The protection of your personal data is of particular concern to us. The purpose of this declaration is to inform you on the nature, extent and purpose of personal data we collect from you and how it is used by NUGENIS GmbH. This declaration is directed at our current, former and prospective customers as well as those with interest in our products. We process your data exclusively in line with legal regulations (GDPR, Austrian Data Protection Act DSG 2018, Austrian Telecommunication Act TKG 2003).



Prinz Eugen-Straße 66
1040 Wien




Types of data used

  • Personal data (for example names, addresses)
  • Contact data (for example email address, phone numbers)
  • Meta-/communication data (for example IP-addresses)
  • Contractual data (for example contract object, duration of the contract, client category)
  • Payment details (for example bank details, payment history)


Why we need to use your data

Personal details disclosed by our customers will be used for the following: establishing, managing and fulfilling the business relationship, for the use of our customer service, for the use in customer care and to provide information about our product range. For this, personal data will be stored, processed and used. Personal data will not be disclosed to third parties with the exception of NUGENIS using external service providers to fulfil its contractual obligation to the customer (in particular for the delivery of ordered articles, payment options).

We handle your data pursuant to the following legal provisions: for obtaining consent       Art. 6(1) lit. a and Art. 7 GDPR, for the processing of data necessary for fulfilment of the contract and for implementing pre-contractual measures as well as answering queries        Art. 6(1) lit. b GDPR, to carry out our legal obligations Art. 6(1) lit. c GDPR, for the protection of our legitimate interests Art. 6(1) lit. f GDPR.

Security measures

We will take appropriate technical and organisational measures pursuant to Art. 32 GDPR to ensure an adequate level of protection. Our security measures are improved continuously in line with technological advances.


Cooperation with service providers and third parties

Should we disclose, provide or grant access to personal data in any other way to third parties we will only do this if this is legally permitted (for example if providing data to payment service providers is necessary for the performance of the contract according to Art. 6(1) lit.b GDPR), if you have consented, for complying with legal obligations or if required to protect our legitimate interests (for example when using web hosters etc.).

Rights of the persons concerned

You have the right to obtain confirmation as to whether the data concerned is used and to disclosure of such data as well as further information and to obtain a copy of all data according to Art. 15 GDPR.

You have the right to complete your personal data or demandrectification of inaccurate personal data we hold on you according to Art. 16 GDPR.

Pursuant to Art. 17 GDPR you have the right to request immediate deletion of such data or, alternatively, request restricted use of the data pursuant to Art. 18 GDPR.

You have the right to obtain the data you provided us with pursuant to Art. 20 DPGR and to demand data transmission to a third party.

You have the right to revoke your declaration of consent pursuant to Art. 7(3) GDPR with future effect.

You have the right to revoke your declaration of consent to process your data in the future pursuant to Art. 21 GDPR. Revoking your declaration of consent does especially apply to the use of targeted advertising.

You further have the right to lodge a complaint with the relevant supervisory authority pursuant to Art. 77 GDPR.

Duration of storage

We store your personal data, if necessary, for the duration of the business relationship for which we have collected your data and thereafter to meet legal obligations for storage and documentation (pursuant to Austrian UGB and BAO), until the end of potential legal disputes, the end of warranty obligations and other comparable obligations.

Data used by us will be deleted pursuant to Art. 17 and 18 GDPR or restricted in their use.

If not explicitly mentioned otherwise in this data protection declaration, data stored by us will be deleted once not required anymore for their intended use and as far as their deletion is not contradicted by legal storage obligations. If data are not deleted because they are needed for other and legally permitted uses, their use will be restricted. This applies for example to data which have to be stored for commercial law or taxation reasons.


We use cookies on our web page in order to make access to our product range more user friendly. Cookies are small text files that are stored on your device by your browser.

A cookie may contain diverse information (for example the contents of your shopping basket). A cookie is primarily used to store user data relating to a customer (or rather the device that the cookie is stored on) while or after visiting our web page. They enable us to recognise your browser during future visits.

If you do not want the cookies to be stored on your device, you can deactivate the relevant option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser. Blocking cookies may potentially reduce the functionality of our web page.


Ordering process in our online shop and customer account

We use the data of our customers in the course of the ordering process in our online shop in order to enable you to decide, order, pay and have your chosen products delivered.

Data used includes personal data provided by you, communication data, data relating to our contract, payment details and the data used is that of our customers, prospective customers and other commercial partners. Data is used in order to fulfil the contractual obligations necessary for operating our online shop, accounts department, delivery services and customer services.

Data is processed based on legal requirements according to Art. 96 (3) Austrian TKG and   Art. 6(1) lit. b (ordering process) and c (legal archiving obligations) GDPR. Information that needs to be provided for the establishment and performance of a contract is marked out clearly. Such data is only disclosed to third parties involved in delivery, payment services or in line with our legal rights and obligations to legal advisers and relevant authorities. Data will only be processed in third countries if this is deemed necessary for the fulfilment of the contract (for example on the request of a customer for delivery or payment).

Customers may open a customer account if the wish. The customer will be advised of mandatory information to do so during the registration process. Customer accounts are not public and cannot be indexed by search engines. If customers terminate their account, their data will be deleted subject to legal archiving requirements for commercial law or taxation reasons in line with Art. 6(1) lit. c GDPR. Personal details will remain with the customer account until it is terminated and then be archived for potential legal obligations. If the customer terminates the account, the customer is responsible to safe their data in time before fulfilment of the contract.

We will store your IP address and the time during registration and at all following log ins or use of our online services. Data storage is in line with our legitimate interests as well as protecting customers from misuse and other unauthorised access. We will not disclose this data to third parties unless this is necessary for the legitimate pursuit of our claims or if there is a legal obligations to do so pursuant to Art. 6(1) lit. c GDPR.

Data will be deleted following the end of legal warranty or comparable obligations or after the statutory archiving and documentation period has finished respectively.

External Payment Service Providers

We use external payment service providers to enable us and our customers to arrange payments.

External payment service providers are used in order to allow fulfilment of the contract in line with Art. 6(1) lit. b GDPR. In general, we use external payment service providers to pursue our legitimate interests according to Art. 6(1) lit. b GDPR and to offer our customers an effective and safe method of payment.

The data processed by payment service providers includes personal details, for example name and address, bank details, for example bank account numbers or credit card numbers, passwords, TANs and check sums as well as order, sum and recipient related details. These details are necessary in order to complete your transaction. The disclosed details will only be used and stored by the payment service provider and no details such as account or credit card related information is passed on to us. The payment service provider will only give us confirmation of payment or non-payment. This information may be passed on to credit reference agencies for identification and credit rating reasons. For further information please refer to the terms and conditions and the data protection policy of the payment service provider.

For all payments the terms and conditions and the data protection policy of the respective payment service provider applies and can be found on their web page. Please refer to this for further information and to exercise your right to revoke your contract, your right of access to information and other rights you may have.



If you contact us (for example via email, phone or using the enquiry form on our web page) we will use your details in order to deal with your query according to Art. 96(3) Austrian TKG and Art. 6(1) lit. c and b GDPR). We will delete your queries once they are no longer required.