Privacy policy

Privacy Policy

As of: December 4, 2023

Table of Contents

Responsible Party

Never Broke Again
Ouiam Aissaoui
c/o IP-Management #21823
Ludwig-Erhard-Str. 18
20459 Hamburg

Email: in**@nb**********.com
Phone: +49 162 2834874
Imprint: https://nba-official.com/impressum/

Overview of Processing

The following overview summarizes the types of processed data, the purposes of their processing, and the data subjects involved.

Types of Processed Data

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication, and procedural data

Categories of Data Subjects

  • Users

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Security measures
  • Administration and response to inquiries
  • Provision of our online services and user-friendliness
  • Information technology infrastructure

Applicable Legal Basis

Applicable Legal Basis under the GDPR: The following provides an overview of the legal basis of the GDPR on which we process personal data. Please note that, in addition to the regulations of the GDPR, national data protection provisions may apply in your or our country of residence or business location. If specific legal bases are relevant in individual cases, we will inform you of them in this privacy policy.

  • Contractual fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Note on the Applicability of GDPR and Swiss FADP: These data protection notices are intended to serve as information under both the Swiss Federal Act on Data Protection (Swiss FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that, for broader spatial applicability and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms used in the Swiss FADP, such as “processing” of “personal data,” “overriding interest,” and “sensitive personal data,” the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. The legal meaning of the terms will still be determined according to the Swiss FADP within the scope of its applicability.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to the data, input, transfer, securing availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, deletion of data, and responses to data risks. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, according to the principle of data protection through technology design and privacy-friendly default settings.

TLS/SSL Encryption (https): To protect the data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Deletion of Data

The data we process will be deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other permissions lapse (e.g., if the purpose for processing this data has ceased or it is no longer necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person. Our privacy notices may contain further information on the retention and deletion of data, which will apply primarily to the respective processing operations.

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly as outlined in Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw consent at any time.
  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to access this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with the legal requirements, to request the completion of the data concerning you or the rectification of incorrect data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with the legal requirements, to request the immediate erasure of data concerning you, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to Data Portability: You have the right to receive the data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, in accordance with legal requirements, or to request that it be transmitted to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR, without prejudice to any other administrative or judicial remedy.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or used functions of an online service. Cookies can also be used for different purposes, e.g., for the functionality, security, and convenience of online services, as well as for creating analyses of visitor flows.

Notice on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except where this is not required by law. Consent is not required, in particular, if storing and retrieving information, including cookies, is absolutely necessary to provide a telemedia service (i.e., our online service) expressly requested by the users. Essential cookies typically include cookies with functions that ensure the display and operability of the online service, load balancing, security, storage of user preferences, and choices or similar purposes related to the provision of the main and ancillary functions of the online service requested by the users. The revocable consent is clearly communicated to the users and includes information about the respective cookie usage.

Information on Legal Bases under Data Protection Law: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies will be based on our legitimate interests (e.g., in the business operation of our online service and its improvement) or, if required for the fulfillment of our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. The purposes for which the cookies are processed by us will be clarified in the course of this privacy policy or as part of our consent and processing procedures.

Storage Duration: The following types of cookies are distinguished regarding the storage duration:

  • Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, the data collected using cookies may be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Information on Withdrawal and Objection (so-called “Opt-Out”): Users can withdraw their given consents at any time and object to processing in accordance with legal requirements. Users can, for example, restrict the use of cookies in their browser settings (which may also restrict the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be declared through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Provision of Online Services and Web Hosting

We process the data of users to provide them with our online services. To do so, we process the IP address of the user, which is necessary to deliver the content and functions of our online services to the user’s browser or end device.

  • Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status); Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online service and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
  • Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Registration, Login, and User Account

Users can create a user account. During registration, the required mandatory information is communicated to users and processed for the purpose of providing the user account based on contractual obligations. The processed data includes, in particular, the login information (username, password, and email address).

In the course of using our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a rule, this data is not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed via email about processes that are relevant to their user account, such as technical changes.

  • Types of Processed Data: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Administration and response to inquiries; Provision of our online service and user-friendliness.
  • Legal Basis: Contractual fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit time, and other details regarding the use of our online service, as well as being combined with such information from other sources.

  • Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online service and user-friendliness.
  • Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further Information on Processing Procedures, Processes, and Services:

Created with a free privacy generator by Dr. Thomas Schwenke