Privacy Policy

Effective Date: 20.12.2024 
Applicable to: NEW WORLD GUARDIANS Website and Marketplace

1. Overview

This Privacy Policy explains how NWG-NFT GmbH, operating under NEW WORLD GUARDIANS, collects, uses, stores, shares, and protects personal data when you:

  • visit our website

  • use our marketplace

  • create or use a customer account

  • place an order

  • contact us

  • subscribe to our newsletter

  • interact with us on social media

  • inquire about or purchase a NEW WORLD GUARDIANS NFT

For the purposes of this Privacy Policy:

  • we”, “us”, and “our” refer to NWG-NFT GmbH

  • you” refers to any visitor, customer, vendor, newsletter subscriber, social media user, or NFT buyer whose personal data we process

We process personal data in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR) and applicable Austrian data protection law.

2. Controller

The controller responsible for the processing of personal data is:

NWG-NFT GmbH
Dr. Karl Renner Promenade 30/1/4
3100 St. Pölten
Austria

Email: support@newworldguardians.com

3. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed in connection with:

  • the NEW WORLD GUARDIANS website

  • the Shopify-based marketplace

  • purchases of physical products

  • customer accounts

  • communication through email, forms, or social media

  • newsletter subscriptions and marketing communication

  • vendor onboarding and vendor management

  • wishlist functionality and website preferences

  • social media interaction

  • NFT inquiries and NFT purchases handled directly through support

This Privacy Policy does not apply to third-party websites, apps, blockchain explorers, wallets, payment providers, shipping carriers, or social media platforms that operate under their own terms and privacy policies.

4. Categories of Personal Data We Process

Depending on how you interact with our services, we may process the following categories of personal data.

4.1 Website Visitor Data

When you visit our website, we may process:

  • IP address

  • browser type and version

  • operating system

  • device information

  • language settings

  • visited pages

  • referrer URL

  • date and time of access

  • technical status codes

  • cookie and consent preferences

  • locally stored website preferences, such as wishlist data

4.2 Customer Data

When you place an order through our marketplace, we may process:

  • full name

  • billing address

  • shipping address

  • email address

  • phone number

  • order details

  • payment status

  • delivery information

  • communication related to the order

We do not generally store full payment card data ourselves. Payment data is processed by the payment methods and payment providers made available at checkout.

4.3 Customer Account Data

If you create or use a customer account, we may process:

  • account login details

  • account preferences

  • saved addresses

  • order history

  • customer account settings

Customers are responsible for maintaining the confidentiality of their login credentials.

4.4 NFT Inquiry and NFT Purchase Data

If you contact us regarding NEW WORLD GUARDIANS NFTs or purchase an NFT through our support team, we may process:

  • name

  • email address

  • wallet address

  • communication history

  • payment confirmation

  • transaction-related details

  • blockchain transaction reference, where applicable

NFT purchases are currently handled directly through communication with our support team. We process the personal data necessary to provide information, organize the purchase, confirm payment, and transfer the NFT to the wallet address provided by the buyer.

4.5 Vendor Data

If you apply to become or operate as a vendor on our marketplace, we may process:

  • company name

  • contact person

  • business address

  • email address

  • phone number

  • VAT number and tax information

  • payout-related information

  • product and certification information

  • vendor communication records

4.6 Newsletter and Marketing Data

If you subscribe to our newsletter or marketing communications, we may process:

  • name

  • email address

  • consent records

  • subscription status

  • interaction data, such as opens or clicks, where enabled and lawful

4.7 Communication Data

When you contact us through email, forms, or social media, we may process:

  • name

  • email address

  • phone number, if provided

  • message content

  • attachments

  • related communication history

5. Purposes of Processing

We process personal data for the following purposes.

5.1 Website Operation and Security

To operate, maintain, secure, and improve our website and services, including:

  • ensuring website functionality

  • detecting technical issues

  • managing consent preferences

  • preventing misuse, fraud, and security incidents

  • improving performance and usability

5.2 Order Processing and Customer Service

To process marketplace orders and provide related support, including:

  • processing orders and payments

  • coordinating fulfilment and delivery

  • handling returns and refunds

  • responding to support requests

  • documenting customer communication

5.3 Vendor Management

To evaluate vendor applications, onboard vendors, manage vendor relationships, and administer compliance and operational matters.

5.4 Marketing and Newsletter Communication

To send newsletters, updates, offers, and other marketing communications where legally permitted or where you have provided consent.

5.5 Communication Handling

To respond to inquiries, process contact requests, and communicate with you regarding orders, returns, vendor matters, NFT inquiries, or other requests.

5.6 NFT Inquiry, Sale, and Transfer

To respond to NFT-related requests, communicate terms, confirm payment, and transfer NFTs to the wallet address provided by the buyer.

5.7 Legal Compliance and Enforcement

To comply with legal obligations, maintain business records, defend legal claims, and enforce our contractual rights and platform policies.

6. Legal Bases for Processing

We process personal data on one or more of the following legal bases.

6.1 Performance of a Contract (Art. 6(1)(b) GDPR)

Where processing is necessary to perform a contract with you or take steps at your request before entering into a contract, for example:

  • processing marketplace orders

  • handling returns and refunds

  • onboarding vendors

  • processing NFT purchases arranged through support

6.2 Legal Obligation (Art. 6(1)(c) GDPR)

Where processing is necessary to comply with legal obligations, including:

  • tax and accounting duties

  • consumer protection obligations

  • fraud prevention and legal recordkeeping

  • responding to lawful requests from authorities

6.3 Legitimate Interests (Art. 6(1)(f) GDPR)

Where processing is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms, for example:

  • operating and securing our website

  • improving services and usability

  • preventing abuse and fraud

  • responding efficiently to support inquiries

  • maintaining communication with customers and vendors

  • presenting our company and services on social media

6.4 Consent (Art. 6(1)(a) GDPR)

Where you have given consent, for example:

  • newsletter subscriptions

  • non-essential cookies

  • marketing and analytics technologies where consent is required

  • certain optional sign-in or advertising features, if activated

You may withdraw your consent at any time with effect for the future.

7. Sharing of Personal Data

We may share personal data with selected recipients where necessary for the purposes described above.

7.1 Payment Providers

Payment-related data may be processed by payment providers made available at checkout or otherwise agreed for a transaction.

7.2 Shipping and Logistics Providers

For physical orders, delivery data may be shared with shipping and courier providers to enable fulfilment and delivery.

7.3 Marketplace Vendors

If you purchase a product from an independent marketplace vendor, we may share the personal data necessary to fulfil the order with the respective vendor, including:

  • name

  • delivery address

  • order details

  • contact data where necessary for fulfilment or support

Independent vendors may also process personal data under their own legal responsibilities, for example for fulfilment, accounting, legal compliance, or customer service.

7.4 IT, Hosting, and Website Service Providers

We use service providers for website hosting, store infrastructure, analytics, communication tools, data storage, technical support, and website security.

7.5 Newsletter, Marketing, and Analytics Providers

Where used, personal data may be processed through email marketing, analytics, and advertising tools in order to manage subscriptions, measure campaign performance, and improve communication and marketing efficiency.

7.6 Legal and Regulatory Authorities

We may disclose personal data where necessary to comply with legal obligations, respond to lawful requests, protect legal claims, or enforce our rights.

8. Cookies, Local Storage, and Similar Technologies

We use cookies and similar technologies, including local storage, to operate our website and improve the user experience.

8.1 Types of Technologies Used

These may include:

  • essential cookies, required for website and checkout functionality

  • analytics technologies, used to understand website usage and performance

  • marketing technologies, used to measure campaigns or personalize ads, where permitted

  • local storage, used for preferences such as wishlist functionality

8.2 Wishlist Function

Our website offers a wishlist feature. When you save items to your wishlist, technical data about those items may be stored locally in your browser using local storage.

This data remains on your device and is used to display your saved items when you revisit the website.

8.3 Cookie Choices

Where legally required, non-essential cookies and similar technologies are used only with your consent. You can manage your cookie preferences through our consent tools and, to some extent, through your browser settings.

9. Analytics and Advertising Technologies

We may use analytics and advertising technologies to understand website usage, measure marketing effectiveness, and improve our services.

9.1 Analytics Technologies

Where used, analytics technologies may help us evaluate:

  • website traffic

  • page performance

  • user behavior

  • campaign effectiveness

9.2 Advertising and Tracking Technologies

Where used, we may work with advertising and social media platforms such as:

  • Meta (Facebook / Instagram)

  • TikTok

  • other advertising partners

These technologies may help us understand ad performance, build audiences, and improve the relevance of our marketing.

9.3 Consent for Non-Essential Tracking

Where legally required, non-essential analytics and marketing technologies are only used after consent has been given. Consent can be withdrawn at any time with effect for the future.

10. Social Media and Third-Party Platforms

We maintain profiles on social media platforms such as Instagram, Facebook, LinkedIn, TikTok, and similar services in order to communicate with our community and present our services.

When you visit or interact with our social media pages, personal data may also be processed by the respective platform provider under its own responsibility. Depending on the platform and the function used, separate or shared data protection responsibilities may apply.

Our presence on social media is based on our legitimate interest in communication, visibility, and user engagement.

If you wish to exercise data protection rights relating to data processed directly by a social media platform, you may also need to contact the platform provider directly, as we have limited influence over their processing activities.

11. International Data Transfers

Some service providers or platforms we use may process personal data outside the European Economic Area.

Where personal data is transferred to countries without an adequacy decision, we seek to rely on appropriate safeguards where required by law, such as:

  • Standard Contractual Clauses

  • additional contractual or technical measures where appropriate

  • other lawful transfer mechanisms

12. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention periods may vary depending on the type of data and the legal or operational purpose.

As a general rule:

  • customer and order data may be retained for the duration of the customer relationship and thereafter for legally required retention periods

  • vendor data may be retained for the duration of the business relationship and applicable retention periods

  • communication data may be retained for as long as necessary to handle the request and document business communications

  • newsletter data may be retained until you unsubscribe or until we no longer lawfully use it

  • NFT-related inquiry and transaction data may be retained for as long as necessary to document the transaction, comply with legal obligations, and respond to follow-up questions or disputes

We do not use outdated whitelist or mint registration data as the basis of our current NFT sales workflow.

13. Data Security

We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

These measures may include:

  • encrypted connections

  • access controls

  • internal authorization management

  • secure hosting environments

  • backup procedures

  • technical monitoring and security reviews where appropriate

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Your Rights

Subject to applicable law, you may have the following rights regarding your personal data:

  • right of access

  • right to rectification

  • right to erasure

  • right to restriction of processing

  • right to data portability

  • right to object, especially to direct marketing

  • right to withdraw consent at any time where processing is based on consent

  • right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates data protection law, you may lodge a complaint with the competent supervisory authority. In Austria, this is the Österreichische Datenschutzbehörde.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

The current version will be published on our website. Where required, we will provide additional notice.

16. Contact

If you have any questions about this Privacy Policy or about the processing of your personal data, please contact:

NWG-NFT GmbH
Dr. Karl Renner Promenade 30/1/4
3100 St. Pölten
Austria

Email: support@newworldguardians.com