google Ads, but these lists contain only cookie IDs or aggregated group characteristics, not any personally identifiable info.

Google Ads Conversion Tracking: We also use Google Ads Conversion Tracking to measure the effectiveness of our Google Ads campaigns. After you interact with one of our ads (for example, by clicking a text ad in Google search) and then perform a relevant action on our site (like making a purchase or signing up for our newsletter), Google Ads records that conversion and associates it with our ad campaign. To do this, a temporary cookie is placed on your device when you click our ad. If you then reach a conversion page on our site (like an order confirmation page), Google will detect the cookie (via a small code snippet we’ve placed on that page) and know a conversion occurred. The conversion cookie tracks data such as your IP address, the time of the conversion, browser type, and a unique identifier for the conversion event. This helps us understand, for example, which keywords or ads are leading to conversions. Importantly, we do not receive personally identifying information from this process – we see only aggregated data such as the total number of conversions and sales volume, not who specifically made a purchase. The conversion cookie loses its validity after a certain period (typically 30 days) and is not used for personal identification.

Legal basis: We rely on your consent to drop and read Google Ads cookies (Art. 6(1)(a) GDPR). If you did not consent to marketing cookies, the Google Ads remarketing cookie will not be set and conversion tracking will not function (because the tracking script won’t run without consent). You can manage your consent choices at any time in our cookie settings banner or tool.

Data sharing and retention: The data Google collects through remarketing and conversion cookies is stored on Google’s servers, which may be globally distributed (mainly in the USA). Google’s privacy policy states that conversion cookies only track conversions and do not contain personal data beyond maybe an IP and random ID. We do not combine conversion data with any customer data on our side. Google may retain campaign performance data for a certain period to allow us to analyze and improve our advertising. However, those cookies generally expire after 30-90 days if no conversion happens, so they do not track you long-term.

Opt-out: If you want to opt out of Google’s interest-based advertising, you can do so by adjusting your settings at Google’s Ads Settings page (https://adssettings.google.com). There, you can disable personalized ads entirely. Additionally, you can install the Google Analytics opt-out browser add-on mentioned above, which also can block many Google tracking tags, or use browser extensions that block scripts. And of course, using our cookie consent tool to withdraw consent for marketing cookies will disable both remarketing and conversion tracking on our site.

5.3 Meta (Facebook) Pixel (Facebook/Instagram Advertising and Analytics)

We use the Facebook Pixel from Meta Platforms Ireland Ltd. (formerly Facebook Ireland) on our website. This tool helps us to serve personalized ads on Facebook and Instagram to visitors of our website and to measure the effectiveness of our Facebook/Instagram advertising campaigns. Meta Platforms Ireland is based in Dublin (Ireland); for users outside the EU, the data may be transferred to Meta’s parent company (Meta Platforms, Inc.) in the USA.

How it works: The Facebook Pixel is a snippet of JavaScript code we have added to our site. When you visit and interact with our website (for example, by viewing a certain product or clicking a button), the Pixel triggers and reports this action to Facebook’s servers. The information transmitted includes data such as your IP address, the exact time of the action, your browser and device information, and specifics of the action (e.g. “User visited page X” or “User added item Y to cart”). If you are a Facebook user, Facebook can match this data to your user account (if you are logged in to Facebook/Instagram on the same browser, or if Facebook has placed a cookie on your browser). This enables Facebook to assess audiences: e.g. “User with ID 12345 on Facebook visited this site, so maybe show them an ad for the product they saw.” It also allows us to build advertising audiences (so-called Custom Audiences) – for example, we can ask Facebook to create an audience of all site visitors in the last 30 days, and then show ads to that group on Facebook.

What data is collected: The data collected by the Facebook Pixel includes:

- Technical data: such as IP address, browser type, operating system, screen resolution, etc..

- Event data: specific actions you took on our site, e.g. page views, clicks, form submissions, purchases, etc., along with possibly the names/IDs of items you interacted with (like product IDs) and the URL you were on.

- Facebook cookies: If present in your browser, the Pixel will also send any Facebook cookies (like the fr cookie or _fbp cookie) which contain your Facebook user ID (hashed) and other info. This helps Facebook either (a) recognize you as a Facebook user or (b) recognize your device as one that was used to log into Facebook previously, enabling cross-site tracking.

Extended matching: Our pixel may use Facebook’s advanced matching feature. This means that if you perform certain actions like signing up or purchasing, and provide personal data such as your email or phone number during those actions, we might (through the Pixel code) send a hashed version of that data to Facebook. “Hashed” means it’s converted into a string of characters that ideally cannot be reverse-engineered back to the original. Facebook can use these hashes to try to match you to a Facebook account (since Facebook also hashes all user emails/phones). This improves the attribution of events and the building of custom audiences. If you’re not a Facebook user, or if the hashes don’t match, they are discarded.

Purpose of use: We use the Pixel data for:

- Ad targeting: We want to show our Facebook/Instagram ads to people who have shown interest in our website or products. For example, if you looked at Product A on our site, we can later show you an ad for Product A (or related products) on Facebook. This is often called retargeting or remarketing. It’s more efficient for us and more relevant for you than random ads.

- Conversion tracking: The Pixel allows us to track if Facebook/Instagram ads lead to results on our site. For instance, if we run an ad for a sale, we can see via the Pixel if people who saw or clicked that ad ended up purchasing something on our site (a “conversion”). Facebook aggregates this data and provides us reports (e.g. “50 purchases happened from users who saw this ad”). We cannot identify those users from the reports – we just see numbers. This helps us measure ROI of our ad spend.

- Optimization: Facebook uses Pixel data to optimize our campaigns. For example, if our goal is “people who purchase”, Facebook’s system tries to show the ads to users who are more likely to purchase (based on Pixel feedback). This is in Facebook’s algorithms and helps improve ad effectiveness.

Legal basis: We implement the Facebook Pixel only if you have given consent to marketing cookies/trackers (Art. 6(1)(a) GDPR). In our cookie banner, the Facebook Pixel is categorized under marketing. If you did not consent, the Pixel remains inactive and no data is sent to Facebook. You can also withdraw consent at any time (see “Your choices” below).

Data sharing and recipients: The data collected via the Pixel on our site is sent to Meta Platforms Ireland (Facebook’s European subsidiary). However, Meta Ireland may transfer this data to Meta’s servers in the United States where it may be stored and further processed. Meta is subject to the EU-U.S. Data Privacy Framework (as of 2023) and we have also signed SCCs with Meta (via the Facebook Business Tools terms) to cover these transfers. According to those terms, for conversions and targeting data that Meta processes on our behalf, Meta Ireland and we are considered joint controllers under GDPR, and we have a supplementary agreement (the “Joint Controllership Addendum”) with Meta to delineate our responsibilities. Essentially, we are responsible for providing you this transparency information and obtaining your consent, and Meta Ireland is responsible for enabling your data subject rights with regard to the data it holds. Meta’s privacy policy provides further details on how it handles personal data.

Data retention: The raw event data that Facebook collects via the Pixel is generally stored for a limited time. Facebook then aggregates or anonymizes it. We, as advertisers, do not receive personal data, only anonymized or aggregated insights. We can, however, re-target you with ads for up to 180 days after your visit based on Pixel data (that’s typically the default maximum retention for website custom audiences on Facebook). After that, if you haven’t visited again, you would be removed from our site’s retargeting audience.

Your choices / Opt-out:

- Via our site: You can manage your preferences for the Facebook Pixel via our cookie consent tool. If you withdraw consent for marketing cookies, our site will stop using the Pixel for your visits going forward.

- Via Facebook: If you have a Facebook account, you can also adjust your ad settings directly on Facebook. In Facebook (and Instagram) settings, under “Ads” or “Ad Preferences”, you can disable ads based on partner data. That would include data like our Pixel. You can also opt-out of seeing personalized ads on Facebook that are based on your activity on other websites (which includes our site). Additionally, you can use the site http://www.youronlinechoices.com (for EU users) to opt out of various ad networks.

- Blocking scripts: Using browser add-ons or script blockers (like uBlock, Ghostery, etc.) can also block Facebook Pixel, but keep in mind this might also block other useful components of websites.

We want to emphasize that we do not receive personal data from Facebook about you specifically; we only receive statistical conclusions. We also do not upload any customer lists or emails to Facebook without separate consent. The Pixel is only one of many tools, and we use it with respect for your privacy choices. If you have any concerns about the Facebook Pixel or our use of it, feel free to contact us.

6. Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), you have various rights regarding your personal data. Below is an overview of these rights:

  • Right of Access (Art. 15 GDPR): You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and if so, access to that personal data and information about how it’s processed. This includes information on the purposes of processing, categories of data, recipients, envisaged storage period, and the existence of other rights such as rectification or complaint. We will provide you with a copy of the personal data undergoing processing upon request.

  • Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccurate personal data about you, and to have incomplete data completed, taking into account the purposes of the processing. If you become aware that, for example, we have an incorrect spelling of your name or an outdated address, you can ask us to update it.

  • Right to Erasure (Art. 17 GDPR): Commonly known as the “right to be forgotten,” this allows you to request the deletion of your personal data under certain conditions. You can ask us to erase your personal data when it’s no longer needed for the purposes for which it was collected, if you have withdrawn your consent and there is no other legal ground, or if you object to processing and we have no overriding legitimate grounds, among other reasons. Note that this right is not absolute – we may have legal obligations or other legitimate grounds to retain some data (for example, we cannot delete data that we must keep by law, such as certain transaction records).

  • Right to Restriction of Processing (Art. 18 GDPR): You can ask us to restrict (i.e. lock down) your data so that it’s only stored and not further processed, in certain circumstances. This applies, for instance, if you contest the accuracy of your data (for a period enabling us to verify it), or if the processing is unlawful but you oppose deletion and request restriction instead, or if we no longer need the data but you require it for the establishment, exercise, or defense of legal claims.

  • Right to Data Portability (Art. 20 GDPR): Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller (e.g. another service provider). You can also ask, where technically feasible, that we transfer your data directly to the other provider. This right is intended to give you more control over your data across different services.

  • Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that we perform based on a legitimate interest (Art. 6(1)(f)). If you lodge an objection, we will review it and typically stop processing the data for that purpose, unless we demonstrate compelling legitimate grounds for the processing that override your interests, or unless we need to continue processing for the establishment, exercise, or defense of legal claims. Right to object to direct marketing: If your personal data are processed for direct marketing purposes, you have the right to object at any time to such processing. This is an absolute right – if you object to processing for direct marketing, we will stop using your data for that purpose immediately. For example, if you object to receiving marketing emails or postal mail, we will put you on a do-not-contact list.

  • Right to Withdraw Consent (Art. 7(3) GDPR): If we are processing your data based on your consent, you have the right to withdraw that consent at any time. The withdrawal will not affect the lawfulness of processing that was done before you withdrew consent, but it means we will stop the processing going forward. For instance, you can unsubscribe from our newsletter (withdraw consent to email marketing) or turn off analytics/marketing cookies (withdraw consent to tracking) at any time.

  • Right to Lodge a Complaint (Art. 77 GDPR): If you believe that we have infringed data protection laws when processing your data, you have the right to file a complaint with a data protection supervisory authority, particularly in the EU country where you reside, where you work, or where the alleged infringement occurred. For example, if you live in Germany, you can complain to the data protection authority of your German state. We would, of course, appreciate the chance to address your concerns directly before you approach a regulator, but you are free to do so. In Berlin (where our company might be based), the supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit). Their contact details: Alt-Moabit 59-61, 10555 Berlin, Germany, Tel. +49 30 13889-0.

Exercising your rights: You can contact us at any time to exercise the above rights, for example by sending an email to info@newniche.com. There is no cost for you to exercise these rights (aside from any network or postage fees in sending us the request). We will respond to your request as soon as possible, generally within one month as mandated by GDPR. This period may be extended by two further months if necessary, taking into account the complexity and number of requests, but we will inform you if an extension is needed. We may need to verify your identity to ensure that your data isn’t disclosed to someone else – for instance, we might ask for you to send the request from the email address associated with your account or order, or we might ask for other identification if necessary.

Please note that these rights are not absolute. Each right can be subject to certain legal conditions and exceptions. If we cannot comply with a particular request (for example, if you ask us to delete data we are required by law to keep), we will explain the reasons.

7. Updates to this Privacy Policy

This Privacy Policy is current as of 07. Oktober 2025. We may update or modify this policy from time to time to reflect changes in our practices or relevant laws. If we make material changes, we will notify you by (for example) posting a notice on our website or contacting you via email (if appropriate), and by updating the “last updated” date on this document. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Last updated: 07. October 2025.