Privacy Policy

This English translation is provided for convenience only. In the event of any discrepancy, the German version of this privacy policy shall prevail.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) is:

Winter Automotive GmbH
Hausstattfeld 9b
6370 Kitzbühel
Austria
Email: support@nohalfsends.shop

Customer service, logistics, shipping and the technical operation of the webshop are carried out on behalf of the controller by German eTrade GmbH, Antonstraße 3c, 01097 Dresden, Germany, acting as a processor pursuant to Art. 28 GDPR.

For questions, suggestions or to exercise your data protection rights, you can reach us at any time at support@nohalfsends.shop.

2. General Information on Data Processing

The protection of your personal data is important to us. We process personal data exclusively in accordance with the GDPR, the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act 2021 (TKG 2021). For users located in Germany, we additionally observe the requirements of the German Telecommunications Digital Services Data Protection Act (TDDDG) when accessing end devices.

Depending on the purpose of processing, the legal bases are:

• Art. 6(1)(a) GDPR – your consent (e.g. newsletter, marketing cookies, tracking),
• Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures (e.g. orders, customer account),
• Art. 6(1)(c) GDPR – compliance with legal obligations (e.g. tax retention requirements),
• Art. 6(1)(f) GDPR – our legitimate interests (e.g. IT security, fraud prevention).

3. Hosting, Shop Platform and Server Log Files

Our online shop is operated on the basis of the e-commerce platform Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. Personal data that you enter in our shop (e.g. order and contact data) is processed on Shopify's infrastructure. This may involve transfers to Shopify Inc. in Canada and to group companies in the USA. An adequacy decision of the European Commission exists for Canada; transfers to the USA take place on the basis of the EU-US Data Privacy Framework or standard contractual clauses pursuant to Art. 46 GDPR. We have concluded a data processing agreement with Shopify pursuant to Art. 28 GDPR. In addition, Shopify processes certain data about your interactions with our shop – where applicable together with data from interactions with other Shopify merchants – for its own purposes, for example for fraud prevention, to provide Shop Pay and to improve the Shopify services. To the extent that Shopify processes data for these own purposes, Shopify itself is the controller under data protection law; information on this and the option to exercise your data subject rights vis-à-vis Shopify can be found at privacy.shopify.com. Further information: Shopify Privacy Policy.

Each time you access our website, information transmitted by your browser is automatically recorded in so-called server log files as part of the hosting:

• IP address,
• date and time of access,
• page accessed or name of the file retrieved,
• browser type and requesting domain,
• amount of data transferred,
• notification of whether the access was successful.

This processing is carried out on the basis of Art. 6(1)(f) GDPR due to our legitimate interest in the stability, security and functionality of our website. Storage takes place as part of the hosting by Shopify; log data is deleted or anonymized as soon as it is no longer required for these purposes. The data is not combined with other data; however, we reserve the right to have log data reviewed retrospectively if there are concrete indications of unlawful use.

4. Encryption

To protect the confidentiality of your data, we use state-of-the-art TLS encryption (HTTPS) when transferring your data.

5. Cookies and Consent Management

We use cookies and comparable technologies (e.g. pixels, local storage) on our website. Cookies are small text files that are stored on your end device.

Strictly necessary cookies (e.g. shopping cart session, login status, consent status) are used on the basis of Sec. 165(3) TKG 2021 and Sec. 25(2) TDDDG, as they are essential for the operation of the shop; the associated data processing is based on Art. 6(1)(b) and (f) GDPR.

All non-essential cookies – in particular for statistics, marketing and personalization – are used exclusively with your prior consent via our consent banner (Sec. 165(3) TKG 2021, Sec. 25(1) TDDDG, Art. 6(1)(a) GDPR). You can revoke or adjust your consent at any time with effect for the future by reopening the cookie settings via the corresponding link in the footer of our website. Declining non-essential cookies does not restrict your use of the shop.

6. Orders, Customer Account and Correspondence

As part of the ordering process, we process the data required for selecting, ordering, paying for and delivering the products, in particular surname, first name, delivery and billing address, email address and details of the chosen payment method. The legal basis is Art. 6(1)(b) GDPR. The data is transmitted in encrypted form.

You can optionally create a customer account. Registration serves to improve our service, to carry out pre-contractual measures and to perform and invoice the contract (Art. 6(1)(b) GDPR). Upon termination of the customer account, the account-related data will be deleted, unless commercial, tax or administrative retention periods prevent this.

Personal data that you provide to us via contact form, email or other channels is processed exclusively for correspondence with you and for the purpose for which you provided the data to us.

Your data is only disclosed to third parties to the extent necessary for delivery and payment, where a legal obligation exists, or where this is necessary for the assertion of legal claims (including disclosure to legal advisors and authorities). Categories of recipients include in particular:

• IT service providers to ensure security and operation,
• payment service providers for processing payments,
• transport and shipping service providers for delivery,
• tax and legal advisors as well as authorities, where required by law.

Data processing agreements pursuant to Art. 28 GDPR are in place with service providers acting on our behalf. Transfers to third countries only take place to the extent necessary for the performance of the contract or where a suitable data protection mechanism pursuant to Chapter V GDPR exists.

7. Payment Service Providers

Depending on the chosen payment method, we transfer the data required for payment processing to the respective payment service provider. The legal basis is Art. 6(1)(b) GDPR.

• Credit card (Shopify Payments): Credit card payments are processed via Shopify Payments, a service of Shopify International Limited, Dublin, Ireland. Your payment data is transmitted to Shopify and the underlying payment processor. Further information: Shopify Privacy Policy.
• PayPal: The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. Further information: PayPal Privacy Statement.
• Klarna: The provider is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. If you select a Klarna payment method, we transfer the data required for processing (e.g. name, address, order data) to Klarna. Depending on the chosen payment method (e.g. invoice, installments, instant payment), Klarna carries out an identity and credit check under its own responsibility. Further information: Klarna Privacy Policy.

8. Fraud Prevention

The information provided when placing an order may be used to check whether an atypical ordering process has occurred (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). We have a legitimate interest in carrying out such checks. The legal basis is Art. 6(1)(f) GDPR.

9. Newsletter (Mailchimp)

When you subscribe to our newsletter, we use your email address for our own advertising purposes on the basis of your consent (Art. 6(1)(a) GDPR) until you unsubscribe. Registration takes place via a double opt-in procedure: after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address.

You can unsubscribe at any time via the unsubscribe link in the newsletter or using the following contact details, without incurring any costs other than the transmission costs at basic rates: email support@nohalfsends.shop, telephone +49 351 89 570 650. After unsubscribing, we will delete your email address from the distribution list, unless you have expressly consented to further use of your data or a legally permissible other use is reserved.

The newsletters are sent via Mailchimp, a service of Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA. The email addresses of our newsletter recipients are stored on Mailchimp servers in the USA. Mailchimp uses this information exclusively on our behalf to send and analyze the newsletters. A data processing agreement including the EU standard contractual clauses is in place with Mailchimp; Intuit/Mailchimp is also certified under the EU-US Data Privacy Framework. Further information: Intuit/Mailchimp Privacy Statement.

10. Product Recommendations for Existing Customers

As an existing customer, you will receive email recommendations from us for our own products that are similar to those you have already purchased. You will receive these recommendations regardless of whether you have subscribed to our newsletter. For this purpose, we use the email address you provided at the time of purchase. The legal basis is Art. 6(1)(f) GDPR in conjunction with Sec. 174(4) TKG 2021 and Sec. 7(3) of the German Act Against Unfair Competition (UWG).

11. Meta Pixel and Conversions API (Facebook/Instagram)

If you have given your consent, we use the Meta Pixel and the Conversions API of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Meta") on our website. This allows us to measure the effectiveness of our advertisements on Facebook and Instagram (conversion tracking) and to show you interest-based advertisements (custom audiences/retargeting). The data processed includes in particular event data relating to your use of our shop (e.g. page views, viewed products, purchases) as well as technical identifiers; with the Conversions API, event data is transmitted to Meta server-side.

For the collection and transmission of this event data, we are joint controllers with Meta within the meaning of Art. 26 GDPR; the essential contents of the agreement are available here: Meta Controller Addendum. Meta is solely responsible for the subsequent processing. The legal basis is exclusively your consent pursuant to Art. 6(1)(a) GDPR and Sec. 165(3) TKG 2021 / Sec. 25(1) TDDDG; you can revoke your consent at any time via the cookie settings. Data transfers to the USA take place on the basis of the EU-US Data Privacy Framework. Further information: Meta Privacy Policy and Ad Preferences.

12. Fonts

For a consistent presentation, we use fonts that are provided via our shop platform Shopify and its content delivery network. No connection to servers of Google Fonts or other external font providers is established in this process.

13. Social Media Profiles and Links

On our website, we link to our profiles on social networks (in particular Instagram, TikTok, YouTube, Facebook/Meta). These are simple links, not embedded plugins or videos – no data is transmitted to the networks when you merely visit our website. Only when you follow a link do the privacy policies of the respective provider apply:

• Meta (Facebook/Instagram): facebook.com/privacy/policy
• TikTok: tiktok.com/legal/privacy-policy
• YouTube/Google: policies.google.com/privacy
• X (formerly Twitter): x.com/en/privacy

14. Storage Period

We store personal data only for as long as is necessary for the respective purpose. Where commercial, tax or administrative retention periods apply (in Austria in particular pursuant to Sec. 132 of the Federal Fiscal Code (BAO) and Sec. 212 of the Commercial Code (UGB), in Germany pursuant to Sec. 147 of the Fiscal Code (AO) and Sec. 257 of the Commercial Code (HGB)), the storage period for the data concerned is up to 7 years (Austria) or up to 8 or 10 years (Germany). After expiry of these periods, the data will be deleted, unless a further legal basis exists.

15. Your Rights as a Data Subject

Subject to the statutory requirements, you have the following rights:

• access to the personal data we process about you (Art. 15 GDPR), in particular regarding the purposes of processing, the categories of data, the recipients and the planned storage period,
• rectification of inaccurate data (Art. 16 GDPR),
• erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• withdrawal of any consent given, at any time with effect for the future (Art. 7(3) GDPR), without affecting the lawfulness of the processing carried out prior to the withdrawal.

To exercise your rights, an informal message to support@nohalfsends.shop is sufficient. You also have the right to lodge a complaint with a data protection supervisory authority – in Austria with the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna (dsb.gv.at); you may also contact the supervisory authority of your habitual place of residence.

No automated individual decision-making, including profiling within the meaning of Art. 22 GDPR, takes place.

16. Links to Third-Party Websites

We occasionally link to third-party websites. Despite careful selection, we cannot accept any responsibility for their content or the data security of these websites. This privacy policy does not apply to linked third-party websites.

17. Changes to This Privacy Policy

We will adapt this privacy policy whenever the legal situation, our data processing or the services we use change. The current version is available on this page.

Version: 12 June 2026
© 2026 Winter Automotive GmbH