Privacy Policy

Last Updated: 15th January 2026

Introduction

nextzenithium AG ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website or use our services.

Data Controller Information

The data controller for your personal information is nextzenithium AG, a company registered in Germany with registration number HRB648259. Our registered address is Gartenstraße 136, 80908 Munich, Bavaria, Germany.

Data Collection

We collect personal data that you provide to us directly and information that is automatically collected when you use our website. The data we collect includes:

• Contact Information: Name, email address, phone number, and postal address when you contact us or request our services
• Communication Data: Records of correspondence when you contact us via email, phone, or contact forms
• Technical Information: IP address, browser type, device information, and website usage data
• Cookie Data: Information collected through cookies and similar tracking technologies

How We Use Your Information

We use your personal information for the following purposes, based on legitimate business interests and legal obligations:

• Service Provision: To provide makeup equipment guidance and consultation services
• Communication: To respond to your enquiries and provide customer support
• Business Operations: To manage our business relationships and improve our services
• Legal Compliance: To comply with legal obligations and protect our legal rights
• Website Improvement: To analyse website usage and improve user experience

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for specific processing activities
• Contract Performance: Where processing is necessary to perform our services
• Legitimate Interests: Where we have legitimate business interests that do not override your privacy rights
• Legal Obligations: Where we are required to process data to comply with legal requirements

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:

• Service Providers: Trusted third-party service providers who assist us in operating our website and conducting business
• Legal Requirements: When required by law, regulation, or legal process
• Business Protection: To protect our rights, property, or safety, or that of our users or others

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Contact information and communication records are typically retained for up to 7 years for business and legal compliance purposes. Cookie data is retained according to the specific cookie types and purposes as outlined in our Cookie Policy.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure server environments, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully. In Germany, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local data protection authority.