Last updated: 17 February 2026

1. Data Controller

Nicbud – Nordic Express AB
Askims Verkstads väg 1, 436 34 Gothenburg, Sweden
Email: info@nicbud.de

Data protection contact: datenschutz@nicbud.de

2. Scope

This Privacy Policy applies to personal data processed in connection with Nicbud.com, including when you:

• browse the website,

• create an account,

• place orders,

• contact customer support,

• subscribe to marketing communications,

• consent to cookies/analytics/advertising technologies.
• Track orders by using our mobile application(“TRACKBUD: Nicbud Order Tracking App”)

Geographic availability: Nicbud.com serves customers globally except the United States and China. Where local mandatory laws apply, additional country-specific disclosures may apply.

This policy is drafted to meet the transparency requirements in Article 13 GDPR for data collected directly from you.
(See sources at the bottom.)

3. Personal Data We Process

We may process the following categories of personal data:

3.1 Data you provide

• Name

• Email address

• Phone number

• Billing address

• Shipping address

• Order details (products purchased, order history, returns/complaints)

• Customer service communications

• Age/eligibility confirmation (adult-only products)

3.2 Data collected automatically when you use the website

• IP address

• Device and browser information

• Website usage data (pages viewed, clicks, timestamps, referral source)

• Cookie identifiers and online IDs (only where applicable)

3.3 Data received from third parties

• Payment status/confirmation from payment providers

• Shipment and delivery events from carriers

• Fraud prevention signals (where applicable)

• Advertising/measurement signals (only if you have consented to marketing cookies)

4. Purposes and Legal Bases (GDPR)

We process personal data only where we have a lawful basis under GDPR.

4.1 Order handling, delivery, returns, customer account

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

4.2 Legal compliance (e.g., accounting/tax requirements)

Legal basis: Legal obligation (Art. 6(1)(c) GDPR)

4.3 Security, fraud prevention, abuse prevention, service integrity

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Our legitimate interests include maintaining IT security, preventing fraud, and protecting customers and our operations.

4.4 Marketing communications (newsletter, promotions)

Legal basis: Consent (Art. 6(1)(a) GDPR) where required, or legitimate interests where lawful under applicable rules
You can withdraw consent at any time.

4.5 Analytics and advertising measurement (cookies/trackers)

Legal basis: Consent (Art. 6(1)(a) GDPR).
In Germany, storage/access on your device for non-essential cookies is also subject to §25 TTDSG consent requirements.

5. Cookies and Similar Technologies

Nicbud.com uses cookies and similar technologies to:

• enable core website functionality (e.g., cart, checkout, security),

• remember preferences,

• measure performance (analytics),

• measure advertising performance (marketing/ads cookies).

Consent: Non-essential cookies (analytics/marketing) are used only after you give consent through the cookie banner/settings. For Germany, consent for non-essential storage/access is governed by §25 TTDSG.

You can change or withdraw your cookie consent at any time via the website’s Cookie Settings.

6. Payment Processing

Payments are processed by third-party payment providers. We do not store full payment card details on our systems. Payment providers may act as independent controllers for their processing.

7. Recipients of Personal Data

We may share personal data with the following categories of recipients, only to the extent necessary:

• Hosting and IT providers (website infrastructure, security, maintenance)

• Payment providers (payment processing and fraud prevention)

• Shipping/logistics partners (delivery and tracking)

• Customer support systems (ticketing, communication tools)

• Analytics/advertising providers (only if you consent to analytics/marketing cookies)

• Authorities (where required by law or lawful requests)

Where suppliers process data on our behalf, we use data processing agreements consistent with GDPR processor requirements.

8. International Transfers

If personal data is transferred outside the EU/EEA, we use lawful transfer mechanisms such as:

• Adequacy decisions (where applicable), including the EU–U.S. Data Privacy Framework adequacy decision; and/or

• Standard Contractual Clauses (Art. 46 GDPR).

(See sources at the bottom.)

9. Retention (How long we keep data)

We retain personal data only as long as necessary for the purposes described above:

• Orders, invoices, accounting records: retained as required by applicable accounting/tax rules (often up to 10 years depending on jurisdiction).

• Customer account data: retained while your account remains active and for a limited period thereafter unless deletion is requested and not prevented by legal obligations.

• Customer service communications: retained as long as needed to handle the case and for a limited period thereafter for quality and dispute handling.

• Fraud/security logs: retained as needed for security and fraud prevention, proportionate to risk and legal requirements.

• Marketing data: retained until you withdraw consent/unsubscribe (and then suppressed to ensure you are not contacted again).

10. Security Measures

We apply appropriate technical and organizational measures to protect personal data, including:

• encryption in transit (TLS/SSL),

• access controls and role-based permissions,

• monitoring and logging,

• secure hosting environments and backups,

• least-privilege practices.

11. Your Rights (GDPR)

Where GDPR applies, you have the right to:

• Access (Art. 15)

• Rectification (Art. 16)

• Erasure (Art. 17)

• Restriction (Art. 18)

• Data portability (Art. 20)

• Object (Art. 21)

• Withdraw consent at any time (without affecting prior processing)

To exercise your rights, contact:
datenschutz@nicbud.de

12. Complaints to a Supervisory Authority

If you believe we process your personal data unlawfully, you may lodge a complaint with a supervisory authority. In Sweden, you can contact the Swedish Authority for Privacy Protection (IMY).

13. Changes to This Policy

We may update this Privacy Policy due to legal, technical, or operational changes. The latest version will always be published on Nicbud.com with the “Last updated” date.