The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
RESPONSIBLE ACC. TO ART. 4 Para. 7 EU GENERAL DATA PROTECTION REGULATION (GDPR)
NORMA Group Holding GmbH
Phone: +49 (6181) 6102-740
Responsible body is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.)..
DATA PROTECTION OFFICER OF THE RESPONSIBLE BODY
1. Data protection at a glance
The following notes provide a simple overview of what happens to your personal data when you visit our website and place orders. Personal data are all data with which you can be personally identified. You will find detailed information on the subject of data protection in our data protection notice under this text.
Data collection on our website
How do we collect your information?
On the one hand, your data is collected when you communicate it to us. This may be data that you enter in a contact form, for example. On the other hand data is automatically collected by our IT systems when you visit our website. These are mainly technical data (e.g. Internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter our website. We also collect your data for purposes of fulfilling orders placed by you, whereas we already have the basic data for a registration on our webpage since you are an existing and already registered customer.
What do we use your data for?
Data collection is necessary to ensure the error-free usage of the website. Other data can be used to analyze your user behavior. Furthermore, we use your data that you submitted to us to process and ship your orders. Your e-mail address will be used to send confirmations and other updates regarding purchase orders or reminder e-mails after adding items to the cart without placing the purchase order.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time without charging You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of data protection. You also have the right of appeal to the competent supervisory authority. Further information on rights as data subjects can be found under § 5 Rights of the data subject.
Right of appeal to the competent supervisory authority
In the event of breaches of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based.
Third-party analysis and tools
When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration. You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration. Further information on the subject of web analytics can be found under § 6 Web Analytics.
Opposition to advertising mails
We herewith object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “https://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
§ 1 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
(1) Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
(2) Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
(4) If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
(5) If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
§ 2 DATA ERASURE AND STORAGE DURATION
(1) The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply.
(2) Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subjected.
(3) The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
§ 3 INFORMATION ON THE PROCESSING OF PERSONAL DATA
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
(3) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
Collection of personal data when you visit our website
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR):
• Date and Time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access Status/HTTP Status Code
• the amount of data transferred in each case
• Website from which the request comes (Referrer)
• The specific pages of our website you have visited
• Browser: Type, Version und used language
• Operation Systems: Type and Version
• Display resolution
• color depth
• Size of the browser windows
• Installed browser-plugins
(1) When you use our website, cookies are stored on your computer in addition to the aforementioned data. Cookies are small text files that can be used by websites to make a user’s experience more efficient. They cannot run programs or transmit viruses to your computer.
(2) The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types, we need your permission.
(3) To meet these requirements, we use the ‘Cookiebot’ solution provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This allows you to choose whether you wish to allow other cookies from the categories of preferences, statistics and marketing in addition to those required for the operation of our website. You can obtain a detailed overview of the cookies used by clicking on the ‘Details’ button in the cookie banner when you visit our website. Further information can be found on the website Cookiebot.
(4) This website uses the following types of cookies, the scope and functioning of which are explained below:
• Transient (session) cookies (see b)
• Persistent cookies (see c)
b) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Third Party Cookies are cookies that have been set by a third party and therefore not by the actual website you are currently visiting. Please note that you may not be able to use all functions of this website without cookies.
§ 4 FURTHER FUNCTIONS AND OFFERS OF OUR WEBSHOP
(1) In addition to the regular use of our website, we offer various services which you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply. Mandatory fields are marked with an asterisk. Information in fields not marked in this way is purely voluntary.
(2) When you contact us by e-mail or via the contact form, your e-mail address and, if you specify this, your name, your telephone number and any additional information typed into a free text box are saved by us to answer your questions.
(3) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. You can find more information under § 7.
(4) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(5) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. For more information, please provide your personal data or see the description of the offer below.
(6) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
§ 5 RIGHTS OF THE DATA SUBJECT
Below you will find information on your rights as a person concerned in accordance with Art. 15 GDPR. You can exercise these rights at any time and therefore contact us directly. If you demand these rights from us, we will examine them in detail, taking into account the related legal requirements. We may ask you for further information. We will explain in detail the results of our audit and our procedure for fulfilling your request. It is possible that we may not be able to fully meet your wishes in the manner you request. This should not prevent you from claiming your rights from us or asking us about them. It would be a pleasure for us to answer all your questions.
(1) Right to information
You have the right to request information from us at any time as to whether and which of your personal data is processed by us. This also includes information on the purposes of processing, if applicable on recipients to whom we have disclosed data about you, the planned storage period and, if applicable, information on the origin of this data, unless we have collected this data directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us.
(2) Right to correction
You have the right to request us to correct any inaccurate information we hold about you. This also includes the right to complete incomplete personal data.
(3) Right to cancellation
You have the right to request the deletion of data that we have stored about you. If we have published data about you, this also includes our obligation to forward all links to this data as well as copies or replications of this data concerning to other persons responsible for the processing of this published personal data within the framework of the “right to be forgotten” pursuant to Art. 17 para. 2 GDPR, considering available technology and the implementation costs.
(4) Right to limitation of processing
You have the right to request us to restrict the processing of data that we have stored about you. Thereafter, processing of these data is only possible with your consent or for a few, legally defined purposes.
(5) Right of opposition to processing
If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction using the contact channels listed above.
(6) Right to revoke consent under data protection law
If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(7) Right to data transferability
You have the right to receive information about yourself that you have provided to us from us in a structured, common and machine-readable format for the purpose of transfer to another person responsible. At your request and taking into account the available technical possibilities, this also includes the direct transfer from us to the other person responsible.
(8) Right of appeal to a supervisory authority
You have the right to complain at any time to a data protection supervisory authority about our processing of your personal data.
§ 6 Newsletter
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to your given e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail without incurring any costs other than the transmission costs according to the basic rates.
§ 7 WEB ANALYTICS
For the purpose of website analytics we use the services of Hotjar Ltd. For these purposes, the service provider is acting as our data processor. Declaration of the service provider:
“If you are a visitor of a Hotjar Enabled Site, this section applies to you.
You can get more information about Hotjar by visiting the ‘about Hotjar’ section of our support site. Hotjar assists its users/customers in providing their end users with a better experience and service as well as assist them in diagnosing technical problems and analyzing user trends. Most importantly, through Hotjar’s services, the functionality of the Hotjar Enabled Site can be improved, making them more user-friendly, more valuable, and simpler to use for the end users.
You may opt-out from having Hotjar collect your information when visiting a Hotjar Enabled Site at any time by visiting our Opt-out page and clicking ‘Disable Hotjar’ or enabling Do Not Track (DNT) in your browser.”
2. Google Analytics (Tag Manager)
(2) The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
(4) This website uses Google Analytics with the extension “anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-U.S. Privacy Shield Framework .
(6) Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Usage Terms: Google Analytics Global Terms of Service .
Overview of data protection: Google Analytics Data Privacy and Security .
(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
3. Use of Google reCAPTCHA
In order to ensure sufficient data security when submitting forms, we use the reCAPTCHA service of Google Inc. on our websites in certain cases. This serves primarily to distinguish whether the input is made by a natural person or abused by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The deviating data protection provisions of Google Inc. apply here. Google Recaptcha uses Google Fonts, also a service of Google LLC. The processing of personal data is based on your consent pursuant to Art. 6 (1) lit. a DS-GVO. We would like to point out that Google LLC may transfer personal data in the form of your IP address to the USA, a country with a lower level of data protection than in the EU. However, we have taken reasonable steps to ensure an adequate level of data protection by entering into an EU standard contractual clause with Google LLC. For more information about the privacy policies of Google Inc. please visit the Google Privacy Notice.
4. Use of Google Adwords Conversion / Remarketing
(1) We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to increase the attractiveness of our website for you and to achieve a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.
(2) These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
(3) These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of AdWords conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
(5) You can prevent participation in this tracking process in various ways:
a) by adjusting your browser software accordingly, in particular the suppression of third party cookies means that you will not receive any ads from third party providers,
b) by disabling cookies for conversion tracking by setting your browser to block cookies from the „https://www.google.com/ads/ “ domain, Google Ads Settings , which will be deleted when you delete your cookies,
c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via DAA’s WebChoices Tool , this setting being deleted if you delete your cookies,
d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome using Ads Settings Browser Plugin . Please note that in this case you may not be able to use all functions of this offer in full.
If you have any questions regarding the processing of your personal data, please contact us:
Data Protection Office
Phone: +49 (6181) 61027-611