Information collected during the sale:
When selling a product via the Nexway shopping cart, we collect the minimum necessary information (your first name, last name, address, as well as your e-mail address) in order to establish the proof of purchase and to fulfill our obligation.
This information is transmitted to the publisher or vendor operating your online store, in order to provide you with the purchased product (usually in the form of a product activation key or download link). Nexway and its partner contractually undertake to treat your data with respect for your privacy in accordance with the European directive called “GDPR” (also called “General Data Protection Regulations”). If the basket offers you to subscribe to an optional marketing product, your consent is then transmitted to Nexway’s partner. If the shopping cart does not offer an optional marketing product or if you have not chosen this option, then your e-mail will under no circumstances be used for marketing purposes (see below the marketing processing section).
These data can also be used in the context of aggregated and anonymous reporting on the activity of the online shop. This ratio is called “sales statistics” and allows for example to calculate the average basket of our customers (as for example: “The average basket of our customers is 49 euros or the average basket in Picardy Region is 53 euros”»). Your data will then have been used for the calculation of this statistic, but this counting does not imply any tracking on our part.
Development of ‘PERSONA’:
We use our customers’ data to create ‘persona’. The persona are fictional characters supposed to represent a part of our customers.
For example, if we know that 15% of our customers are women living in the city centre and 14% are single men living in peri-urban areas, our analysis teams will create two fictional characters: Julie and Valerian. These persona are work tools that allow product and marketing teams to develop product strategies accordingly. Your data can thus be used for the elaboration of such a persona but there is no specific identification of your person.
Marketing Processing :
If you have chosen to receive personalized information and offers by ticking the box provided for this purpose, we carry out algorithmic processing using your data to enable us to propose exclusive offers likely to interest you. You can decide to unsubscribe at any time by clicking on the link in the related e-mail.
Geolocation for VAT or Cart language application purposes:
When you use the Nexway shopping cart, your IP address is used to geolocate you for VAT purposes. Geolocation only concerns the application of VAT. Geolocation data is stored for less than 72 hours and is accessible only through Nexway’s marketing algorithms. Unlike other treatments, it is not possible to oppose geolocation for VAT purposes because Nexway has the legal obligation to prevent fraud. The geolocation can also sometimes be carried out punctually during the connection in order to lead you towards the appropriate language.
In these two processes there is no storage of your geolocation information (except the VAT rate or the language used for your purchase). We do not store your position.
Collection of your data by third parties:
Nexway and the owner of the online store use third parties to analyze your navigation on the site on behalf of Nexway. The data collected and their processing by third parties are subject to the same rules of protection of your privacy as if they had been collected by Nexway directly. Third parties contractually commit to Nexway to respect the rules of protection of your data.
Personal Accounts :
Please note that in case Nexway provides you with access to a personal account, this can be synchronized with your personal account of the Partner site.
Abandoned shopping cart :
For service reasons, Nexway may save your unfinished shopping cart to allow you to complete your purchase later and send you an email allowing you to resume your purchase. The data thus collected is kept out of reach of any marketing process. It is kept for a maximum period of 72 hours after which it is destroyed.
Data retention :
The data collected is stored securely at Nexway. Data retention periods differ according to the nature of the processing. For example, the accounting or legal department must keep proof of purchase for a period of 10 years in order to comply with anti-fraud laws. In contrast, the data retention period for a marketing algorithm for which you have consented to personalized offers is set at three years after your last purchase.
Please find below a table summarizing the retention periods of your data:
|Type of treatment||Delay|
|Accounting or Legal||10 years|
|Marketing||3 years after last purchase|
|Sales Statistics||5 years|
|Shopping Cart||72 hours|
Any personal information provided or collected while visiting the Site or the Store or while ordering Nexway Products is controlled by Nexway AG located at Vincenz-Priessnitz Strasse 3, Karlsruhe 76131 Germany or Nexway Inc. Located at 236, 8th street – San Francisco, CA 94103 USA, who act as data Controller (Hereinafter referred to as “Nexway”).
Nexway has adopted global data practices to ensure that your Personal Information is adequately protected. Please note that Personal Information may be transferred, accessed and stored for the uses and disclosure described in this document.
Nexway’s affiliates have entered into and signed agreements to transfer Personal Information in accordance with the European Union’s standard clauses relating to the transfer of Personal Information to third countries.
1/ Personal Information
“Personal Information” is personally identifiable information such as names, addresses, e-mail addresses or telephone numbers and other non-public information associated with the above.
We collect the following Personal Information that you voluntarily submit to us:
- When you access our Site or our Store, certain additional information is automatically collected and saved on protocol files (known as usage data). This information includes your Internet Protocol (IP) address. We may use this information for internal purposes such as determining certain Shop settings (such as language and location), maintaining our operational capability, preventing fraudulent access to our ordering service or analyzing usage patterns.
- In order to purchase Products at the Store, you must provide (and we collect) your name, address, email address and any financial information necessary for billing (or any part thereof). The information required for billing depends on the payment method selected and may include the credit card number, card verification code, account number, billing postal code or any other information required in connection with the selected payment methods.We collect your postal code for fraud investigation, tax calculation, processing and after-sales service of your transaction. Under no circumstances do we transmit your postal code for advertising or other purposes unrelated to the transaction for Products and Services offered on our Site.In addition, we do not exchange your postal code in connection with other data, we do not link it to records outside the scope of the transaction and we do not use it ourselves for advertising purposes.
- On some sites, we give users the ability to provide us with account registration information. This information may include, but is not limited to, name, address, email address and password.
- If you complete any of the Site or Shop contact forms, we collect your name, company name (if necessary), country and email address, a description of your support request and any other information you choose to provide.
- When you contact us by e-mail or telephone or use any of the e-mail addresses or telephone numbers provided on the Site, we collect any personal information that you may voluntarily provide to us in connection with this communication.
- As part of Nexway’s personalized services, your data, subject to your consent, will be used for advertising, market research and customization of electronic services. Unsubscribe instructions will accompany each newsletter.
2 / Automatic data collection and analytical information
We receive and store certain types of information each time you interact with us. This automatic data exchange between your browser and our server when you access our pages informs us of the browser you use, the date and time of your visit, the name of your Internet Service Provider (ISP), the website you use to visit us and which of our Websites you visit.
The information we automatically collect is referred to as “Analytical Information”. Analytical Information is information that is not associated with or related to your Personal Information. Analytical Information therefore does not allow the individual identification of persons.
We may use this Analytical Information for internal purposes, such as maintaining our operational capacity, preventing fraudulent access to our Site or our Store or analyzing usage patterns, to improve our Site. We also reserve the right to use and disclose Analytical Information at our discretion, but we guarantee that you will remain anonymous as an individual.
We automatically collect information using various technologies such as those described below:
- Cookies and other tracking technologies
We have established partnerships with other companies to advertise either on the Store or on other sites. These partners may use technologies such as cookies to collect information about your activities in the online store and on other sites, in order to provide you with advertisements based on your research and interests. You have the option to disable cookies, if you do not want this information to be used for personalized advertising purposes. Please note that this will not prevent the reception of advertisements. You will continue to receive generic ads.
- Google Analytics
Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and the Internet.
In addition, Google may also transfer this information to third parties if required to do so by law or if such third parties process the information on Google’s behalf.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can find more information about Google Analytics here.
- Personal information from other sources
We may receive Personal Information about you from other sources such as telephone or fax, or from third parties who provide services to us in connection with the Store/Sites. We may add this information to information we have already collected from you through the Store or the Site.
3/ Disclosure of personal information
- Supplier of Products from a Boutique
- By Choice
We collect information on behalf of the supplier of the Products. If you are a customer of one of the Product suppliers and no longer wish to be contacted, please contact that supplier directly. If you are a customer and wish to update your account (if applicable) or transaction data, please contact us through our customer service. We will respond to your request within a reasonable time.
- Third-party suppliers and service providers
In order to avoid non-payment, we reserve the right to obtain creditworthiness information from third parties for certain payment methods (direct debits, purchase orders), e.g. on the basis of mathematical statistical processes. In this case, you will be explicitly informed during the ordering process.
In the event of non-payment of a direct debit transaction that is not due to cancellation by the account holder, we reserve the right to report your account information (account number, bank routing number) to a third party who will save these items in a blocking file and send them to other affiliates to the direct debit procedure. The block will be removed after payment of the invoiced amount.
- Government law enforcement authorities and agencies
We may disclose information we have collected from and about you (including Personal Information) if we believe in good faith that such disclosure is necessary to:
- Comply with applicable laws or respond to subpoenas or warrants;
- Protect and defend our rights or property, or those of visitors to the Store and Site and our customers, as well as third parties;
- In some cases, we may be required to disclose personal data in response to a legitimate request from government, including to meet national security or law enforcement requirements. For tax-exempt orders from certain EU countries, your address may be forwarded to the relevant tax authorities to establish that your VAT identification number is correct.
- Commercial change
4/ Exporting and processing personal data outside the European Union Member States
We hereby declare that for the purposes of processing your order, your data may be transferred through us to our U.S.-based subsidiary or to Product suppliers that are established outside the European Union in countries that, to date, do not generally have a level of data confidentiality recognized as complying with European Union standards.
Please note that Nexway’s affiliates have entered into and signed International Personal Information Transfer Agreements, which allow your data to be processed in accordance with European Union regulations regarding the transfer of Personal Information to third countries.
5/ Data security and confidentiality
6/ Transport Layer Security Protocol
All access to the Nexway Store order pages is made using Transport Layer Security (TLS) technology, which encrypts the Personal Information you provide during the order process. Thus, confidential data is protected from interception by third parties and your Personal Information is transferred through this secure channel. To ensure this level of security, our systems use a certificate that conforms to standard e-commerce practices. This certificate is issued by a trusted security provider. All standard Internet browsers are compatible with this technology and automatically accept certificates from trusted providers. However, please note that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.
7/ Credit card data
Nexway is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) to enhance payment card data security and provide a secure e-commerce environment for our customers. The PCI DSS establishes requirements for network architecture, software development, security management and other proactive measures essential to ensure the security of payment card transactions. Each year, a qualified security expert thoroughly reviews Nexway’s procedures to ensure our compliance with strict PCI regulations.
Thus, we only display the last four digits of your credit card number when confirming an order. Of course, we transmit the entire credit card number to the entity responsible for processing the payment concerned when processing the order. In accordance with PCI DSS requirements, this transfer is secured according to the TLS standard.
8/ Correction and consultation of personal data
If you wish to review, correct, block or delete your stored Personal Information, please send us a brief request in writing, by post or by e-mail (see below). Upon request, we can tell you whether or not we have your Personal Information. In the event that, despite our efforts to maintain correct and up-to-date data, incorrect information has been saved, we will amend it at your request. You will usually receive a response from us within thirty (30) days after receiving your request.
To learn more about the issue of storing Personal Information about you and the nature of such data or other matters surrounding data privacy, please contact our Data Privacy Officer in writing at following address:
Nexway AG Data Protection Officer
Walbecker Str. 53
D – 47608 Geldern
9/ Data retention
Nexway will retain personal data that we process on behalf of our customers for as long as necessary to provide our services. Nexway will retain and use this Personal Information as necessary to fulfill legal obligations, resolve disputes and enforce our contracts.
Upon termination of your contractual relationship with Nexway and upon your request, your data (including Personal Information) will be permanently blocked in Nexway’s internal systems and then deleted at the end of the legally required retention periods (see table summarizing retention periods in the foregoing introduction section).
Please note that any deletion of your Personal Information applies only to data about you as an individual. Nexway shall in no event be liable for any termination of your account or deletion related to the deletion of your Personal Information or personal data.
When we delete Personal Information we have collected from you, it will be deleted from our active databases, but may remain in our records. These are strictly confidential in order to prevent any unauthorized access or treatment.
10/ Links to other websites
11/ Protection of personal data of minors
In principle, persons under the age of eighteen (18) must not transfer Personal Information to us for marketing canvassing purposes. We do not intentionally request, collect or transfer Personal Information about minors. With the exception of the particular case where a minor makes an online purchase from a bank account in his name and for which personal data is collected only for the purpose of proof of purchase.
In the event that the Nexway shopping cart does not collect the age of the person, the latter is deemed to be of legal age.
Notice to Residents of the United States :
We do not intentionally collect or retain information from visitors to the Site under the age of thirteen (13).