Privacy Policy
Effective Date: 8.10.2024
This Privacy Policy describes how NEW WORLD GUARDIANS STORE (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from http://www.newworldguardians.com/ (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully.
1. General Provisions
1.1. Data Protection Compliance
The protection of your personal data is of utmost importance to NWG-NFT GmbH. We comply with the Austrian Federal Act concerning the Protection of Personal Data (DSG), the EU General Data Protection Regulation (GDPR), and the Telecommunications Act (TKG). These laws ensure lawful, fair, and transparent processing of your data. NWG-NFT GmbH commits to treating your personal data confidentially and ensuring its protection at all times through appropriate organizational and technical measures.
1.2. Scope of the Policy
This Privacy Policy applies to:
- The Sustainable and Vegan Marketplace (hosted on Shopify), where both NWG-NFT GmbH and external vendors offer goods for sale. The Marketplace platform ensures a secure shopping experience for users by leveraging Shopify’s secure hosting infrastructure and PCI DSS-compliant payment gateways.
- The NFT/Web3 Platform (hosted on World4You), which facilitates the sale of digital works of art in the form of NFTs (non-fungible tokens). The platform supports secure transactions for buyers and sellers of digital assets using Ethereum wallet integration.
- The whitelisting and registration process related to participation in NFT drops and purchases through the platform. We collect necessary information to register users for exclusive NFT drops and ensure the protection of digital asset ownership.
- Our email marketing activities, managed through Shopify and Klick-Tipp, including newsletters, promotional emails, and offers. Shopify’s built-in marketing tools and Klick-Tipp’s GDPR-compliant email services allow us to send personalized and secure marketing messages to our subscribers.
- Any interaction you have with us via our Website, newsletter, contact forms, social media platforms, and other services.
1.3. Amendments and Updates
We regularly review and update this Privacy Policy to reflect changes in our services and to ensure compliance with legal requirements. Amendments will be published on our Website. It is your responsibility to check this Privacy Policy periodically for updates. Your continued use of our services after such changes constitutes your acknowledgment and acceptance of the updated Privacy Policy.
2. What Is Personal Data?
Personal data refers to any information related to an identified or identifiable individual. This includes, but is not limited to:
- Identification Data: Your name, email address, telephone number, postal address, and identification numbers (e.g., VAT number for vendors).
- Financial Data: Payment details (e.g., credit card information, bank details, transaction amounts, and dates). Financial data is securely processed through Shopify Payments, PayPal, or Stripe, using PCI DSS-compliant protocols for all online payments.
- Online Identifiers: IP addresses, cookies, and unique Ethereum wallet addresses (in the context of NFT transactions). Ethereum wallet addresses are crucial for processing NFT purchases and ensuring the secure transfer of ownership.
- Transaction Data: Details regarding purchases and sales through the Marketplace (Shopify) and NFT platform (World4You), such as timestamps, product data, and payment confirmations. Shopify's secure servers manage transaction data for both physical and digital purchases, and World4You provides secure data storage within EU-compliant data centers.
We are committed to protecting your personal data across these platforms, ensuring that both online identifiers and transaction data are processed securely.
3. Categories of Data Processed
We process personal data depending on your interaction with our platform, whether you are a Website user, customer, vendor, or NFT buyer. The categories of personal data we collect and process include:
a. Data Collected from Website Users
When you browse or use our Website, we collect:
- Technical Data: Your IP address, browser type, operating system, device information (e.g., screen resolution and device model), and general usage patterns. This data is used for security purposes, performance optimization, and troubleshooting across the Shopify Marketplace and the World4You NFT platform.
- Referrer Information: Websites or links that referred you to our platform.
- Session Data: Duration and frequency of visits, as well as the specific pages visited on our Shopify and World4You Websites. We use Shopify Analytics and Google Analytics integrated with World4You to better understand user behavior and improve your browsing experience.
b. Data Collected from Customers (Including NFT Buyers)
For customers and NFT buyers, we process the following personal data:
- Personal Identification Data: Your full name, address, email address, phone number, and Ethereum wallet address, which are required for registration, whitelisting, and purchases. Shopify handles your personal data for purchases made on the Marketplace, while the World4You NFT platform manages your Ethereum wallet information for NFT transactions.
- Transaction Data: Your payment details (e.g., credit card number, transaction history, and shipping information for physical goods), processed through Shopify Payments. Shopify’s PCI DSS compliance ensures that your credit card and financial data are protected throughout the payment process.
- Whitelist and NFT Purchase Data: Ethereum wallet addresses, timestamps of registration, whitelist status, and purchase data for NFTs, processed via the World4You platform. Your wallet address is securely stored and processed to verify NFT ownership and facilitate purchases.
- Delivery Information: Shipping addresses for the physical delivery of products from the Shopify Marketplace. We ensure that shipping addresses are only shared with third-party delivery providers like DHL and UPS, who are committed to safeguarding your personal data.
c. Data Collected from Vendors
For vendors operating on our Marketplace, we collect:
- Business Information: Company name, address, VAT number, and sustainability certifications (as required for participation in the Marketplace). Shopify allows us to securely manage vendor business data within its platform, ensuring privacy and compliance with GDPR.
- Financial Data: Bank account information, commission statements, and details of payments received for goods sold. Shopify securely processes vendor payouts and provides comprehensive financial reports while maintaining the security of vendor data.
- Product Data: Information about the products offered for sale, including compliance with sustainability standards, product descriptions, and pricing.
d. Newsletter and Marketing Data
For users subscribing to our newsletter or promotional emails, we collect:
- Name and email address for marketing communication purposes, including newsletters, offers, and product updates, handled via Klick-Tipp and Shopify. Both platforms are designed to be GDPR-compliant and allow for secure data handling, ensuring that your marketing preferences are respected.
- Newsletter Interaction Data: Data on how you interact with our marketing emails (e.g., open rates, clicks), collected through Klick-Tipp to improve our marketing strategies. Klick-Tipp’s tracking features ensure that we can better tailor our communications to your interests.
e. Data Collected via Communications
When you contact us through forms on our Website, email, or social media, we process:
- Contact Data: Name, email, and any additional information provided in your communication (e.g., phone number, and the content of your message).
4. Purposes of Processing
We process personal data for the following purposes:
a. Website Operation
We process data to ensure the smooth functioning of our Shopify and World4You platforms, including troubleshooting issues, preventing fraudulent activities, and optimizing your user experience. This data also helps us to ensure the security of our platforms and protect our Websites from unauthorized access or cyberattacks.
b. Account Creation and Whitelisting
We process data for user registration and whitelisting for NFT drops and Marketplace access. This includes gathering data to verify your identity, ensure compliance with our policies, and facilitate your participation in NFT transactions and purchases through our Marketplace hosted on Shopify and our NFT platform hosted on World4You.
c. Order Fulfillment
We collect and process your data to fulfill orders placed through the Marketplace and to manage NFT transactions. This includes processing your payment details, confirming purchase orders, and facilitating the delivery of products. Shopify provides the infrastructure for secure transactions on the Marketplace.
d. Vendor Management
We process vendor data to manage product listings, process commissions, ensure compliance with regulations (e.g., sustainability certifications), and settle financial transactions. Vendor information is also used to ensure that product descriptions and certifications meet the required legal standards.
e. Marketing and Newsletters
We use your personal data (e.g., name and email) for marketing purposes, provided you have given your consent. This includes sending newsletters and special offers related to our products and services. Klick-Tipp and Shopify provide robust email marketing tools, ensuring that your consent is recorded, and preferences are honored. You may withdraw your consent at any time, and you will be removed from our marketing communications.
f. Communications
We process data when you contact us for customer support or general inquiries. This enables us to respond to your questions and provide the necessary assistance.
5. Legal Basis for Data Processing
We process your personal data on the following legal bases, in accordance with GDPR and Austrian law:
- Performance of a Contract (Article 6(1)(b) GDPR): Processing is necessary for the performance of contracts (e.g., sales through Shopify).
- Legal Obligations (Article 6(1)(c) GDPR): Processing data to comply with legal obligations, such as tax and accounting requirements, consumer protection laws, and dispute resolution regulations.
- Legitimate Interests (Article 6(1)(f) GDPR): For improving our services, fraud prevention, and ensuring platform security. Shopify’s built-in analytics tools provide us with data to improve the user experience.
- Consent (Article 6(1)(a) GDPR): For sending newsletters or using non-essential cookies. You can withdraw your consent at any time through Klick-Tipp or our Website.
6. Data Sharing with Third Parties
We may share your personal data with third-party service providers such as:
a. Payment ProvidersWe share transaction data with trusted payment processors such as Shopify Payments, PayPal, and Stripe to facilitate payments on the Marketplace. Shopify is PCI DSS compliant, ensuring secure processing of payment data.
b. Delivery Services
For physical products purchased through Shopify, we share shipping details with third-party couriers (e.g., DHL, UPS) to ensure delivery. These couriers are bound by contracts that ensure your personal data is handled securely and used solely for the purpose of delivering products.
c. IT and Hosting Services
Both Shopify and World4You securely host and manage our platforms. These providers may have access to technical data necessary for system maintenance, security, and backup services. Shopify's hosting and servers include encryption, access control, and automatic backups, while World4You provides data storage within secure, GDPR-compliant data centers in Austria.
d. Email Marketing Services
We use Klick-Tipp and Shopify's built-in marketing tools for email campaigns, managing consent, and delivering newsletters. Both platforms are GDPR-compliant and ensure that your email data is securely stored and processed according to your preferences.
e. Legal Compliance
7. Cookies and Third-Party Tools
We use cookies and similar tracking technologies on Shopify and World4You to enhance your browsing experience. Types of cookies include:
- Essential Cookies: Required for the operation of our Website.
- Analytics Cookies: We use tools like Google Analytics on World4You and Shopify's own analytics tools to analyze Website traffic and user behavior.
- Marketing Cookies: We use cookies to personalize ads on social media platforms and track user interactions.
Cookie management is available through banners on both Shopify and Word Press sites, allowing you to opt into or out of cookies in compliance with GDPR requirements.
8. Social Media and Third-Party Platforms
We maintain an active presence on social media platforms such as Facebook, Instagram, Twitter, and LinkedIn to engage with our community and provide updates on our services.
a. Data Processing by Social Networks
When you visit our profiles or interact with our content on these platforms, your personal data may be processed by the platform operators outside of the European Union. This can increase the risk of data processing falling outside the scope of GDPR protections.
b. Legal Basis for Processing
The processing of personal data is based on our legitimate interest in effective communication and user information in accordance with GDPR Article 6(1)(f).
c. Data Subject Rights on Social Media: If you wish to exercise your rights under GDPR (e.g., access, rectification, or deletion of data) with respect to data processed on social media platforms, we recommend that you contact the platform operators directly. We have limited access to data processed by these platforms.
Below are details about the platforms we use:
-
Facebook: We operate a Facebook Fanpage on the platform "Facebook", run by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When visiting our Facebook page, Facebook processes your data regardless of whether you have a Facebook account. For more information, please refer to the Facebook Privacy Policy.
Facebook provides us with statistical data on the usage of our Fanpage through the Facebook Insights feature. This helps us improve our content and align it with user interests. We have no direct influence over the creation of these statistics, as the data is entirely processed by Facebook.
- Instagram: We maintain a profile on Instagram.com, also run by Meta Platforms Ireland Ltd. For more information on data processing on Instagram, please refer to the Instagram Privacy Policy.
Like Facebook, Meta processes your data every time you visit our Instagram page, even if you do not have an Instagram account. The Instagram Insights feature provides us with anonymized usage data to better understand the reach and interactions of our posts. -
Twitter: Our website integrates functions of Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For more information on data processing by Twitter, please refer to the Twitter Privacy Policy.
You can adjust your privacy settings on Twitter in the account settings under Twitter Settings.
- LinkedIn: We also maintain a company profile on LinkedIn, run by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Personal data is processed by LinkedIn when you visit our LinkedIn page, regardless of whether you have a LinkedIn account. LinkedIn processes data for purposes such as reach measurement, personalized advertising, and market research. The LinkedIn Privacy Policy provides more information.
Through the LinkedIn Insights feature, we receive anonymized statistical evaluations about the usage of our company page, helping us understand the reach of our posts and better tailor our content to users' needs. If you do not want LinkedIn to use your data for profile creation, you can log out of your LinkedIn account before visiting our page or adjust the settings in your LinkedIn profile accordingly.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal obligations. Retention periods vary depending on the nature of the data and the purpose for which it was collected.
- Customer Data: Retained for the duration of the customer relationship and for up to seven years afterward to comply with tax and legal requirements.
- Vendor Data: Retained for the duration of the business relationship and the statutory retention period thereafter.
- Transaction Data: Retained for the duration necessary to complete transactions, including NFT purchases and physical product deliveries.
- Whitelist Data: Retained until the completion of the NFT drop or as long as necessary for legal purposes.
- Newsletter Data: Retained until you opt-out of receiving marketing communications.
10. Data Security
We implement industry-standard security measures across Shopify, World4You, and Klick-Tipp, including encryption, firewalls, and access controls, to protect your personal data from unauthorized access or disclosure. Shopify provides SSL encryption for all transactions, and World4You ensures secure hosting for the NFT platform with daily backups, firewall protection, and GDPR-compliant data centers located in Austria.
We regularly review our security measures to ensure they remain effective and aligned with industry best practices.
11. Your Rights Under GDPR
As a data subject, you have several rights under the GDPR, including:
- Right to Access: You can request a copy of the data we hold about you.
- Right to Rectification: You can ask us to correct any inaccuracies in your personal data.
- Right to Erasure: You have the right to request that your data be deleted when it is no longer necessary for the purposes for which it was collected.
- Right to Object: You may object to the processing of your data for certain purposes, such as direct marketing.
- Right to Data Portability: You may request your personal data in a structured, machine-readable format and transfer it to another controller.
- Right to Withdraw Consent: You can withdraw your consent for data processing at any time without affecting the lawfulness of processing carried out before the withdrawal.
12. Contact Information
For any questions or concerns regarding this Privacy Policy or your personal data, please contact us at:
NWG-NFT GmbH
Dr. Karl Renner Promenade 30/1/4
3100 St. Pölten, Austria
Email: support@newworldguardians.com