Privacy policy of Nicolay, Lemke, Cichy GbR (version 2.0; as of 17.07.2023)

Since 25 May 2018, the provisions of the EU General Data Protection Regulation (hereinafter: GDPR) have applied throughout Europe. In the following, we would like to inform you about the processing of personal data carried out by Nicolay, Lemke & Cichy GbR in accordance with this regulation (compare Article 13 DSGVO). Please read our data protection information carefully. If you have any questions or comments about this data protection information, you can send them at any time to this email address: privacy@for-vegans.com

Table of contents

  1. Overview
  2. Name and contact details of the data controller and the company data protection officer
  3. Purposes of data processing, legal bases and legitimate interests pursued by Nicolay, Lemke & Cichy GbR or a third party as well as categories of recipients
  4. Recipients outside the EU
  5. Your rights
  6. Data security





1. Overview

The following data protection information informs you about the type and scope of the processing of so-called personal data by Nicolay, Lemke & Cichy GbR. Personal data is information that can be directly or indirectly attributed to you or can be attributed to you.

The data processing by Nicolay, Lemke & Cichy GbR can essentially be divided into three categories:

  • For the purpose of processing the contract, all data required for the execution of a contract with Nicolay, Lemke & Cichy GbR will be processed. If external service providers are also involved in the processing of the contract, e.g. logistics companies or payment service providers, your data will be passed on to them to the extent necessary in each case.
  • In addition to processing the contract, we also use the data collected from you for the purpose of informing you about new offers and promotions from time to time.
  • When you access the website/application of Nicolay, Lemke & Cichy GbR, various information is exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in the browser of your end device.

In accordance with the provisions of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes.

If you have any questions about our data protection policy, you are welcome to contact our company data protection officer at any time. You can find the contact details below.



2. Name and contact details of the data controller and the company data protection officer

This data protection information applies to data processing by Nicolay, Lemke & Cichy GbR, Coburger Weg 2, 40627 Düsseldorf and to the following websites or applications: www.for-vegans.com. The company data protection officer "Sören Lemke" of Nicolay, Lemke & Cichy GbR can be contacted at the above address, in the name of the Data Protection Department, or at privacy@for-vegans.com.



3. Purposes of data processing, legal bases and legitimate interests pursued by Nicolay, Lemke & Cichy GbR or a third party as well as categories of recipients

3.1. Accessing our website/application

When you access our website/application, information is automatically sent to the server of our website/application by the browser used on your end device and temporarily stored in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:

  • the IP address of the requesting Internet-enabled device,
  • the date and time of access, 
  • the name and URL of the retrieved file, 
  • the website/application from which the access was made (referrer URL), 
  • the browser you use and, if applicable, the operating system of your internet-enabled computer as well as the name of your access provider. 

The legal basis for the processing of the IP address is Article 6(1)(f) DSGVO. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any direct conclusions about your identity from the collected data, nor will we do so.

The IP address of your terminal device and the other data listed above are used by us for the following purposes:

  • Ensuring a smooth connection setup,
  • Ensuring a comfortable use of our website/application,
  • evaluating system security and stability.

The data is stored for a period of 180 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website/application. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.4. 

If you have agreed to the so-called geolocation in your browser or operating system or other settings of your end device, we use this function to be able to offer you individual services related to your current location (e.g. language, currency and freight cost calculation). If you terminate the use, the data will be deleted.

3.2. Conclusion, performance or termination of a contract

3.2.1. Data processing upon conclusion of the contract

The object of activity of Nicolay, Lemke & Cichy GbR is the mediation of sales between vendors and customers and the distance selling of goods and services offered through Nicolay, Lemke & Cichy GbR itself. In this context, we process the data required for the mediation, conclusion, performance or termination of a contract with personal data. This includes:

  • First name, last name
  • Billing and delivery address
  • E-mail address
  • Billing and payment details
  • Date of birth, if applicable
  • Telephone number, if applicable

The legal basis for this is Article 6(1)(b) DSGVO, i.e. you provide us with the data on the basis of the contractual relationship between you, a retailer or us. We are also obliged to process your email address due to a requirement in the German Civil Code (BGB) to send an electronic order confirmation (Article 6(1)(c) DSGVO). Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for the processing of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After the expiry of this period, we keep the information of the contractual relationship required by commercial and tax law for the periods determined by law on the basis of Art. 6 para. 1 lit. c) in blocked form. For this period (regularly six or ten years after the end of the year in which the contract was concluded), the data is processed again solely in the event of an audit by the tax authorities.

The following data processing is also required to process the purchase contract:

We will pass on all necessary payment data to a payment service provider commissioned by us. We pass on details of your delivery address to the relevant retailer or to a logistics company commissioned by us for the purpose of processing the purchase contract. If you agree, we will transmit your e-mail address and, if applicable, your telephone number to the respective retailer or the logistics company commissioned by us in order to ensure that the goods are delivered in accordance with your wishes. The logistics company will contact you in advance of the delivery to inform you of the time of delivery or to coordinate details of the delivery with you. The data will be transmitted solely for this purpose and deleted after delivery has taken place.

3.2.2. Identity, creditworthiness and transmission to credit agencies

Where necessary, we verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) DSGVO. The authorisation for this is based on the protection of your identity and the prevention of fraud attempts at our expense and at the expense of the merchants. The circumstance and the result of our enquiry will be stored in your customer account or guest account for the duration of the contractual relationship.

In the course of the ordering process, we also check your creditworthiness in order to be able to show you only the payment methods that can be used by you. For this purpose, we transmit the following types of data to credit agencies cooperating with us: Name, address, date of birth. The legal basis for this is the following declaration of consent by you within the meaning of Article 6(1)(a) DSGVO:

I hereby consent to the verification of my creditworthiness by Nicolay, Lemke & Cichy GbR. I am aware that the check is carried out at the beginning of the order process and that I can revoke my consent at any time..

You can revoke your consent at any time with effect for the future by sending a declaration to the address given under "Contact". The revocation of consent does not affect the lawfulness of the personal data processed until the revocation. If you do not wish to give the above consent, please inform us accordingly before you initiate the conclusion of your purchase or use the guest order option. In this case, however, we can only offer you payment methods that are not associated with a credit risk for Nicolay, Lemke & Cichy GbR. The circumstance and the result of our request will be added to your customer account for the duration of the contractual relationship.

In the event of a delay in payment, we will transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal bases for this are both Article 6(1)(b) and Article 6(1)(f) DSGVO. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or a possible bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) DSGVO. The legitimate interest required here results from our interest and the interest of third parties in reducing contractual risks for future contracts.

3.3. Data processing for advertising purposes

The following statements refer to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6(1)(f) to be conceivable in principle and a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is necessary for the advertising approach. At Nicolay, Lemke & Cichy GbR, we also follow the principle of deleting data for advertising purposes after 180 days. Please refer to section 3.3.3 for information on how to proceed in the event of your objection.

3.3.1. Advertising purposes of Nicolay, Lemke &Cichy GbR and third parties

If you have concluded a contract with us, we will list you as an existing customer. In this case, we process your postal contact data outside of the existence of a specific consent in order to send you information about new products and services in this way.

3.3.2. Interest-based advertising

To ensure that you only receive promotional information that is of supposed interest to you, we categorise and add further information to your customer profile. Statistical information as well as information about your person (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or supposed needs and not to bother you with useless advertising.

3.3.3. Right of objection

You can object to data processing for the aforementioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. An e-mail or a postal letter to the contact details mentioned under 2. is sufficient for this purpose.

If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time for advertisements and does not mean that we will not implement your objection. Thank you for your understanding.

3.3.4. Newsletter dispatch

On our website and application we offer you the possibility to register for our newsletter. To ensure that no mistakes are made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. The processing of your electronic contact data at this point is based solely on your consent (Article 6(1)(a) DSGVO). You can revoke your consent at any time with effect for the future. To do so, simply send a short note by email to the email address given under 2. or click on the "Unsubscribe" button at the end of each newsletter.

3.4. Online presence and website optimisation

3.4.1. Cookies - General information

We use so-called cookies on our website. If these cookies are personal data, they are used on the basis of Article 6(1)(f) of the Data Protection Regulation. Our interest in optimising our website and also in addressing you in an advertising manner on the basis of your visit to our website is to be regarded as justified within the meaning of the aforementioned provision. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website or that you have already logged into your customer account. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

If you have a customer account with Nicolay, Lemke & Cichy GbR and are logged in or activate the "stay logged in" function, the information stored in cookies will be added to your customer account.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you as well as to display information specially tailored to you. These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their purpose and is not the same for everyone.

3.4.2. Google Analytics

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of our website, such as your IP address, is used to

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,

will be transmitted to and stored by Google on servers in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (so-called IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by using this browser add-on.

3.4.3. Targeting

The targeting measures listed below and used by us are carried out on the basis of Article 6 paragraph 1 letter f DSGVO. By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is oriented to your actual or presumed interests.

3.4.3.1. Onsite-Targeting

On our website, information is collected and analysed using cookies to optimise advertising. This information contains, for example, details of which of our products you were interested in. The collection and evaluation is exclusively pseudonymous and does not enable us to identify you. In particular, the information is not combined with personal data about you. On the basis of this information, we can show you offers on our website that are specifically geared to your interests, as these result from your previous user behaviour. The cookie is automatically deleted after 180 days.

3.4.3.2. Objection/opt-out option

In addition to the deactivation methods described, you can also generally prevent the targeting technologies explained by making the appropriate cookie setting in your browser (see also 3.4.1). You also have the option of deactivating preference-based advertising with the help of the preference manager available here.

3.4.4. Social-Media-Plug-ins

We use social plug-ins from the social networks Facebook, Instagram and Twitter on our website on the basis of Article 6 (1) (f) of the German Data Protection Regulation (DSGVO) in order to raise awareness of our company. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website as best as possible.

3.4.4.1. Facebook

Our website uses so-called plug-ins of the social network Facebook, which is offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition "Like" or "Share". You can find an overview of the Facebook plug-ins and their appearance behind the following link. When you activate such a plug-in (first click), your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the "Like" button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy. If you do not want Facebook to assign the information collected about your visit to our website directly to your Facebook profile, you must log out of Facebook before visiting our website.

3.4.4.2. Instagram

Plug-ins from Instagram Inc. are also integrated on our website. You can recognise the Instagram plug-ins ("Instagram" button) by the Instragram logo and the addition "Instragram". If you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the Instagram server. Instagram thereby receives the information that you have visited our site with your IP address. If you click the Instagram button while you are logged into your Instagram account, you can link the content of our pages on your Instagram profile. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. Functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which you can announce your liking of content and subscribe to the authors of the content or our posts. If you are a member of the Instagram platform, Instagram can assign the call-up of the above-mentioned content and functions to your profile. You can find more information on how Instagram handles user data in the Instagram privacy policy. If you do not want Instagram to be able to associate your visit to our pages, please log out of your Instagram user account.

3.4.4.3. Twitter

Plug-ins of the short message network Twitter Inc. are also integrated on our website. You can recognise the Twitter plug-ins ("Twitter" button) by the Twitter logo (a white bird on a blue background) and the addition "Twitter". When you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thus receives the information that you have visited our site with your IP address. If you click on the Twitter button while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This enables Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information about this here. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account.

3.4.4.4. JivoChat

On our website we offer you the possibility to chat with us in real time using Jivo Chat "JivoSite Inc. Remington Drive, Sunnyvale, CA 94087, USA, (www.jivochat.com)" to chat with us in real time or to leave us messages. The data you provide will be stored by us until your request is completed. Afterwards, the chats are archived for up to two months and then deleted. If an order is placed, your data will be recorded in our customer database.


3.5. Customer account

In order to provide you with the greatest possible convenience when shopping, we offer you the permanent storage of your personal data in a password-protected customer account. The creation of the customer account is voluntary and is based on your consent within the meaning of Article 6 (1) (a) DSGVO. After setting up a customer account, no new data entry is required. In addition, you can view and change your stored data in your customer account at any time.

In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This password is used together with your e-mail address to access your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to unauthorised third parties. We cannot accept any liability for misused passwords, unless we are responsible for the misuse. Please note that you will automatically remain logged in after leaving our website, unless you actively log out. You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data visible in the customer account will be deleted at the same time.

3.6. Contact form

We offer visitors to our website the opportunity to contact us via a contact form. We use the information you provide via the contact form (mandatory information is marked with an asterisk) exclusively for the purpose of processing your request. The legal basis for this is both your consent within the meaning of Article 6(1)(a) DSGVO and Article 6(1)(f) DSGVO. The proper processing of your request is to be regarded as a legitimate interest within the meaning of the DSGVO. If your contact is made in connection with a contractual relationship between you and us, Article 6(1)(b) DSGVO, i.e. this contractual relationship, is also the legal basis for data processing. You can revoke your consent to the use of data explained above at any time with effect for the future free of charge by sending a short message to the contact details given under 1. The lawfulness of the processing based on your consent up to the time of your revocation is not affected by this. However, we would like to point out that it is no longer possible to process your request from the time of a possible revocation. Outside of the existence of a revocation, your data related to the request will be deleted after your request has been processed.


4. Recipients outside the EU

With the exception of the processing described in section 3, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations described in section 3 result in the transmission of data to the servers of the providers of tracking and targeting technologies commissioned by us. These servers are located in the USA.


5. Your rights

5.1. Overview

In addition to the right to revoke your consent given to us, you have the following further rights if the respective legal requirements are met:

  • Right to information about your personal data stored by us pursuant to Art. 15 of the GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you,
  • The right to have incorrect data corrected or to have correct data completed in accordance with Art. 16 DSGVO,
  • Right to delete your data stored by us in accordance with Art. 17 DSGVO insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed,
  • The right to restrict the processing of your data pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion; the controller no longer requires the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 DSGVO,
  • Right to data portability pursuant to Art. 20 DSGVO, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to demand that it be transferred to another data controller
  • The right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

5.2. Right of objection

Under the conditions of Article 21(1) of the GDPR, data processing may be objected to on grounds relating to the specific situation of the data subject.

The above general right to object applies to all processing purposes described in this privacy notice that are processed on the basis of Article 6(1)(f) DSGVO. Unlike the specific right to object to data processing for marketing purposes (see above), under the GDPR we are only obliged to implement such a general objection if you provide us with grounds of overriding importance. Furthermore, you have the option of contacting the supervisory authority responsible for Nicolay, Lemke & Cichy GbR, the data protection officer, Sören Lemke.

If you assert one or more of the above-listed data subject rights against us, we will store this fact in anonymised form on the basis of Article 6(1)(f) DSGVO. The fact that we can also prove the proper compliance with your request in cases of doubt is to be considered a legitimate interest within the meaning of this provision. This anonymised information, i.e. information that can no longer be linked to your person, will not be deleted.


6. Data security

All data transmitted by you personally, including your payment data, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, for online banking. You can recognise a secure SSL connection by the s appended to the http (i.e. https://...) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties.