Join the Nexthor Installer Club and collect up to 5% cashback
Start earning with the Nexthor Partner Network
Starter Pack: test 2 Nexthor PPF rolls for the price of 1

Privacy policy

Last updated: May 27, 2026

Nexthor™ operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Nexthor™ is operated by Digital Bug s.r.o., a company registered in the Slovak Republic. Nexthor™ is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services, apply to one of our B2B partner programs, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

1. Data Controller

The data controller responsible for your personal information is:

Digital Bug s.r.o.
Okružná 20, 058 01 Poprad, Slovak Republic
IČO (Company ID): 54330483
Email: info@nexthorppf.com

We comply with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and Act No. 18/2018 Coll. of the Slovak Republic on Personal Data Protection.

1.1 Data Protection Officer

We have not appointed a Data Protection Officer because we are not legally required to do so under GDPR Article 37. For all privacy-related questions or to exercise your rights, contact us at info@nexthorppf.com with the subject line "GDPR Request".

2. Who This Privacy Policy Applies To

This Privacy Policy applies to four categories of individuals interacting with our Services:

  • Retail customers who browse the store, create an account, or place an order for our PPF products.
  • B2B partners and applicants who apply to or participate in our Installer Club, Pilot, Scout, or Starter Pack programs.
  • Visitors who browse the website without creating an account or making a purchase.
  • Contacts who submit a contact form, send an email, or otherwise communicate with us.

If you are unsure which category applies to you, the rights and protections described in this Privacy Policy apply to you regardless. Sections marked "Retail customers" or "B2B partners" provide additional context relevant to those groups.

3. Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you.

3.1 For all visitors and customers

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Account information including your email address, login credentials managed through Shopify, account preferences, settings, and order history.
  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry or submitting a contact form.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

3.2 For retail customers (orders)

  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel, and your past transactions.
  • Payment information processed by our payment providers. We receive limited payment information such as payment status, transaction ID, payment method type, billing details, and fraud or risk signals. We do not store full payment card numbers.

3.3 For B2B partners and applicants

  • Application information including your studio or company name, business registration number (IČO, VAT number, or equivalent), business address, website or social media URL, estimated monthly PPF volume, and answers to verification questions.
  • Activity records including your cashback rank, approved PPF installation count, milestone progress, commission earnings, payout history, and network referral relationships (which partners you introduced and which introduced you).
  • Agreement consent records including, when you accept any Nexthor agreement (Installer Club Agreement, Pilot Agreement, Scout Agreement) or policy: the agreement type and version, the timestamp of acceptance, the IP address and user agent used at the time of acceptance, and the URL of the page where consent was provided.

4. Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, apply to a B2B partner program, communicate with us, or otherwise provide us with your personal information.
  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies.
  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf.
  • From public business registries including the Slovak Business Register (Obchodný register SR), Finstat, and equivalent public registries in other EU countries, when we verify the legitimacy of a B2B partner applicant.
  • From our partners or other third parties including referring partners in the Nexthor Partner Network who may submit your business details when introducing you to Nexthor.

5. How We Use Your Personal Information and Legal Basis

Under GDPR Article 6, every processing activity must have a lawful basis. The following sections explain what we do, what data we use, why we do it, and how long we keep the data.

5.1 Order processing and fulfillment

  • Purpose: Process your orders, deliver products, manage returns and exchanges, send order confirmations and shipping notifications.
  • Data used: Name, billing and shipping address, email, phone, transaction details, payment status.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
  • Retention: 10 years for invoices and accounting records (Slovak Accounting Act No. 431/2002).

5.2 Customer account management

  • Purpose: Create and maintain your account, remember your preferences, enable login, secure access.
  • Data used: Email, login credentials managed through Shopify, account settings, order history.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
  • Retention: Until account deletion, plus up to 1 year of backup retention.

5.3 Marketing emails and promotions

  • Purpose: Send marketing emails, newsletters, promotional offers, and, where enabled and legally permitted, abandoned cart or checkout reminders.
  • Data used: Email, name, purchase history, browsing behavior, consent timestamp.
  • Legal basis: Consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time via the unsubscribe link in our emails.
  • Retention: Until consent is withdrawn, plus 3 years of consent records.

5.4 Analytics and personalization

  • Purpose: Understand how visitors use the site, improve our products, personalize the shopping experience.
  • Data used: IP address (anonymized), device information, page views, click behavior, referrer.
  • Legal basis: Consent for non-essential cookies (GDPR Art. 6(1)(a)); legitimate interest for aggregated analytics (GDPR Art. 6(1)(f)).
  • Retention: Up to 26 months, depending on our analytics configuration.

5.5 Targeted advertising (Meta Pixel, ad networks)

  • Purpose: Show you relevant advertisements on Facebook, Instagram, and other platforms based on your activity on our site.
  • Data used: Device identifiers, browsing behavior, purchase signals, IP address.
  • Legal basis: Consent (GDPR Art. 6(1)(a)). You can decline via our cookie banner.
  • Retention: According to your cookie settings and the retention periods of the relevant advertising platforms.

5.6 B2B partner verification and onboarding

  • Purpose: Verify that B2B applicants are legitimate businesses, evaluate applications.
  • Data used: Business name, IČO/VAT, address, website, public registry data.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and legitimate interest in fraud prevention (GDPR Art. 6(1)(f)).
  • Retention: Application period plus 3 years if not approved; duration of partnership plus 10 years if approved.

5.7 B2B partner performance and payout

  • Purpose: Track approved installations, calculate cashback and commissions, process payouts, maintain rank progression.
  • Data used: Installation records, rank, commission earnings, payout history, referral chain.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and legal obligation for tax compliance (GDPR Art. 6(1)(c)).
  • Retention: Duration of partnership plus 10 years.

5.8 Agreement consent logs

  • Purpose: Provide a legally valid audit trail proving when and how each partner accepted each agreement version.
  • Data used: Agreement type and version, IP address, user agent, timestamp, page URL.
  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)) and legitimate interest in legal defense (GDPR Art. 6(1)(f)).
  • Retention: Duration of partnership plus 10 years.

5.9 Security, fraud prevention, and abuse detection

  • Purpose: Detect, investigate or prevent fraudulent, illegal, unsafe, or malicious activity. Authenticate accounts. Protect the website from attacks.
  • Data used: IP address, device and browser information, login attempts, transaction patterns, and security signals.
  • Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).
  • Retention: Server and access logs: 12 months. Fraud investigation files: up to 5 years.

5.10 Customer support and communications

  • Purpose: Respond to your inquiries, provide customer support, maintain our business relationship.
  • Data used: Name, email, message content, communication history.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and legitimate interest (GDPR Art. 6(1)(f)).
  • Retention: Contact form submissions: 2 years from last interaction. Support tickets: 3 years.

5.11 Legal compliance

  • Purpose: Comply with applicable law, respond to valid legal process, defend or enforce our legal rights.
  • Data used: Whatever data is relevant to the legal matter.
  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)) and legitimate interest (GDPR Art. 6(1)(f)).
  • Retention: As required by the applicable law or legal process.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Services and to understand how you use them. Cookies fall into four categories:

6.1 Strictly necessary cookies

Required for the website to function. These cookies enable basic features such as shopping cart, login, checkout, and security. They cannot be disabled.

  • Provider examples: Shopify cookies used for cart, checkout, login, security, fraud prevention, and store functionality.
  • Legal basis: Necessary for performance of a contract; consent not required.

6.2 Functional cookies

Remember your preferences such as language, region, currency, and theme settings.

  • Provider examples: Shopify cookies for locale, currency, and store preferences.
  • Legal basis: Consent.

6.3 Analytics cookies

Help us understand how visitors use the site, which pages are most viewed, and where improvements are needed.

  • Provider examples: Google Analytics, Shopify Analytics, and similar analytics services.
  • Legal basis: Consent.
  • Retention: Up to 26 months, depending on our analytics configuration.

6.4 Marketing and advertising cookies

Used for personalized advertising on third-party platforms based on your activity on our site.

  • Provider examples: Meta Pixel, Google Ads, Klaviyo tracking pixel, and similar advertising services.
  • Legal basis: Consent.
  • Retention: According to your cookie settings and the retention periods of the relevant advertising platforms.

6.5 Managing your cookie preferences

Where required by law, our website displays a cookie banner allowing you to manage your cookie preferences. You can change your choice at any time:

  • Click "Manage preferences" in the cookie banner to update your Required, Personalization, Marketing, and Analytics cookie choices.
  • Adjust your browser settings to block or delete cookies.
  • Use the Shopify Privacy Portal to manage your preferences across Shopify-powered stores.
  • Enable the Global Privacy Control signal in your browser, which we will respect automatically.

Disabling some cookies may limit website functionality. Strictly necessary cookies cannot be disabled.

7. How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With Klaviyo, our email marketing platform, for sending transactional and marketing emails, and for customer segmentation. Klaviyo's privacy policy is available at klaviyo.com/legal/privacy.
  • With Google LLC, for website analytics through Google Analytics. IP anonymization is enabled. Google's privacy policy is available at policies.google.com/privacy.
  • With Meta Platforms, Inc., for advertising performance measurement on Facebook and Instagram through the Meta Pixel. Meta's privacy policy is available at facebook.com/privacy/policy.
  • With shipping carriers (DHL, GLS, Slovak Post, or other selected carriers) for order fulfillment.
  • With payment processors (Shopify Payments, Stripe, PayPal, or other providers selected at checkout) who process payment data directly. We do not store full card numbers.
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices.
  • With other Nexthor partners in the Nexthor Partner Network when necessary to operate the multi-level commission structure. Specifically, your upstream partners (those who referred you, up to three levels) may see limited activity data such as your studio name, region, rank, and number of installations. They will not see your direct contact details, payout information, bank or payment details, or detailed personal profile data.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

We do not sell your personal data. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

8. Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal.

9. B2B Partner Programs (Special Provisions)

If you apply to or participate in one of our partner programs (Installer Club, Pilot, Scout, Starter Pack), the following additional provisions apply:

  • Identity verification. We verify your business registration through public databases (Finstat, Obchodný register SR, or equivalent EU registries) to confirm that you are a legitimate business.
  • Agreement consent logging. When you accept a partner agreement, we log the agreement type, agreement version, your IP address, timestamp, user agent, and the URL of the page where consent was provided. This information is retained for the duration of the partnership plus 10 years for legal audit purposes.
  • Performance and earnings tracking. We track your approved PPF installations, rank progression, cashback earned, milestone achievements, and commission earnings to calculate and pay rewards.
  • Public directory visibility. Your studio name, region, and verified partner status may appear on our public installer directory only with your opt-in consent. You may opt out at any time by emailing info@nexthorppf.com.
  • Internal network visibility. Other partners in your network (upstream referrers, up to three levels) may see limited activity data about you such as studio name, region, rank, and number of installations. They will not see your direct contact details, payout information, bank or payment details, or detailed personal profile data.
  • Payout records. All cashback and commission payouts are recorded for tax compliance and retained for 10 years as required by Slovak law.

10. Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

11. Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of 16. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

12. Security of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

We protect your personal information through reasonable security measures, including encryption of data in transit via TLS (HTTPS), restricted access controls for authorized personnel, and contractual safeguards with our service providers (Shopify, Klaviyo, payment processors), who maintain SOC 2 and equivalent certifications.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Slovak Data Protection Authority within 72 hours and, where required by law, notify you directly.

13. Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know. You may have a right to request access to personal information that we hold about you.
  • Right to Delete. You may have a right to request that we delete personal information we maintain about you. Please note that data we are required to retain for legal or accounting purposes (such as invoicing records, partner agreement consent logs, and commission records) cannot be deleted before the statutory retention period expires.
  • Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability. You may have a right to receive a copy of the personal information we hold about you in a structured, machine-readable format, and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to Opt out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have a right to opt out of the "sale" or "share" of your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. You can exercise these rights by adjusting your cookie preferences in our cookie banner (Marketing and Personalization categories). If you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. Other than the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent from your web browser or device.
  • Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

If you reside in the UK or European Economic Area, and subject to exceptions and limitations provided by local law, you may exercise the following rights in addition to the rights outlined above:

  • Objection to Processing and Restriction of Processing. You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.
  • Withdrawal of Consent. Where we rely on consent to process your personal information, you have the right to withdraw this consent. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before its withdrawal.
  • Right not to be Subject to Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. We do not currently use such automated decision-making.

You may exercise any of these rights by contacting us at info@nexthorppf.com with the subject line "GDPR Request". To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit privacy.shopify.com/en.

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request within 30 days as required under GDPR Article 12(3), with the possibility of extension by a further two months for complex requests.

14. Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.

For the Slovak Republic, the supervisory authority is:

Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Phone: +421 2 3231 3214
Email: statny.dozor@pdp.gov.sk
Website: dataprotection.gov.sk

For the EEA, you can find a list of the responsible data protection supervisory authorities here.

15. International Transfers

Please note that we may transfer, store and process your personal information outside the country you live in, including in countries outside the European Economic Area (EEA) and the United Kingdom.

Where we transfer your personal information outside the EEA or the UK, we rely on appropriate safeguards recognized under applicable law. Depending on the recipient and the specific service, these may include the EU-US Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, data processing agreements, binding corporate rules, or other legally recognized safeguards. We rely on these mechanisms unless the data transfer is to a country that has been determined to provide an adequate level of protection.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law. For material changes, we will notify registered customers and active B2B partners by email at least 30 days before the changes take effect.

17. Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at info@nexthorppf.com or contact us at:

Digital Bug s.r.o.
Okružná 20, 058 01 Poprad, Slovak Republic
IČO: 54330483
Email: info@nexthorppf.com

For the purpose of applicable data protection laws, we are the data controller of your personal information.