Privacy Policy

1. General Information

This Privacy Policy describes how N.A. Invest GmbH (“Company”, “we”, “us”, “our”) collects, uses, and protects personal data in connection with the use of our software Option Defense and related online services (“Services”).

We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws, including the Bundesdatenschutzgesetz (BDSG).

Service provider (§ 5 TMG):
N.A. Invest GmbH
Ratinger Str. 3
40213 Düsseldorf
Germany

📞 +49 211 59868985 / +49 152 26931948
📧 info@nainv.de

Authorized representative: Nataliia Shchurikova

 

2. Data Controller

The data controller within the meaning of Art. 4(7) GDPR is:

N.A. Invest GmbH
Ratinger Str. 3
40213 Düsseldorf
Germany

For all questions related to data protection, you may contact us at:
📧 info@nainv.de

 

3. Categories of Data We Collect

We collect and process the following categories of personal and technical data:

Account Data:

  • First and last name

  • Email address

  • Account credentials (if applicable)

Payment Data:

  • Processed securely by Stripe Payments Europe Ltd.

  • We do not store or process payment card details on our servers

  • Stripe may collect additional data in accordance with its own Privacy Policy

Hardware Identification Data (Hardware Fingerprint):

  • Upon license activation, the software generates a unique hardware fingerprint based on anonymized technical characteristics (e.g. system hash, CPU identifier)

  • Used exclusively for license verification and prevention of unauthorized distribution

  • Does not contain personal data and does not allow personal identification

  • Stored securely on servers located within the European Union

Technical and Usage Data:

  • IP address (anonymized)

  • Browser and operating system type

  • Date and time of access

  • Error logs (for technical diagnostics)

 

4. Purposes of Data Processing

Personal data is processed exclusively for the following purposes:

  • registration and management of user accounts;

  • payment processing and provision of subscription-based access;

  • software license verification and abuse prevention;

  • customer support and communication;

  • compliance with legal obligations (e.g. tax and accounting requirements).

 

5. Legal Basis for Processing

Processing of personal data is based on the following legal grounds:

  • Art. 6(1)(b) GDPR – performance of a contract (e.g. software license agreement);

  • Art. 6(1)(c) GDPR – compliance with legal obligations;

  • Art. 6(1)(f) GDPR – legitimate interests, including fraud prevention, software security, and customer management.

 

6. Payment Processing (Stripe)

Payments for our Services are processed via:

Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Dublin
Ireland

Stripe acts as an independent data controller with respect to payment information.
Payment details are transmitted directly to Stripe via encrypted communication channels (TLS).

We receive only confirmation of payment and a customer identifier.
Further information is available in Stripe’s Privacy Policy and GDPR Compliance Documentation.

 

7. Storage Duration

Personal data is stored only for as long as necessary to achieve the stated purposes or as required by law.

Typical retention periods include:

  • account and billing data — up to 10 years (§257 HGB / §147 AO);

  • hardware fingerprint data — for the duration of the active license, deleted upon deactivation;

  • email correspondence and support requests — up to 2 years after case closure.

 

8. Data Security

We implement appropriate technical and organizational security measures to protect data against:

  • unauthorized access or disclosure;

  • loss or destruction;

  • unlawful processing.

All data transfers between our website, software, and servers are protected using SSL/TLS encryption.
Access to personal data is restricted to authorized personnel bound by confidentiality obligations.

9. Data Sharing and Transfers

We do not sell or disclose personal data to third parties.
Data may be transferred only if:

  • required by law;

  • necessary for service provision (e.g. Stripe);

  • explicit user consent has been provided.

All processors operate under Art. 28 GDPR Data Processing Agreements (DPA).
Data is not transferred outside the European Economic Area (EEA) unless adequate safeguards are in place (Art. 46 GDPR).

 

10. Cookies and Analytics

Our website uses only technically necessary cookies required for account management and payment processing.
We do not use analytics, marketing, or tracking cookies without explicit user consent in accordance with Art. 6(1)(a) GDPR.

 

11. Your Rights (Art. 12–23 GDPR)

You have the following rights as a data subject:

  • right of access (Art. 15 GDPR);

  • right to rectification (Art. 16 GDPR);

  • right to erasure (“right to be forgotten”, Art. 17 GDPR);

  • right to restriction of processing (Art. 18 GDPR);

  • right to data portability (Art. 20 GDPR);

  • right to object (Art. 21 GDPR);

  • right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights, please contact:
📧 info@nainv.de

 

12. Third-Party Links

Our website may contain links to third-party services (e.g. payment providers).
We are not responsible for the content or data protection practices of such external websites.

 

13. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time due to changes in legislation or business operations.
The current version will always be published on this page with an updated revision date.

 

14. Contact

For all data protection inquiries, please contact:

N.A. Invest GmbH
Ratinger Str. 3
40213 Düsseldorf
Germany

📧 info@nainv.de