Cookie preferences
This website uses cookies, which are necessary for the technical operation of the website and are always set. Other cookies, which increase the comfort when using this website, are used for direct advertising or to facilitate interaction with other websites and social networks, are only set with your consent.
Configuration
Technically required
These cookies are necessary for the basic functions of the shop.
"Allow all cookies" cookie
"Decline all cookies" cookie
Amazon Pay
CSRF token
Cookie preferences
Currency change
Customer recognition
Customer-specific caching
Individual prices
PayPal payments
Selected shop
Session
Comfort functions
These cookies are used to make the shopping experience even more appealing, for example for the recognition of the visitor.
Note
Statistics & Tracking
Affiliate program
Google Analytics
Track device being used
Marketing
These cookies are used to display personalized advertising.
Google advertising and marketing

Privacy Policy

Last updated: 11 Aug 2025

Contents

1. Controller

Nuggets Fallschirmsport GmbH
Flugplatz Unterzeil
88299 Leutkirch im Allgäu, Germany
Managing Director: Alexander Simon

Contact
Phone: +49 7561 70021
Fax: +49 7561 70022
Email: info@skydive-nuggets.de

Register entry
Entry in the commercial register – Register court: Ulm – Registration number: HRB 610607

VAT ID DE814004773

2. Hosting (Hetzner)

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place.

Purpose / legal basis: Provision of the website as well as stability and security (Art. 6(1)(f) GDPR).

Server logs at Hetzner: Data recorded includes IP address, browser used (user agent), date/time, referrer, requested URL and the system used. Hetzner stores anonymised IP addresses: at web server level, instead of the actual IP address, an address like 123.123.123.XXX is stored, where XXX is random (1–254) (last octet randomised). This prevents re‑identification of individuals.

Retention at Hetzner: Mail server logs: 7 days; Apache logs: 14 days; backups: 14 days (encrypted).

3. Legal bases at a glance

  • Contract / pre‑contractual measures: Art. 6(1)(b) GDPR
  • Consent: Art. 6(1)(a) GDPR (e.g., marketing/analytics)
  • Legal obligations: Art. 6(1)(c) GDPR (e.g., retention)
  • Legitimate interests: Art. 6(1)(f) GDPR (e.g., IT security, fraud prevention, affiliate commission accounting)

4. Cookies & Consent Management (ConsentManager)

We use a consent management tool (“ConsentManager”) to obtain and document consent for cookies and similar technologies. Processing: consent status, timestamp, device/browser information; a consent cookie is stored. Legal basis: compliance with legal obligations (Art. 6(1)(c)) and our legitimate interests in compliant consent management (Art. 6(1)(f)). You can change your settings at any time via the cookie banner (“privacy settings”).

5. Registration (customer account)

Data: salutation/name, email, password (hashed), and where applicable address and phone. Purpose: user account, order history, managing your data, performance of contract. Legal basis: Art. 6(1)(b) GDPR. Retention: until account deletion; statutory retention obligations remain unaffected.

6. Processing of customer and contract data

Data: products/services, prices, invoices, payment status, correspondence. Legal bases: Art. 6(1)(b) (contract), Art. 6(1)(c) (legal obligations), Art. 6(1)(f) (e.g., establishment/defence of legal claims). Retention: 6–10 years under commercial/tax law.

7. Data transfer upon contract conclusion – services & digital content

For scheduling and providing digital services, we process contact and contract data. Legal basis: Art. 6(1)(b) GDPR.

8. Payment services & encrypted payment transactions

Transmission of sensitive data (e.g., payment data) is protected by TLS encryption.

The following payment methods/providers are offered:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A. – Payment via PayPal account (including, where available, “PayPal Pay Later”) or, depending on your selection, card/direct debit payments processed by PayPal. Data processed: payment/transaction data, order/customer data, device/usage data. Legal basis: Art. 6(1)(b) (contract); fraud prevention where applicable Art. 6(1)(f). The provider may carry out credit/risk checks under its own responsibility.
  • Credit card (VISA, Mastercard, American Express) – Processed via our respective payment service providers/acquirers. Data processed: cardholder data, masked card number, expiry date, authorisation/transaction identifiers; we do not store full card numbers. Legal basis: Art. 6(1)(b); 3‑D Secure and fraud checks are performed by the payment provider under its own responsibility (Art. 6(1)(f)).
  • Amazon Pay (Amazon Payments Europe S.C.A.) – Payment using the payment methods stored in your Amazon account. Data processed: payment/transaction data, shipping and billing information, device/usage data. Legal basis: Art. 6(1)(b); fraud prevention where applicable Art. 6(1)(f).
  • SEPA direct debit – Processing of IBAN, account holder, mandate reference and booking data to execute the debit. Legal basis: Art. 6(1)(b); retention of the mandate pursuant to statutory requirements.
  • Prepayment / bank transfer – Processing of payment reference, sender (account holder), amount and booking time to allocate incoming payments. Legal basis: Art. 6(1)(b).

Payment data is transmitted to the payment service providers, banks and card schemes involved only to the extent necessary for processing the payment. Statutory commercial and tax retention obligations remain unaffected.

9. Affiliate partner programmes

We operate affiliate programmes/partner tracking. Tracking parameters (e.g., partner ID) and cookies may be used to attribute leads/sales and settle commissions. Legal basis: our legitimate interests in fair commission accounting (Art. 6(1)(f)); where required, consent via the consent banner (Art. 6(1)(a)). Retention: 30 days.

10. Google Tag Manager (GTM)

GTM manages tags (e.g., Analytics/Ads). GTM itself does not set tracking cookies but loads tools that may process data. Legal basis: consent (Art. 6(1)(a)) where consent‑based tools are loaded; otherwise legitimate interests (Art. 6(1)(f)). Provider: Google Ireland Limited; possible transfer to Google LLC in the USA (SCCs).

11. Google Analytics (GA4)

We use Google Analytics 4 with IP anonymisation. Data includes page views, events, interactions, approximate location data, device/browser information, referrer, pseudonymous IDs. Legal basis: consent (Art. 6(1)(a)). Retention of Analytics data: as configured (e.g., 14 months). Opt‑out: via cookie settings (consent banner). Third‑country transfer: possible (USA, SCCs).

12. Google Ads (incl. conversion tracking & remarketing)

We use Google Ads for reach/performance. Conversion tracking measures advertising success (e.g., orders), and remarketing serves interest‑based ads. Data: cookie/advertising IDs, pages visited, conversions, technical characteristics, pseudonymous profiles. Legal basis: consent (Art. 6(1)(a)). Opt‑out/preferences: consent banner and Google ad settings. Third‑country transfer: possible (SCCs).

13. Microsoft Advertising (UET/conversion/remarketing)

Data: UET cookie/tag, page views, conversions, pseudonymous IDs, technical characteristics. Legal basis: consent (Art. 6(1)(a)). Opt‑out: consent banner and Microsoft advertising preferences. Third‑country transfer: possible (SCCs).

14. YouTube embeds

Our website may embed videos from YouTube. Where possible, we use the privacy‑enhanced mode (youtube‑nocookie.com). Only when you play a video may personal data (e.g., IP address, device/browser data, possibly cookie/advertising IDs) be transmitted to YouTube/Google and cookies or similar technologies set. Legal basis: consent (Art. 6(1)(a)) via the consent banner. Provider: Google Ireland Limited / Google LLC (USA); third‑country transfers possible (SCCs).

15. Recipients & categories of recipients

  • Processors: hosting (Hetzner), IT service providers, CMP, analytics/marketing tools, email/newsletter tools (if used)
  • Contractual partners: payment providers, shipping providers where applicable, tax advisors

16. Transfers to third countries

With certain services (e.g., Google/Microsoft/YouTube), transfers to third countries (notably the USA) may occur. Transfers are based on Standard Contractual Clauses (SCCs) and, where appropriate, additional safeguards. Residual risks cannot be completely excluded.

17. Retention

We retain personal data only as long as necessary for the respective purposes or as required by law. Specific periods are set out in the respective sections.

18. Your rights

You have the rights of access, rectification, erasure, restriction, data portability, and to object to processing based on Art. 6(1)(f) GDPR. Where processing is based on consent: withdrawal at any time with future effect. You may lodge a complaint with a supervisory authority, e.g., LfDI Baden‑Württemberg (Germany).

19. Obligation to provide data / minors

The provision of certain data is required to conclude contracts; without it, a contract may not be possible. Our services are not directed at minors.

20. Changes to this policy

We will update this policy where laws, services or processes change. The current version is available on this website.

© 2025 Skydive Nuggets
This website uses cookies, which are necessary for the technical operation of the website and are always set. Other cookies, which increase the usability of this website, serve for direct advertising or simplify interaction with other websites and social networks, will only be used with your consent.
privacy policy | impress
Decline Accept all Configure