NICATS e.V. Group has always attached great importance to the protection of your personal data and to your right to decide what personal data should be disclosed and under what circumstances. In accordance with Articles 13, 14 and 21 of the European General Data Protection Regulation (GDPR), we would like to inform you below about how we process your personal data and what rights you have as a data subject. The following statements are valid from 25 May 2018 and replace any previous statements provided by our company. In the case of special processing situations, you will receive separate or additional information if necessary. This includes, for example, the privacy policies on our websites, terms and conditions for participation in events, or information provided within the framework of declarations of consent. The statements below will be updated as necessary.


The controller within the meaning of Art. 4 No. 7 GDPR:

NICATS – Network of Independent Catalog & Service Providers e. V. Vaihingerstraße 43, 70567 Stuttgart,  

Register of associations: VR 724606

Register court: Amtsgericht Stuttgart

Represented by the executive committee: 

Krunoslav Bagaric, Andreas Deiß, Andreas Lottes, Sven Grabenschweiger


A large part of the personal data we collect is collected directly from you or arise directly from the respective business relationship. However, it may be necessary to use personal data from other sources within the framework of the processing mentioned under Section 3. This is of course done in compliance with data protection regulations. In such cases, personal data may come from publicly accessible sources (e.g. commercial registers, association registers, registration registers, land registers, debtor registers, press releases and Internet searches), from affiliated companies or from other third parties (e.g. credit agencies, address publishers and authorities).

Depending on the processing activity and purpose, the following data are processed, for example: personal master data (e.g. name, date of birth), contact and address data (e.g. address, e-mail address, telephone number), bank details, order data (e.g. type and quantity of goods ordered or services used), historical data on the business relationship with NICATS e.V. or data within the scope of ongoing contact maintenance, for example data on communication including date, time and purpose.

If you access websites of NICATS e.V. or use other electronic services provided by us, we will process various IT-related data. In addition to the type, time and duration of access, this also includes the IP addresses you use, data about the end devices you use, such as the operating system and browser, and the amount of data transferred. So-called “cookies” are also used in the context of the processing mentioned under Section 3. Further information can be found in the specific Privacy Statement for each respective website or electronic service. The information for the website is available at the end of this document.


Your personal data will be processed in accordance with the provisions of the European Data Protection Regulation (GDPR), the German Federal Data Protection Act in the version of 30 June 2017 (BDSG-new) and other possibly applicable data protection regulations.

3.1 Processing for the performance of a contract or for pre-contractual measures pursuant to Art. 6 para. 1 sentence 1 letter b) GDPR

A large part of the personal data is processed by us in order to be able to fulfil contracts with you or to carry out pre-contractual measures at your request. The legal basis for this is Art. 6 para. 1 sentence 1 letter b) GDPR. The processing activities including the associated purposes result in particular from the respective contract. Order-related communication, documentation of transactions, booking of business transactions and processing of complaints, including the fulfilment of any warranty claims, is also required in this context.

3.2 Processing to fulfil legal obligations or carry out tasks in the public interest in accordance with Art. 6 para. 1 sentence 1 c) and e) GDPR

The requirements and the resulting processing activities and purposes result in particular from commercial and tax law but also from other regulatory or official requirements. The retention periods for business documents require, for example, that a large number of documents, including the personal data contained therein, be stored for the long term. Other processing activities based on legal regulations may include the prevention of money laundering, the prevention, combating and clarification of terrorist financing, the fulfilment of fiscal control and reporting obligations, the verification of identity and the comparison with anti-terrorist lists.

Judicial or official measures may make it necessary for personal data to be processed and, in particular, disclosed. These include measures in the context of criminal prosecution, the collection of evidence, the enforcement or defence of civil law claims or audits by tax and/or supervisory authorities.

3.3 Processing for the protection of legitimate interests of NICATS e.V. or of third parties in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR

As a customer or business partner you are used to a trusting cooperation. In addition to the performance of contracts with you, the performance of pre-contractual measures and the performance of legal obligations or the protection of public interests, we process personal data in order to protect the legitimate interests of ourselves or third parties The legal basis for this is Art. 6 para. 1 sentence 1 letter f) GDPR. The processing activities mainly include:

  • General contact care within the framework of an existing business relationship
  • General internal and external communication
  • Compliance measures including internal and external investigations to prevent and possibly detect crimes or other violations
  • Exchange of data with affiliates to optimize the supply of goods and services and improve operations and structures
  • Limited storage of personal data instead of deletion according to § 35 BDSG-new
  • Obtaining credit insurance and credit insurance to reduce the economic risk
  • Obtaining information and exchanging data with credit bureaus, inter alia, to reduce the economic risk and to grant payment terms
  • Assertion, exercise or defence of legal claims
  • Ensuring IT and data security including measures to maintain the confidentiality, integrity and availability of data
  • Corporate control measures such as cost accounting, controlling internal and external reporting, internal audit
  • In individual cases, listening to telephone calls for training purposes or in the context of quality control
  • Quality management, monitoring and optimisation of business processes
  • Risk and emergency management as well as various security measures, including measures to protect our domiciliary rights
  • Statistical evaluations and needs analyses to optimize the offer, the availability of goods and services as well as direct customer contact
  • Statistical evaluations for range measurement in newsletters (e.g. opening rate)
  • Activities in the interest of building and plant security including access control and logging
  • Video surveillance to exercise domiciliary rights, prevent and prosecute criminal offences and protect the property of NICATS e.V. and third parties

In order to safeguard our own legitimate interests, we may supplement the data stored by us with data stored in publicly accessible sources or with data collected from third parties (e.g. credit agencies, address publishers or authorities).

Furthermore, we process personal data for the purpose of advertising as well as market or opinion research. Any contact for advertising purposes is made personally, by phone and by post. If you purchased goods or services from us, we may process your e-mail address to send you information about similar products and services by e-mail. If the legislator requires a consent, we will ask for it. We also exchange personal data with affiliated companies, in accordance with legal requirements. We will only process your personal data within the framework of a weighing of interests if you have not objected and if the legislator does not require explicit consent. We will inform you separately below about your right to object, in accordance with Art. 21 GDPR.

3.4 Processing on the basis of your explicit consent in accordance with Art. 6 para. 1 sentence 1 letter a) GDPR

Certain processing activities may require us to obtain your consent. The legal basis for such processing is Art. 6 para. 1 sentence 1 letter a) GDPR. Consents granted before 25 May 2018 generally remain valid. If we need your consent, we will inform you about the planned processing before giving your consent. You can revoke recent consents and consents granted in the past at any time with effect for the future. However, the revocation of consent does not affect the legality of the processing until the time of revocation.


The departments of NICATS e.V. have access to personal data that they require in the course of their professional activities and in order to carry out the processing operations described under Section 3. Your personal data will only be disclosed to bodies outside NICATS e.V. if this is permitted by law and is necessary within the framework of the processing specified under Section 3.

Your personal data will not be sold for advertising purposes or for market and opinion research purposes.


NICATS e.V. processes your personal data as long as is necessary to conduct the business relationship, including pre-contractual measures, and to comply with statutory obligations.

In addition, NICATS e.V. is obliged to observe retention periods under commercial and tax law. These are defined, in particular, in the German Commercial Code (HGB), the German Tax Code (AO)and the German Prevention of Money-Laundering Act (GwG) and can be up to 10 years after the end of the business relationship or the initiation of the contract.

Due to further legal regulations, further storage may be necessary for the preservation of evidence. Section 195 of the German Civil Code stipulates limitation periods of up to 30 years, whereby the standard limitation period is three years.

Once the aforementioned periods have expired, the personal data shall be regularly deleted. Exceptions to this rule apply only where further processing is necessary to safeguard a legitimate interest pursuant to 3 c). According to Section 35 of the new German Federal Data Protection Act (BDSG-neu), such an interest can also be deemed to exist where if deletion is not possible, or only possible with disproportionately high effort due to the specific method of storage, and the interest of the data subject in having the data deleted is considered negligible. The deletion shall be replaced by the restriction of the processing by suitable technical and organisational measures.


Personal data is processed by NICATS e.V. solely in Germany or the European Union. Such data shall only be forwarded to service providers, associated companies or other third parties outside the European Union in accordance with statutory provisions, if:

  • you have given us a specific consent to do so
  • it is required to fulfil a contract with you or for pre-contractual action (e.g. delivery to an address outside the European Union)
  • it is necessary for the conclusion or fulfilment of a contract in your interest
  • there is a corresponding legal obligation or public interest to do so
  • it is necessary for the assertion, exercise or defence of legal claims
  • it is required in the legitimate interests of NICATS e.V. or an affiliate (adequate level of protection)
  • contract processing is involved (adequate level of protection)


As a data subject, you have various rights that you can assert against NICATS e.V. under certain conditions. These include

  • the right to information (Art. 15 GDPR)
  • the right to rectification (Art. 16 GDPR)
  • the right to erasure (Art. 17 GDPR)
  • the right to restriction of processing (Art. 18 GDPR)
  • the right to data portability (Art. 20 GDPR)

Restrictions in accordance with Sections 34 and 35 of the BDSG-new shall apply to the rights to information and deletion.

You have the right to object to processing on the grounds of legitimate interest (Art. 21 para. 1 GDPR). In such cases, we shall cease processing the data unless compelling legitimate reasons exist for processing, or if processing is necessary for asserting, exercising or defending legal claims. This also applies to the processing of your personal data for the purpose of direct advertising (Art. 21 para. 2 GDPR). You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR. This also applies to consents granted before 25 May 2018. The revocation of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the revocation.

You also have the right to lodge a complaint with the competent supervisory authority for data protection (Art. 77 GDPR in conjunction with § 19 BDSG-new).

If you would like to exercise your rights, please contact the Data Protection Officer of NICATS e.V., preferably in writing. The contact details are listed under Section 1.


You are required to provide any and all personal data that is necessary for entering into and conducting a business relationship, for implementing pre-contractual measures and for fulfilling the contractual obligations related thereto. You are also required to provide any and all data that NICATS e.V. is legally obligated to process. Without this data, we shall not be able to conclude or perform the respective contract with you. Such an obligation to provide personal data may only arise at a later stage of the business relationship. Any other personal data is provided on a voluntary basis.


NICATS e.V. uses automated individual decision-making processes according to Art. 22 GDPR for the performance of contracts. If the buyer is repeatedly in default of payment, the option of making a purchase with a specific payment target will be automatically blocked. This measure aims to reduce payment defaults. The data subjects have the right to obtain human intervention on the part of the controller, to express their own point of view and to challenge the decision. In the context of recruitment procedures, automated decision-making processes in individual cases within the meaning of Art. 22 GDPR are not used, i.e. the decision on your application is not based exclusively on automated processing.

In some cases, personal data are also processed automatically to evaluate certain personal aspects (so-called profiling). In order to inform you specifically about products and services and to be able to submit offers tailored to your needs, evaluation mechanisms are used that take into account, among other things, your sector affiliation and product group-specific sales in the past.

Special categories of personal data according to Art. 9 GDPR and data on your nationality are not used here.


Right of objection in individual cases

If you file an objection, NICATS e.V. will no longer process the personal data relating to you, unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.


NICATS e.V. uses your personal data for the purpose of direct marketing purposes. You have the right to object at any time to the processing of personal data concerning your person for such marketing purposes. This includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, NICATS e.V. will no longer process your personal data for such purposes.

You can exercise your right to object without the need to comply with any formal requirements, if possible by contacting:

Data protection officer
Vaihingerstraße 43
70567 Stuttgart


This website can be used without providing personal data. Other provisions may apply to the use of individual services on our site, which will be explained separately below. Your personal data (such as name, address, e-mail, telephone number, etc.) are processed by us only in accordance with the provisions of German data protection law. Data are personal when they can be clearly assigned to a specific natural person. The following provisions inform you in this respect about the type, scope and purpose of the collection, use and processing of personal data.

The controller within the meaning of Art. 4 No. 7 GDPR is

NICATS – Network of Independent Catalog & Service Providers e. V.

Vaihingerstraße 43, 70567 Stuttgart,

Register of associations: tbd.

Register court: tbd.

Represented by the executive committee:

Krunoslav Bagaric, Andreas Deiß, Andreas Lottes, Sven Grabenschweiger

Contact data of Data Protection Officer
Data protection officer
Vaihingerstraße 43
70567 Stuttgart

We would like to point out that Internet-based data transmission has security gaps; a complete protection against access by third parties is therefore impossible.


We use so-called cookies on our site to detect multiple visits to our website by the same user / owner of the Internet connection. Cookies are small text files that your Internet browser stores and saves on your computer. They serve to optimise our website and our services. These are mostly so-called “session cookies”, which are deleted after the end of your visit.

In some cases, however, these cookies provide information in order to automatically recognize you. This recognition is based on the IP address stored in the cookies. The information obtained in this way serves to optimize our offers and to provide you with easier access to our site.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.


The following data, which your Internet browser transmits to us or to our web space provider, are collected for technical reasons (so-called server log files):

– Browser type and version – Used operating system – Website from which you visit us (referrer URL) – Website you visit – Date and time of your access – Your Internet Protocol (IP) address.

These anonymous data are stored separately from any personal information that you may provide and therefore do not allow any conclusions to be drawn about a particular person. They are evaluated for statistical purposes in order to optimise our website and our services.


On our website we offer you the possibility to contact us by e-mail and/or via a contact form. In this case, the information provided by the user will be stored for the purpose of processing his contact. The data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site does not take place either.


We use Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site.

The information generated by these cookies, such as the time, place and frequency of your visit to the website, including your IP address, is transmitted to Google in the USA and stored there.

We use Google Analytics on our website with an IP anonymisation function. In this case, Google will already reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and thereby make it anonymous.

Google will use this information to evaluate your use of our site, to compile reports on website activity for us and to provide other services relating to website and Internet use. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Google will, according to its own statements, under no circumstances associate your IP address with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

Google also offers a deactivation option for the most popular browsers, giving you more control over what information Google collects and processes. If you activate this option, no information about your visit to the website will be transmitted to Google Analytics. However, activation does not prevent information from being transmitted to us or to other web analytics services that we may use. For more information about the opt-out option provided by Google and how to enable this option, please follow the link below:


We use the component “Google Maps” from Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”.

Each time you access the Google Maps component, Google sets a cookie to process user settings and data when you view the page that includes the Google Maps component. As a rule, this cookie is not deleted when you close your browser, but expires after a certain time, unless you delete it manually beforehand.

If you do not agree to this processing of your data, it is possible to deactivate the “Google Maps” service and thus prevent the transfer of data to Google. To do this, you must deactivate the JavaScript function in your browser. However, we would like to point out that in this case you will not be able to use “Google Maps” or only to a limited extent.

The use of “Google Maps” and the information obtained via “Google Maps” is subject to the Google Terms of Use

and the additional Terms and Conditions for “Google Maps”


We use components of the LinkedIn network on our website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit our website, which is equipped with such a component, this component causes your browser to download a corresponding display of the LinkedIn component.

This process will provide LinkedIn with information about the specific page of our website being visited at the time. If you click the LinkedIn “Recommend button” while being logged in to your LinkedIn account, you will be able to provide links to the contents of our pages in your LinkedIn profile. This enables LinkedIn to assign the visit of our pages to your LinkedIn user account.

We have no control over the data collected by LinkedIn in this process, nor their scope. We also have no knowledge of the content of the data sent to LinkedIn. Please see the LinkedIn Privacy Policy for details of the data collected by LinkedIn, your rights and optional settings. You can find this information at


In accordance with the Federal Data Protection Act, you can contact us free of charge with questions regarding the collection, processing or use of your personal data and the correction, blocking, deletion or revocation of a given consent. We would like to point out that you have the right to have incorrect data corrected or personal data deleted if there is no legal obligation to retain such data.

The “Supplementary information” for the use of this website was created by the privacy statement generator of the law firm Weiß & Partner.