Privacy Policy

As of: April 2026 · Version 2.0

§ 1 Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is: ND North Distribution GmbH, Trögenölk 6, 24558 Henstedt-Ulzburg, Germany. Email: sales@north-distribution.com. Phone: +49 (0) 4193 8808751.

For further information (management, commercial register, VAT ID), please refer to our Imprint (Impressum).

§ 2 General Information on Data Processing

In principle, we only process our users' personal data to the extent necessary to provide a functional website as well as our content and services. The processing of our users' personal data only takes place with their consent or in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

The legal bases are in particular Art. 6 (1) lit. a GDPR (consent), lit. b (performance of a contract/pre-contractual measures), lit. c (legal obligation), and lit. f (legitimate interests).

Personal data will be deleted as soon as the purpose of storage no longer applies, unless statutory retention obligations (e.g., under the German Commercial Code (HGB) or the Fiscal Code (AO), typically 6 to 10 years) prevent deletion.

§ 3 Hosting (Vercel)

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA (Region: Frankfurt am Main, Germany). When you visit our website, Vercel automatically collects technical data (including IP address, date/time, browser, operating system, referrer URL), which is stored in server log files.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the stable, secure, and high-performance provision of the website).

We have concluded a Data Processing Agreement (DPA) with Vercel pursuant to Art. 28 GDPR. For data transfers to the US, Vercel relies on the EU-U.S. Data Privacy Framework as well as EU Standard Contractual Clauses. Storage period for server logs: typically 30 days.

§ 4 Collection of Access Data (Server Logs)

With every visit to our website, information transmitted by your browser is automatically recorded: IP address (shortened/anonymized where possible), date and time of the request, time zone, content of the request, HTTP status code, amount of data transferred, referrer URL, browser type and version, and operating system.

Legal basis: Art. 6 (1) lit. f GDPR. Our legitimate interest arises from IT security, attack detection, and error analysis purposes.

§ 5 Cookies

We only use technically necessary cookies on our website that are strictly required for its operation. This includes, in particular, saving your language preference (nd-lang).

The legal basis for this is Section 25 (2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG) in conjunction with Art. 6 (1) lit. f GDPR.

A cookie consent banner is not required, as we do not use any cookies or tracking technologies that require consent. Your terminal equipment information is exclusively used for the technical operation of the website.

§ 6 Web Analytics

We use Vercel Analytics and Vercel Speed Insights (provided by Vercel Inc., operating via their EU infrastructure) to understand how our website is used and to monitor page loading performance. Processing is cookie-free, does not involve fingerprinting, and does not store IP addresses — they are only processed in-memory for approximate geographic region detection and then discarded. No personal profiles are created, and no data is shared with advertising networks. Legal basis: legitimate interest pursuant to Art. 6 (1) (f) GDPR (measurement of reach and service improvement). You can object to this processing at any time by contacting us at sales@north-distribution.com.

§ 7 Contact and Contact Form

If you contact us via the contact form, email, or telephone, we process the data you provide (in particular your name, company, email address, telephone number, message content) to answer your inquiry.

Legal basis: Art. 6 (1) lit. b GDPR for pre-contractual or contractual inquiries, otherwise Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).

For the dispatch and delivery of emails via the contact form, we use the service Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany). A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded with Brevo. Brevo's servers are located within the European Union.

Your inquiry data will be deleted as soon as the purpose no longer applies and there are no conflicting statutory retention obligations.

§ 8 Contact via WhatsApp Business

We offer you the option to contact us via WhatsApp Business on our website. The WhatsApp contact button on our website does not redirect you automatically. Before any redirection, a pop-up window is displayed in which you must expressly confirm that you wish to be redirected to WhatsApp. Redirection to the WhatsApp service only occurs after your active confirmation.

The provider of the service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a Meta Group company. Once communication via WhatsApp begins, technical information is processed by WhatsApp or Meta, in particular your phone number, communication metadata (time, device type, IP address), and the contents of the messages you send. The chat contents themselves are secured by end-to-end encryption.

As part of the service, data may be transferred to the US and other third countries to Meta Platforms, Inc. Meta bases these transfers on the EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses under Art. 46 (2) lit. c GDPR.

With regard to processing on its own systems, WhatsApp or Meta acts as an independent data controller within the meaning of Art. 4 No. 7 GDPR. We have no influence over data processing by Meta. For information on data processing by WhatsApp, please refer to WhatsApp's privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea.

The legal basis for the redirection following active confirmation and for the subsequent communication is Art. 6 (1) lit. a GDPR (consent) as well as Art. 6 (1) lit. b GDPR for pre-contractual or contractual inquiries. You can revoke your consent at any time by ceasing communication via WhatsApp or by contacting us via one of our other contact channels.

Please note: We recommend not sending sensitive or confidential information (e.g., payment data, creditworthiness information) via WhatsApp. For such content, please use our regular communication channels via email.

§ 9 Spam Protection (Cloudflare Turnstile, Rate-Limiting)

To protect our forms from automated abuse, we use Cloudflare Turnstile (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Turnstile is privacy-friendly and operates without cookies. Technical information such as IP address, browser signals, and interaction patterns are transmitted for bot detection.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in defending against spam and attacks). For data transfers to the US, EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework are in place.

Additionally, we use rate-limiting via the service Upstash (Upstash, Inc., USA). Here, IP addresses are briefly stored in hashed form (usually up to 1 hour) to prevent abusive access. The legal basis is Art. 6 (1) lit. f GDPR.

§ 10 Newsletter (Double Opt-In)

We use the double opt-in procedure for sending out our newsletter: After registering, you will receive a confirmation email. You will only be added to the mailing list after confirming.

Processed data includes your email address, time of registration and confirmation, and IP address. Legal basis: Art. 6 (1) lit. a GDPR (consent). You can revoke your consent at any time with effect for the future, e.g., via the unsubscribe link in every newsletter. The dispatch service provider is Brevo (see Section 7).

Newsletter success measurement: Our newsletters may contain so-called tracking pixels. This allows us to statistically evaluate whether and when an email was opened and which links were clicked. This data is processed by Brevo to optimize the dispatch. The legal basis for this tracking is your consent (Art. 6 (1) lit. a GDPR), which you grant by subscribing to the newsletter. You can object to the tracking at any time by unsubscribing from the newsletter via the link provided.

§ 11 Customer Management, Order Processing and Logistics (B2B)

When you submit inquiries or place orders with us, we process your inventory, contract, and payment data (in particular names of contact persons, business contact details, delivery and billing addresses, VAT ID, order history).

Customer management / ERP system: We use an internal inventory management or ERP system to manage customer inquiries, orders, and order processing. Insofar as processors are used for this, we have concluded a Data Processing Agreement in accordance with Art. 28 GDPR.

Logistics service providers: To deliver the ordered goods, we pass on your name or the name of your contact person, the delivery address, and – if strictly necessary for delivery notification – your telephone number or email address to the transport companies, carriers, or forwarding agents commissioned by us.

Credit check: If you purchase goods on account or with other payment terms, we reserve the right to carry out a credit check to protect our legitimate interests. For this purpose, we transmit the required personal data to our credit reference agency, Creditsafe Deutschland GmbH, Schreiberhauer Straße 30, 10317 Berlin, Germany. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interest in protection against payment defaults). Further information on data processing by Creditsafe can be found at www.creditsafe.com.

The legal basis for the aforementioned processing operations is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. c GDPR in conjunction with the HGB and AO (statutory retention obligations).

§ 12 Data Transfer to Third Countries

Insofar as we use services from providers outside the EU/EEA (in particular Vercel, Cloudflare, Upstash, and WhatsApp/Meta, USA), the transfer is based on EU Standard Contractual Clauses under Art. 46 (2) lit. c GDPR and, where applicable, the EU-U.S. Data Privacy Framework. We have agreed on appropriate safeguards with these providers.

§ 13 Your Rights as a Data Subject

You have the right at any time to request access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to the processing (Art. 21 GDPR).

Insofar as the processing is based on your consent, you can revoke this at any time with effect for the future (Art. 7 (3) GDPR).

To exercise your rights, please contact: sales@north-distribution.com.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany. Phone: +49 (0) 431 988-1200. Email: mail@datenschutzzentrum.de. Web: https://www.datenschutzzentrum.de.

§ 14 Right to Object to Processing Based on Legitimate Interests

Insofar as we process personal data based on Art. 6 (1) lit. f GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

You can submit your objection informally to sales@north-distribution.com.

§ 15 Data Security

We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. Transmission is encrypted using HTTPS/TLS. Our security measures are continuously improved in line with technological developments.

§ 17 Currency and Modification of this Privacy Policy

This Privacy Policy is effective as of April 2026. Further development of our website or changes in statutory or regulatory requirements may make it necessary to adapt this Privacy Policy. The current version can be accessed at any time on our website at north-distribution.com.

§ 18 Language Clause

This English translation of the Privacy Policy is provided for convenience and informational purposes only. In the event of any discrepancies, contradictions, or disputes regarding the translation, interpretation, or legal meaning of these terms, the original German version of the Privacy Policy (Datenschutzerklärung) shall strictly prevail and be legally binding.

ND North Distribution GmbH · Hamburg, Germany