Everything for boats, yachts, engines, spare parts, and accessories
Free shipping to AT and DE for orders over €170*
Contact: shop@nauticstore24.com
0
0 Items | € 0,00

Privacy Policy

Our Data Protection Principles

  • We strive to collect only the data we really need to provide our services.
  • We operate our own cloud for encrypted data exchange within our organization.
  • Insecure communications (e.g. email) are migrated to secure channels (cloud/encrypted chat) as soon as possible.
  • All portable hard drives are encrypted. Unencrypted USB sticks are used sparingly and only for public data (e.g. presentations, drivers).
  • All mobile devices are encrypted wherever technically possible.
  • Facilities that cannot be encrypted for technical reasons are locked away from public access.
  • Coordinated Vulnerability Disclosure (CVD) / Report a security issue

Collection

Your data is collected either directly by our staff or by you through this portal.

Storage

In the active system, data is stored on servers we control.

In our archive systems, your data resides on encrypted disks and locked servers without regular staff access.

Access & Use

Our employees access your data only through secure, 2-factor-protected portal interfaces.

Deletion & Archiving

You can request deletion of your data from the active system at any time. Data is also deleted automatically when you close your account.

In archives, data is kept for up to 10 years. Individual records cannot be removed from backups for technical reasons and are only accessible by authorized persons after internal training.

Backups are used solely for recovery, debugging, or compliance with lawful requests. They are never used for marketing or restoring data you asked to delete.

Any data disclosure to courts or authorities only occurs after consulting our Data Protection Officer. If legally permissible, we will inform you in advance.

  • Portal backups: up to 10 years
  • Invoice data: up to 10 years
  • Log files: up to 90 days
  • IP addresses of login attempts: up to 90 days
  • Browser info on login attempts: up to 90 days
  • Other backups: up to 90 days

Data Sharing within the EU

We share your data for:

  • Communication (mail, email, phone)
  • Contract fulfillment (e.g. bank details)
  • Lawful court or official requests

Disclosure to courts/authorities only after consulting our DPO, and we will inform you if legally allowed.

Transfers to Third Countries

No planned transfers to non-EU countries, except at your request (e.g. shipping address abroad).

Cookies & External Services

We use cookies, Cloudflare and hCaptcha to ensure functionality, improve service and protect against attacks.

The following essential cookies are set on visit:

  • XSRF-TOKEN: Prevents CSRF attacks
  • laravel_token: CSRF protection
  • portal_name_session: Encrypted session storage
  • remember_web_random: Set when “remember me” is checked
  • browser_authentication: Reduces CAPTCHA prompts

When needed:
Cloudflare: DDoS protection
hCaptcha: Prevents automated login attacks
Vimeo & YouTube: Cookies for video loading
__stripe_mid: Fraud prevention by Stripe
Matomo: Analytics cookies for anonymized stats (see Matomo docs)

Privacy Tips for Browsing

To block tracking cookies, use DuckDuckGo (app or extension) or Privacy Badger with Do Not Track. Note: this may limit functionality.

Your Settings