(Issued: May 2018)
The protection of your personal data is important to us. According to the EU General Data Protection Regulation (Article 13 GDPR), we are obliged to inform you about the purpose for which we collect, store or disclose data and what rights you have with regard to data protection. The content and scope of the data processing depends largely on the data provided by you or the data required for the business relationship or communication.
nora systems GmbH – Höhnerweg 2-4, 69469 Weinheim, Germany, Telephone: (+49) 6201 - 80 5666, email: firstname.lastname@example.org – is responsible for the data processing.
Data Protection Officer: Dr Christian Wolff, nora systems GmbH, Höhnerweg 2-4, 69469 Weinheim, Germany, email@example.com
Data protection supervisory authority: The State Commissioner for Data Protection and Freedom of Information (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit) Baden-Württemberg, Königstrasse 10 a, 70173 Stuttgart, Germany.
We process personal data provided by you, by a partner commissioned by you or by one of our business partners during the course of our business relationships. In addition, we process data that we have legitimately obtained from publicly available sources (e.g. commercial register, address directory, media, trade fair participants). Personal data includes your personal details (e.g. title, name, country, address, email address and telephone number, delivery addresses, order and billing information, credit reports, documentation data, trade fair minutes, etc.).
We process personal data only in the context of our business activities. In addition, data processing takes place on the basis of legal requirements, on the basis of a contractual relationship or a pre-contractual relationship of trust, on the basis of your consent or if you contact us (e.g. at trade fairs, by email, by post, by telephone or via this website).
In particular, personal data is processed in the following business processes or procedures:
• Visit of the website
• Visitor registration, Wi-Fi guest access
• Trade fairs, events and product training
• Advice provided by employees or trading partners
• Order processing, delivery, invoicing
• Due to legal obligations (customs and compliance screening, accident reports)
• Temporary work, training, holiday helper programmes
• Quality checks and quality certificates, complaints
• Service billing of subcontractors
As part of the business relationship, you must provide the personal data that is necessary for entering into and carrying out the business relationship and that we are required to collect by law. If you do not provide us with this data, we will generally have to decline your request or decline to respond to your contact request, decline to conclude a contract or to execute the contract, or we will terminate an existing contractual relationship.
If you have given us consent to process your personal data, processing will only take place in accordance with the purposes stipulated in the declaration of consent and only to the extent agreed to therein. You may revoke your consent at any time without stating reasons with effect for the future, as far as this is legally permissible.
In addition, we reserve the right to store your first and last name, mailing address and, as far as we have received this additional information from you as part of the contractual relationship, your title, academic degree and your professional, industry or business name, in compiled lists and to use said information for our own advertising purposes, for example, to send interesting offers and information about our products, or to process applications by post. You can object to such storage and use of your data for these purposes at any time by sending a message to the address specified in the postal item.
If we pay in advance, for example in the case of a purchase on account, we reserve the right to obtain identification-related and credit information from specialised service companies (credit reporting agencies) in order to safeguard our legitimate interests.
We only transfer your data to third parties if this is permitted by law, if you have given your consent, or if the transmission is necessary to fulfil our business purposes.
If possible, the data will be anonymised or pseudonymised.
Within our group of companies, your data shall only be provided to those bodies or employees that require this data to fulfil our contractual, statutory and regulatory obligations or to safeguard legitimate interests.
Furthermore, we transfer your data to processors commissioned by us:
• IT and hosting service providers
• Security service provider, visitor registration and registration
• Credit institutions and payment providers to process payment transactions when ordering
• Backoffice service provider for the processing of promotional mailings
• Suppliers for handling product and sample orders
• Laboratories and institutes for testing products
• Transportation companies
• Distributors, if they need your data to process your order
• Agencies for surveys, marketing activities and the organisation of events.
Furthermore, data is transmitted to public authorities and institutions (tax offices, authorities, customs offices), provided that there is a legal or regulatory obligation to do so.
All processors and distributors and trade partners are contractually bound to process your data only as part of the provision of services and in accordance with the applicable data protection regulations.
If we process data in a third country (i.e. outside of the European Union [EU] or the European Economic Area [EEA]) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only be done in order to fulfil our (pre-)contractual obligations and on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we process data, or have said data processed, in a third country only if the special conditions of Art. 44 et seq. GDPR are applicable. That is, the processing is carried out, for example, on the basis of specific guarantees, such as a level of data protection that is officially recognised in the EU (e.g. for the US the ‘Privacy Shield’) or in compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).
We only store your data in accordance with Articles 17 and 18 GDPR as long as it is necessary for processing the business transaction or for complying with documentation requirements. Legal requirements require that commercial letters be kept for at least 6 years, and if it contains tax-relevant content, then for at least 10 years. Our IT systems also have extensive data protection concepts that do not allow premature deletion. In this case, access to data will be restricted after expiry of the permitted storage period. Application documents will be stored or kept 24 months after completion of the recruitment. If the application is made through a recruiting agency, the master data must be kept longer.
You have the right to free information on the data stored by us concerning you as well as a right to correct, block or delete this data. If you have given your consent for the processing of the data, you can revoke such consent for future processing.
In the first instance, please contact the person who last had contact with you. In addition, you can contact our Data Protection Officer.
If you believe that we have violated European data protection laws when processing your data, we ask you to contact us to clarify your concerns. You also have the right to complain to the relevant data protection supervisory authority if you believe that the processing of your personal data is unlawful.
We use state-of-the-art security measures to protect your information appropriately. Our employees, subcontractors and trading partners are required to comply with our information security policies. To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.
The newsletter contains a so-called ‘web beacon’ – a file the size of a pixel that is retrieved by our server or, where we use a delivery service provider, by that service provider’s server when the newsletter is opened. During this process, initially technical information, such as information on the browser and your system, as well as your IP address and the date and time of retrieval, is collected.
This information is used to improve the technical performance of the services based on the technical data or target groups and their reading habits based on their locations (which can be determined using the IP address) or access times. The statistical data collected includes the determination of whether the newsletter is opened, when it is opened and which links are clicked on. The analyses enable us to determine the reading habits of our users and to adapt our content accordingly or to send different content that corresponds with the interests of our users.
Use of data for email advertising without newsletter subscription and your right to object
If we receive your email address in connection with the sale of goods or services and you have not objected, we reserve the right to email you offers relating to products from our range that are similar to those purchased previously on a regular basis. You may object to this use of your email address at any time using a link provided for this purpose in the email.
This website may contain web beacons, also known as pixel tags or tracking pixels. A web beacon is a graphic element that is usually transparent and is normally no larger than 1 x 1 pixel which is placed on the website or in an email in order to obtain further information about the user’s online behaviour. Web beacons are used by third-party technologies to monitor the activity of users on our website. They allow us to track which computer has accessed a specific website, when this happened and from where (at country/city level). nora uses the analytics software ‘Google Analytics’, among others, to continuously optimise its marketing communications. This enables us to track online usage behaviour with regard to time, geographical origin and use of the website. Any information that is required for the analysis is stored on Google servers.
We use retargeting cookies to design our website so that it is more interesting for users. Retargeting cookies are stored on the online user’s computer or device during browser sessions and enable us to appeal to users who have already shown an interest in nora products or services through ads on partner or social media websites.
These ads are displayed using cookie technology in a completely anonymous manner. No personal data (e.g. IP address or similar) whatsoever is stored and no usage profiles are combined with your personal data. Furthermore, no user-related data relating to you is sent to partner and social media websites. The display of advertising is completely anonymous.
This website uses Google (Universal) Analytics, a web analytics service provided by Google Inc. (www.google.de). Google (Universal) Analytics uses methods that enable your use of the website to be analysed, such as cookies – text files placed on your computer. The information generated about your use of this website is usually transmitted to and stored on a Google server in the USA. By enabling IP anonymisation on this website, the IP address is truncated within Member States of the European Union or other contracting parties to the Agreement on the European Economic Area before being sent. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. The anonymised IP address sent by your browser in the context of Google Analytics is not combined with other data held by Google.
You can prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being sent to Google and being processed by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
As an alternative to the browser plug-in, you can click on this link to prevent any future data collection by Google Analytics on this website. Doing this activates an opt-out cookie on your end device. If you delete your cookies, you will need to click on the link again.
This website uses GTM (Google Tag Manager) to initiate and control the connection to Google Analytics. It is used primarily to minimise administrative work and analyse reporting problems.
The information generated by these cookies about your use of our website, including your IP address, is transmitted to and stored by a Marketo server in the USA.
Further information about data protection is available at https://documents.marketo.com/legal/privacy/.
The ‘Facebook Share button’ is used on this website. When you click on this link, your browser connects to the Facebook servers and transmits the URL of our website. If you are logged into Facebook, Facebook can link your visit to your account. If you do not want social networks to collect data about you or to link the visit to our website with your member data, you will need to log out before clicking on the social network link. Information about the purpose and scope of the collection and processing of data by Facebook and your related rights, as well as the configuration options for protecting your privacy is available at http://www.facebook.com/policy.php.
Please note that we may make, or may need to make, changes to this information in accordance with Art. 13/14 GDPR on data processing where required. The current version of this information in accordance with Art. 13/14 GDPR can always be found on our website.