top of page

Privacy Policy 

Version: 1.2

Last Updated: 21/02/2025

This privacy policy explains how Namma Snacks (“we”, “our”, or “us”) collects, uses, and protects personal data through its website [www.nammasnacks.de] and associated services, in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG).

1. Introduction

This website is operated by: Namma Snacks. It is very important to us to handle the data of our website visitors with confidence and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR. Below we explain how we process your data on our website.

2. General Information

2.1 Processing of Personal Data and Definitions

Personal data refers to any information relating to an identified or identifiable natural person (Art. 4(1) GDPR). Processing includes any operation performed on personal data, such as collection, storage, use, transmission, or deletion (Art. 4(2) GDPR).

2.2 Applicable Regulations

We comply with the following:

  • GDPR (EU General Data Protection Regulation)

  • BDSG (Federal Data Protection Act)

  • TDDDG (Telecommunications Digital Services Data Protection Act) – applicable to cookie use and similar technologies

 

2.3 Controller

Namma Snacks
Walter-Petri-Ring 49, 65232 Taunusstein, Germany
Email: info@nammasnacks.de

A dedicated Data Protection Officer has not been appointed as we are not legally required to do so (Art. 37 GDPR). You may contact our privacy lead at the above address.

2.4 Data Processing on this Website

Some data is collected automatically, such as your IP address. Other data is collected only with your consent or if provided by you voluntarily. We ensure this data is only processed when legally justified.

2.5 Your Rights

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection to processing (Art. 21 GDPR)

  • Withdraw consent at any time (Art. 7(3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

You may contact us at any time for questions or to exercise your rights.

2.6 Our Commitment to Data Protection

We treat your data responsibly and confidentially. We only process what is necessary, under a legal basis, and delete it once the purpose has been fulfilled or a retention period has expired.

2.7 Disclosure and Deletion

We share data only with service providers acting on our behalf under strict agreements and only where required. Data is deleted when no longer necessary for the original purpose unless statutory retention obligations apply (Art. 17 GDPR).

2.8 Hosting

Our website is hosted by Wix.com Ltd., Israel. This provider ensures data processing complies with GDPR due to an EU adequacy decision for Israel and a signed data processing agreement (DPA). The data is processed under our instruction only.

Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv, Israel
support@wix.com
Privacy Policy: https://www.wix.com/about/privacy

2.9 Legal Basis for Processing

We rely on the following GDPR legal bases:

  • Art. 6(1)(a) – Consent

  • Art. 6(1)(b) – Contract fulfillment

  • Art. 6(1)(c) – Legal obligation

  • Art. 6(1)(f) – Legitimate interest

Each data processing activity below will specify the applicable legal basis.

3. What Happens on Our Website

3.1 Server Log Files

Each time you visit our website, your browser automatically transmits the following information, which is stored in log files:

  • IP address

  • Date and time of access

  • Access status/HTTP status code

  • Referrer URL

  • Browser type and version

  • Operating system

Purpose: Ensuring technical functionality and system security
Legal Basis: Art. 6(1)(f) GDPR
Retention: 14 days unless used in an investigation

3.2 Cookies

We use cookies to improve user experience and analyze web traffic. See our Cookie Declaration for full details.

Cookie Categories:

  • Essential (required for functionality)

  • Functional (preferences, language)

  • Analytics (site usage, Google Analytics)

  • Marketing (Meta Pixel, Google Ads)

Legal Basis:

  • Art. 6(1)(a) GDPR for non-essential cookies

  • §25(2) TDDDG for essential cookies

Manage cookies via our Cookie Settings Panel.

3.3 Contact Forms and Inquiries

When you submit a contact form, we collect your name, email, subject, and message.

Legal Basis: Art. 6(1)(b) and (f) GDPR
Retention: 3–6 months or longer if legally required

3.4 Reviews and Comments

When you submit a product review or blog comment, your name and content may be displayed.

Legal Basis: Art. 6(1)(a) GDPR (Consent)

3.5 Newsletter

We offer a newsletter through Wix. If you sign up, we store your email and optionally name. Tracking includes opens and clicks.

Legal Basis: Art. 6(1)(a) GDPR
Unsubscribe anytime via link in email.

3.6 Wix Chat and WhatsApp

We offer support via:

  • Wix Chat: Captures user location, referrer, and name/email if submitted.

  • WhatsApp Business: User-initiated contact. Subject to WhatsApp’s data policies.

Legal Basis: Art. 6(1)(a), (b), and (f) GDPR

3.7 Analytics and Tracking Tools

Includes:

  • Google Analytics 4 (IP anonymization enabled)

  • Meta Pixel (Joint Controllership agreement with Meta)

  • Google Tag Manager

  • Google Ads, Merchant Center, DoubleClick

  • SEMrush (SEO analytics)

Legal Basis: Art. 6(1)(a) GDPR
Opt-out: Browser plugin, cookie banner settings

3.8 Social Media and Plugins

Platforms: Facebook, Instagram, Pinterest, LinkedIn, Telegram, YouTube, X (Twitter)

Data Sharing: Joint controllership may apply (e.g., Meta Insight Addendum)
Legal Basis: Art. 6(1)(a) GDPR

3.9 CDN and Google reCAPTCHA

We use CDNs and Google reCAPTCHA to secure and optimize the website.

Legal Basis: Art. 6(1)(f) GDPR

4. Data Retention Periods

We store personal data only for as long as necessary to fulfill its purpose, comply with statutory requirements, or until consent is withdrawn.

Data Category

Retention Period

  • Server log data -14 days

  • Contact form/chat inquiries - 3–6 months (unless legal obligation applies)

  • Customer order data-10 years (per AO/HGB requirements)

  • Newsletter subscriber info-Until unsubscribed or deletion request

  • Analytics data (e.g., GA4)-Max 2 years (pseudonymized/aggregated)

  • Review/comment content-Until user deletion request

  • CRM/customer account records-Reviewed annually for relevance

  • WhatsApp chat logs-Until conversation is resolved or requested

 

5. Automated Decision-Making and Profiling

We do not use automated decision-making processes, including profiling, that produce legal effects or significantly affect users (Art. 22 GDPR).

6. Data Security Measures

We take appropriate technical and organizational steps to secure your data:

  • SSL/TLS encryption for secure transmission

  • Secure hosting infrastructure (Wix with DPA & EU compliance)

  • Access control, role management, and user account protections

  • Regular software updates and vulnerability scanning

  • Data minimization and anonymization where possible

 

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify:

  • The supervisory authority within 72 hours (Art. 33 GDPR)

  • Affected individuals without undue delay (Art. 34 GDPR)

 

8. Policy Changes

We may occasionally update this Privacy Policy. The updated version will be available on our website, with significant changes announced via website banner or direct communication.

Current version available at: www.nammasnacks.de/privacy-policy

9. Additional Third-Party Services

9.1 Klarna (Payment Provider)

Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
Privacy Policy: https://www.klarna.com/de/datenschutz/

Data shared: order info, contact, address, payment method Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR

9.2 Stripe (Credit Card Payments)

Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland
Privacy Policy: https://stripe.com/de/privacy

Data shared: name, email, payment details Legal basis: Art. 6(1)(b) GDPR

9.3 DHL (Shipping and Delivery)

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
Privacy Policy: https://www.dhl.de/datenschutz

Data shared: shipping name, address, tracking, contact details Legal basis: Art. 6(1)(b) GDPR

End of Privacy Policy

bottom of page