Privacy Policy

Introduction

nikinik.com ("we", "our", or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal data. This policy explains our practices regarding cookies, analytics, and personal data in compliance with the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Cookies & Consent

We use cookies to enhance your browsing experience and understand how our site is used. Under GDPR we require your explicit consent before placing non-essential cookies.

Essential Cookies

Always enabled

Technical cookies required for the website to function.

theme — Stores your light/dark mode preference
CSRF token — Protects against cross-site request forgery

Analytics Cookies

Consent required

We use first-party analytics to understand traffic patterns. Data collected:

Page path viewed
Operating system
Anonymized IP address (last octet masked)
Referring website
Timestamp and event type

Provider: Own database on Render.com — no third-party analytics.
Retention: 365 days maximum.

Marketing & Advertising

Consent required

Cookies from advertising partners (e.g. Google AdSense) for ad serving. Only activated with your explicit consent.

Your Consent

When you first visit, a cookie banner lets you:

Accept All — Enable analytics and marketing cookies
Reject All — Disable all non-essential cookies
Customize — Choose which categories to enable

Your preference is stored for 365 days. No pre-checked boxes are used — you must actively choose to enable non-essential cookies.

IP Anonymization

When we collect IP addresses for analytics, they are immediately anonymized:

IPv4: Last octet zeroed — 192.168.1.42 → 192.168.1.0
IPv6: Last 64 bits zeroed — 2001:db8::1 → 2001:db8::

We cannot identify individual users by IP address, complying with GDPR's data minimization principle.

Your Data Rights (GDPR Articles 15–22)

Access Request a copy of your personal data (Art. 15)

Rectification Request correction of inaccurate data (Art. 16)

Erasure Request deletion of your data (Art. 17)

Restrict Processing Limit how we process your data (Art. 18)

Data Portability Receive your data in machine-readable format (Art. 20)

Object Object to processing for marketing (Art. 21)

To exercise any of these rights, email privacy@nikinik.com.

Newsletter

When you subscribe to our newsletter, we collect:

Your email address
Subscription timestamp
Marketing consent preference

We use your email only to send blog updates and occasional cycling gear recommendations. You can unsubscribe at any time via the link in any email.

Third-Party Services

YouTube Data API — Syncs video metadata. We do not track who watches embedded videos.
Render.com — Hosting provider. Privacy Policy
Google AdSense — Optional advertising. Requires marketing consent. Google Privacy Policy
Printful — Merchandise fulfilment. Privacy Policy

Data Security

HTTPS encryption — All data in transit is encrypted
CSRF protection — Forms protected against cross-site request forgery
HTML sanitization — User-facing content is sanitized to prevent XSS
Limited retention — Analytics data deleted after 365 days

Data Retention

Data Type	Retention
Analytics events	365 days
Newsletter subscribers	Until unsubscribed + 30 days
Contact form submissions	90 days
Cookie consent decisions	365 days (browser)
Server logs	30 days

Data Controller & Contact

Organization: nikinik.com
Operator: Niklas Clasen
Address: Kleinmattstrasse, 6003 Lucerne, Switzerland
Email: privacy@nikinik.com

Right to Lodge a Complaint

If you believe your data rights have been violated, contact your national data protection authority:

EU: European Data Protection Board
Switzerland: FDPIC

Policy Changes

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be reflected by updating the date at the top of this page.

This policy complies with GDPR (Regulation (EU) 2016/679) and the ePrivacy Directive (2002/58/EC).