Privacy Policy

1. Data Controller

Adversign Media GmbH
Immermannstrasse 12
40210 Duesseldorf
Germany

Phone: 0211-78178988691
Email: support@viewneo.com
Website: www.viewneo.com

Managing Director: Manfred Luedtke
Data Protection Officer: Sebastian Neumann
Data protection contact: datenschutz@adversign-media.de

2. General Information on Data Processing

We collect and process personal data only to the extent necessary to provide our online shop, fulfil orders and meet legal obligations. Processing is based on the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal bases for processing are in particular:

• Art. 6(1)(b) GDPR – performance of a contract and pre-contractual measures
• Art. 6(1)(c) GDPR – compliance with legal obligations (e.g. tax retention requirements)
• Art. 6(1)(f) GDPR – legitimate interests (e.g. operation and security of the shop)

3. Personal Data Collected

3.1 At Checkout

The following data is collected at checkout to the extent necessary to fulfil the contract:

• Email address
• First and last name
• Company name (mandatory for B2B)
• Billing address (street, postcode, city, country)
• Shipping address (street, postcode, city, country)
• VAT ID (optional, for intra-Community supplies)
• Order note (optional message to our shipping team, e.g. delivery time or recipient instructions – stored as an internal note on the invoice, not shown on the printed PDF)

This data is used for invoicing, shipping, tax handling (reverse-charge procedure for EU B2B) and the legally required retention.

3.2 At Login

We use a passwordless login method (Magic Link) for the customer area. Only your email address is collected. A one-time, time-limited login link (valid for 15 minutes) is sent to your email address. No passwords are stored.

3.3 In the Customer Area

Once logged in, you can view your past orders and download invoices as PDF. The data shown (name, company, email, invoice history) is retrieved from our accounting systems.

4. Cookies and Local Storage

This shop only uses cookies and local storage that are technically necessary. No tracking, analytics or marketing cookies are used. Separate consent is therefore not required (Art. 5(3) ePrivacy Directive).

The session cookie contains a signed token (JWT) carrying your email address, name and company assignment. It is readable only server-side (httpOnly) and transmitted over an encrypted connection (Secure).

5. Payment Processing (Stripe)

We use Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA) for payment processing. Your payment data (e.g. credit-card number) is transmitted directly to Stripe; we never have access to the full payment data.

The following data is transmitted to Stripe:

• Email address
• Billing and shipping address
• Company name and, where applicable, VAT ID
• Ordered products and amounts

Processing by Stripe is based on Art. 6(1)(b) GDPR (performance of a contract). As Stripe, Inc. is headquartered in the United States, this constitutes a transfer to a third country. We have concluded EU Standard Contractual Clauses (SCC) under Decision 2021/914 with Stripe and a Data Processing Agreement (DPA) under Art. 28 GDPR. Based on a Transfer Impact Assessment (TIA) following Schrems II, we have assessed the associated risks and put supplementary technical and organisational measures in place (TLS encryption, pseudonymisation of transmitted data points, limitation to the data strictly required for contract performance). Stripe is additionally certified under the EU-US Data Privacy Framework (DPF).

Stripe privacy policy: stripe.com/privacy

6. Processors and Third-Party Services

6.1 Zoho Corporation (EU data centre)

We use services of Zoho Corporation (Estrada Vicente Ferrer, Saldanha, 1050-265, Lisbon, Portugal / EU data centre) for customer management, invoicing and inventory. The following Zoho services are in use:

• Zoho CRM – customer management (name, email, company, address). When a Magic Link login mail is sent, an internal activity entry (“Magic Link sent”, with timestamp) is also stored on the contact record – solely for audit and security purposes (login attempts per account).
• Zoho Books – invoicing and accounting (invoice data, payments, VAT ID, internal order note).
• Zoho Inventory – inventory management (product stock; no personal data)

Customer data is stored in Zoho's EU data centre (server location: EU). Administrative or technical support access by Zoho staff outside the EU takes place exclusively on the basis of EU Standard Contractual Clauses (SCC). Processing is based on a Data Processing Agreement (DPA) under Art. 28 GDPR.

6.2 Quivo (Logistics Provider)

We work with Quivo for order fulfilment and shipping. When you place an order we transmit the data needed for delivery to Quivo:

• Name and company name
• Shipping address
• Email address
• Phone number (if provided)
• Ordered items and quantities
• Order reference

The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Processing is based on a Data Processing Agreement (DPA) under Art. 28 GDPR.

6.3 VIES (European Commission) – VAT ID Validation

If you provide a VAT identification number (VAT ID) during checkout, we validate it via the European Commission's MIAS/VIES system. The VAT ID and country code are transmitted to a service of the EU Commission. This is required by law (§ 18e UStG) and serves the correct VAT treatment (reverse-charge procedure under § 13b UStG).

Legal basis: Art. 6(1)(c) GDPR (legal obligation).

More information: ec.europa.eu/taxation_customs/vies

6.4 Photon (Komoot) – Address Autocomplete

On the bank-transfer order page we offer address autocomplete to help avoid typos. As you type into the “street and house number” field, our server (not your browser) sends the letters you have entered to the geocoding service Photon of Komoot GmbH (Wattstrasse 11, 13355 Berlin, Germany) and offers the returned address suggestions for you to choose from.

Because the requests are proxied via our server, your browser establishes no direct connection to Photon. No cookies are set and no browser fingerprints or tracking data are transmitted to Photon. Only the typed search term (e.g. “Immermannstr”) and the IP address of our server are transmitted to Photon.

Photon is based on OpenStreetMap data and operated by Komoot GmbH in Germany. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in error-free address capture).

More information: photon.komoot.io

6.5 “Lato” Font (Self-Hosted)

The “Lato” font used on this website is loaded locally from our own server (next/font). There is no connection to Google or any other third-party server; your IP address is not transmitted to third parties.

7. Email Sending

We send transactional emails exclusively in connection with order processing:

• Login links – one-time, time-limited link to log into the customer area
• Order confirmations – sent after a successful order
• Invoices – automatic delivery of the invoice after a successful order

Transactional email sending is performed via the SMTP service Google Workspace of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; parent: Google LLC, USA). The recipient email address, sender, subject and message content (e.g. login link, order confirmation, invoice) are transmitted. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). We have concluded a Data Processing Agreement (DPA / Google Workspace Data Processing Amendment) under Art. 28 GDPR with Google. As access by Google LLC in the United States cannot be ruled out, the transfer to a third country is based on EU Standard Contractual Clauses (SCC) under Decision 2021/914 and Google LLC's certification under the EU-US Data Privacy Framework (DPF). Based on a Transfer Impact Assessment (TIA) following Schrems II we have assessed the associated risks and put supplementary measures in place (TLS-encrypted delivery, limitation to transactional content, no tracking pixels). Promotional newsletters are sent only after separate consent in a double-opt-in procedure via Zoho Campaigns (see section 7a).

7a. Newsletter (Zoho Campaigns)

When you subscribe to our newsletter, your email address, the date of subscription and the IP address at the time of subscription are transmitted to our processor Zoho Corporation B.V. (Beneluxlaan 4B, 3527 HS Utrecht, Netherlands) and processed via the Zoho Campaigns service. Data is hosted exclusively in EU data centres.

Legal basis: your express consent under Art. 6(1)(a) GDPR and § 7(2)(3) UWG.

Double opt-in: after you enter your email address you receive a confirmation mail with a link. Your address is added to the newsletter distribution list only after you click the confirmation link. Without confirmation your address is automatically deleted after 30 days.

Withdrawal of consent: you may withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out up to that point (Art. 7(3) GDPR). The unsubscribe link is at the bottom of every newsletter or you can email us at datenschutz@viewneo.com.

Note on third-country transfers: Zoho is a global provider; access from third countries (in particular India, USA) by Zoho staff for support and maintenance purposes cannot be ruled out. We have agreed EU Standard Contractual Clauses (SCC) under Decision 2021/914 with Zoho, supplemented by additional technical and organisational measures.

8. Data Security

We use technical and organisational measures to protect your data from unauthorised access:

• SSL/TLS encryption for all data transfers
• Passwordless login (no risk from lost passwords)
• HttpOnly cookies (not readable by JavaScript)
• Access control: invoice downloads only available to the respective customer
• Signed payment confirmation (Stripe webhook signature verification)
• OAuth2 authentication for all access to customer data in third-party systems

9. Retention Periods

• Invoice data: 10 years (statutory retention obligation under HGB/AO)
• Customer master data: for the duration of the business relationship, then 3 years (statute of limitations)
• Login session: 7 days (automatic deletion)
• Login tokens: 15 minutes (automatic deletion)
• Payment data: at Stripe according to their retention policies

10. Your Rights

Under the GDPR you have the following rights with respect to your personal data:

• Access (Art. 15 GDPR) – what data we have stored about you
• Rectification (Art. 16 GDPR) – correction of inaccurate data
• Erasure (Art. 17 GDPR) – deletion of your data, where no statutory retention obligation applies
• Restriction (Art. 18 GDPR) – restriction of processing
• Data portability (Art. 20 GDPR) – release of your data in a machine-readable format
• Objection (Art. 21 GDPR) – objection to processing based on legitimate interests

To exercise your rights please contact: datenschutz@adversign-media.de

11. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority. The competent authority for us is:

Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Duesseldorf, Germany
www.ldi.nrw.de

12. Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.