fbpx
nca mobile

Privacy Policy

Privacy Policy

1. General information

This Privacy Policy explains how we process personal data when you visit our website.
“Personal data” means any information relating to an identified or identifiable person.
We treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR).

2. Controller

Next Commerce Accelerator GmbH
Willy-Brandt-Straße 23
20457 Hamburg
E-mail:

3. Hosting

Our website is hosted by RAIDBOXES GmbH, Hafenstraße 32, 48151 Münster, Germany.
We have concluded a Data Processing Agreement (DPA) with RAIDBOXES to ensure GDPR-compliant processing.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable and secure hosting).

4. Content Delivery Network (CDN)

We use Amazon CloudFront by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg,
to deliver website content quickly and securely.
Data may be transferred to the USA under the EU-US Data Privacy Framework or the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(f) GDPR.

5. Cookies and consent management

We use Cookie Notice & Compliance for GDPR to obtain and record user consent for cookies and similar technologies.
A consent cookie (valid for one month) stores your preferences locally.
Legal basis: Art. 6(1)(c) GDPR (statutory obligation).

Technically necessary cookies (e.g. WordPress session cookies) are set without consent.
Analytics and marketing cookies are activated only after you have given explicit consent (Art. 6(1)(a) GDPR, § 25 (1) TTDSG).
You can withdraw consent at any time via the cookie settings.

6. Analytics and tracking

Google Tag Manager and Google Analytics 4

We use Google Tag Manager and Google Analytics 4 by Google Ireland Limited,
Gordon House, Barrow Street, Dublin 4, Ireland.
These tools help us understand how visitors use our website.
They use cookies and similar technologies that may transfer data to the United States under the EU-US Data Privacy Framework or Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR, § 25 (1) TTDSG (consent).
You can revoke consent at any time.
Further information: Google Privacy Policy.

Hotjar

We use Hotjar Ltd., Level 2, St Julian’s Business Centre, 3 Elia Zammit Street, St Julian’s STJ 1000, Malta,
to analyze user behavior (heatmaps, scrolls, clicks).
This helps us improve usability and content relevance.
Legal basis: Art. 6(1)(a) GDPR, § 25 (1) TTDSG (consent).
You may opt out here: Hotjar Do-Not-Track.
More info: Hotjar Privacy Policy.

Meta (Facebook) Pixel

We use the Meta Pixel (formerly Facebook Pixel) by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland,
to measure conversions and optimize advertising campaigns on Meta platforms.
Data may be transferred to the USA under the EU-US Data Privacy Framework or Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR, § 25 (1) TTDSG (consent).
Consent can be withdrawn anytime.
Meta Privacy Policy: facebook.com/about/privacy.

7. Fonts and media optimization

We use OMGF to self-host Google Fonts locally, ensuring GDPR-compliant font delivery.
We also use Font Awesome (Fonticons Inc., Cambridge MA, USA) for icons, and Imagify to optimize images.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient and uniform presentation).

8. Plugins and integrations

This site uses Contact Form 7 to process form submissions;
data entered is transmitted by e-mail and stored only for handling your request (Art. 6(1)(b) GDPR).
We also use Smash Balloon Instagram Feed to display Instagram content (Meta Platforms Ireland Ltd.).
When loaded, Instagram receives your IP address and browser information.
Legal basis: Art. 6(1)(a) GDPR (consent).

9. Static site generation and caching

We use Simply Static to generate a secure, static version of this website and Performance Lab for optimization features.
These tools do not collect personal data beyond technical logs.
Legal basis: Art. 6(1)(f) GDPR.

10. Rights of the data subject

You have the right to obtain access to, rectification, or deletion of your personal data,
to restrict or object to processing, and to data portability (Art. 15–20 GDPR).
You may withdraw consent at any time.
You also have the right to lodge a complaint with the competent supervisory authority:
Hamburg Commissioner for Data Protection and Freedom of Information.

11. SSL/TLS encryption

We use SSL/TLS encryption to protect data transmitted via this site.
An encrypted connection can be recognized by “https://” and the lock icon in your browser’s address bar.

12. Objection to advertising emails

We object to the use of contact data published within the site notice for sending unsolicited advertising or informational materials.
The operator reserves the right to take legal action in the event of unsolicited communication (e.g. spam).

Menu