Data Protection Policy

1. Miscellaneous

In this privacy policy, we, Nitro AG (hereinafter Nitro), explain, how we collect and process personal data. We as Nitro take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Personal data is all information relating to a specific or identifiable person.

This privacy policy is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is an EU regulation, it is important to us. The Swiss Data Protection Act (DPA) is strongly influenced by EU law, and companies outside the European Union or the EEA have to comply with the GDPR in certain circumstances.

We take adequate technical and organizational measures to protect your personal information from unauthorized access and misuse.

For security reasons and for the protection of the transmission of personal data and other confidential contents (for example inquiries to the person in charge), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the string “https: //” and the lock icon in your browser bar.

1. 1. Persons in charge

Responsible for the data processing which we operate here, is Nitro (Nitro AG, Bösch 104, 6331 Hünenberg, Switzerland). If you have concerns about privacy, you can contact us via the following contact address: Nitro AG, Bösch 104, 6331 Hünenberg, Switzerland, or you contact our customer service via the contact form (this is also the address of our data protection officer according to Art. 37 GDPR).

Our representative in the EEA under Art. 27 GDPR is:

Julian Furtkamp

Email: [email protected]

2. Purpose of the data processing

We primarily use the personal information we collect to enter into and execute our contracts with our customers and affiliates. Of course, if you work for a client or affiliate, you and your personal data may also be affected in regard to this function.

Insofar as you have consented to the processing of your personal data for specific purposes, we process your personal data within the framework of and based on this consent, unless we have a different legal basis and we need one. A given consent can be withdrawn at any time, but this has no effect on already processed data.

3. Data collection when visiting our website

In the case of merely informative use of our website, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect, among others, the following information which are technically necessary for us to display the website: IP address (possibly in anonymized form), MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, features used, referring website, location information.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles if concrete evidence points to unlawful use.

4. Contact

When contacting us (for example via contact form or e-mail), personal data is collected. Which data are collected in case of using a contact form can be seen from the respective contact form. These data are stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter in question is finally clarified and provided that no statutory storage requirements are in conflict.

5. Use of your data for direct advertising

5. 1. Registration for our e-mail newsletter (Nitro Newsletter, Slashers Club)

If you subscribe to our e-mail newsletter, we will send you information about our offers regularly. Mandatory information for sending the newsletter is solely your e-mail address. Mandatory information for signing up for the Slashers Club is your email address, first name, last name, birthday, country, home resort, board make, board model, binding brand, binding model, boat make and boat model. We can use this data to personalize offers about the Slashers Club for you. The specification of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have explicitly confirmed to us that you agree to the sending of the newsletter. We will send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive newsletters in the future.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When subscribing to the newsletter, we will store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when subscribing for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can unsubscribe from the newsletter at any time via the provided link in the newsletter or by sending a message to the person named above. After you unsubscribed, your e-mail address will be deleted immediately from our newsletter mailing list, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage by law about which we inform you in this statement.

5. 2. Newsletter dispatch via MailChimp

The sending of our e-mail newsletters is carried out by the technical service provider The Rocket Science Group, LLC d / b / a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http: //www.mailchimp .com /), which we pass on your data to provided during the newsletter registration. This transfer is made in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in the use of a promotional, secure and user-friendly newsletter system. Please note that your data is usually transmitted to and stored on a MailChimp server in the USA.

MailChimp uses this information for sending and statistical evaluation of the newsletter on our behalf. For the evaluation, the emails sent include so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This way we can determine if a newsletter message has been opened and which links have been clicked. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data are solely collected pseudonymized and are not linked to your other personal data, a direct personal reference is excluded. This data is used for statistical analysis of newsletter campaigns only. The results of these analyses can be used to tailor future newsletters to the interests of the recipient.

If you want to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Furthermore, MailChimp may use this data in accordance with Art. 6 para. 1 lit. f GDPR itself for its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to address them directly or to pass them on to third parties.

To protect your information in the United States, we have entered into a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to allow the transfer of your personal information to MailChimp. If you are interested, this data processing contract is available under the following link: http://mailchimp.com/legal/forms/data-processing-agreement/.

In addition, MailChimp is certified in accordance to the US-European privacy protection agreement “Privacy Shield” and has committed itself to compliance with EU data protection requirements.

You can see the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy/.

5.3 Data transfer when registering for the Slashers Club

When registering for the Slashers Club, we pass on your data to third parties on the basis of legitimate interest. This is necessary to send you prizes, gifts and other goods that you may receive as a member of the Slashers Club and to provide you with offers and notices specific to your country of origin. You can find the third-party provider responsible for your country of origin in our overview of all distributions. If your country of origin does not have a responsible distribution system, this data transfer does not apply.

6. Tools

This website uses the following tools of third parties, which partially transfer data to third parties:

6. 1. Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate (third-party cookies) to recognize your browser at your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address information. Persistent cookies are deleted automatically after a specified period, which may differ depending on the cookie.

Please note that you can adapt your browser settings in such a way that it informs you about the setting of cookies and you can individually decide on their acceptance or you can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:

Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-dispose

Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647

Safari: https://support.apple.com/kb/ph21411?locale=en_US

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

6. 2. Google services

This website uses the following functions of the provider Google: Google Analytics, Google reCAPTCHA, Google Maps, Youtube. In all cases, data will also be transmitted to Google.

Google LLC is based in the US and is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

6. 2. 1 Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and be shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data.

You can prevent the collection of the data generated by the cookie and the data related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser plug-in or for browsers on smartphones, click the link below to disable Google Analytics (this opt-out cookie only works in the browser and for this https://www.nitrousa.com):

For more information about the handling of user data by Google Analytics, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

Click here to deactivate Google Analytics

6. 2. 2 Google reCAPTCHA

On this website, we also use the reCAPTCHA feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated and automatically processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining the individual willfulness of actions on the Internet and the prevention of abuse and spam.

For more information about Google reCAPTCHA and Google’s privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/

6. 2. 3 Google Maps

On our website, we use Google Maps (API) feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to visually display geographic information.

Google stores your data (even of non-logged-in users) in the form of usage profiles and evaluates them. According to Art. 6 (1) (f) of the GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and/or tailor-made design of its website. You have a right to object to the creation of those user profiles and you must address to YouTube to make use of it.

If you disagree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. Google Maps and the map display on this website can not be used in this case.

Google’s Terms of Use can be viewed at http://www.google.com/intl/en/policies/terms/regional.html, and the additional Google Maps

Terms of Use can be found at https://www.google.com/intl/en_US/help/terms_maps.html

For details on privacy related to the use of Google Maps, please visit the Google Privacy Policy: http://www.google.com/intl/en/policies/privacy/

6. 2. 4 YouTube

This site uses the YouTube embedding feature to display and play videos from “YouTube”, which is owned by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

In this case, the extended privacy mode is used, which according to the provider information will start storing user information only when playing the video. When the playback of embedded YouTube videos starts, the provider “YouTube” uses cookies to collect information about user behavior. According to “YouTube” hints, these are used, among other things, to capture video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish such an assignment with your profile on YouTube, you must log out before activating the button. Google stores your data (even of users not logged in) as usage profiles and evaluates them. According to Art. 6 (1) (f) of the GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and/or tailor-made design of its website. You have a right to object to the creation of those user profiles, and you must address to YouTube to use it.

For more information on data protection at “YouTube”, please see the provider’s privacy policy at: https://www.google.com/intl/en/policies/privacy

6. 3 Cloudflare

On this website, we use the Cloudflare CDN (Content Distribution Network) service from Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare offers better global performance through the internal CDN (Content Distribution Network) and additional security against DDoS attacks.

Cloudflare, Inc. is based in the US and is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

For more information about Cloudflare CDN (Content Distribution Network) and Cloudflare’s Privacy Policy, please visit: https://www.cloudflare.com/privacyshield/

7. Data transfer and data transfer abroad

We pass personal data to third parties as part of our business activities and purposes, insofar as permitted and assessed as appropriate by us, either because they process them for us or because they wish to use them for their own purposes. These are in particular the following parties:

• Service providers of ours, including processors (such as DomainFactory, MailChimp, Google, Cloudflare);

all receivers.

These receivers are based partly domestic, but can be anywhere on earth. If we transfer data to a country without adequate legal data protection level, we will provide the appropriate level of protection by means of appropriate contracts (in particular on the basis of the so-called standard contractual clauses of the European Commission, so-called Binding Corporate Rules) or base ourselves on statutory exceptions such as the consent, the execution of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or the protection of the integrity of the data subject. You may request a copy of the above-mentioned contracts at any time from the contact person referred to in point 1 unless otherwise specified above. But we reserve the right to blacken copies or to deliver them only in part for reasons of data protection or confidentiality.

8. Retention period of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued by the processing, so for example for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations. It may be that personal information is stored for the period in which legal claims can be asserted against our Company and to the extent otherwise required by law or legitimate business interests (for example, for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will generally be deleted or anonymized as far as possible.

9. Rights of the data subject

Under the applicable data protection law and insofar as provided therein (as in the case of the GDPR) you have the right of access, rectification, deletion, the right to restrict the processing of data and to object to our data processing and the right of disclosure of certain personal data for the purpose of transmission (so-called data portability). Please note, however, that we reserve the right to enforce the statutory restrictions on our part, for example if we are obliged to retain or process certain data, if we have a predominant interest (as far as we are entitled to rely on it) or if we need them in order to assert legal claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in paragraph 3. Please note that the exercise of these rights may conflict with contractual arrangements and may have consequences such as premature termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (for example, by providing a copy of your ID if your identity is otherwise unclear or can´t be verified). To assert your rights, you can contact us at the address given in paragraph 1.

Each data subject also has the right to enforce their claims before the court or to lodge a complaint with the respective responsible data protection authority. The data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

10. Changes

We may amend this Privacy Policy at any time without notice. The current version published on our website applies. If the Privacy Policy is part of an agreement with you, we will, in the event of an update, notify you of the change by e-mail or by other appropriate means.