I. General Information
1. The data controller
norelem Normelemente GmbH & Co. KG
Telephone: +49 7145 206-0
Fax: +49 7145 206-66
2. Contact details of the data protection officer
norelem Normelemente GmbH & Co. KG
3. Erasure and restriction of personal data
Unless otherwise provided for in this privacy notice, personal data will be deleted, if the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. We will erase personal data processed by us on your request in accordance with the conditions provided in Art. 17 GDPR. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR and the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons.
4. Rights of data subjects
As a data subject you have the following rights:
- Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. You may also request information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization, and, if so, the appropriate safeguards relating to this transfer;
- Pursuant to Art. 16 GDPR, to demand the immediate rectification of inaccurate personal data and to have incomplete personal data completed which is stored by us;
- Pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of a legal claim.
- Pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification of whether our legitimate grounds override your interests;
- Pursuant to Art. 20 GDPR, to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller;
- Pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;
- Pursuant to Art. 7 (3) GDPR, to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;
- Pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the data protection officers and supervisory authorities can be found on this website: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you wish to assert the data subject rights mentioned above, you can contact us or our privacy officer at any time using the contact details above.
5. Consent for data transfer to the USA
We may ask you for your consent in accordance with Art. 49 (1)(a) GDPR as legal basis for data transfers to the USA and/or other third countries. For such consent, the following conditions will apply:
a. Your personal data may be transferred to a third country or an international organization that does not provide a level of protection that is adequate to European and/or German data protection law. Notwithstanding any permissions according to contract or to applicable law, personal data will be transferred in accordance with the conditions provided in Art. 44 et seq. GDPR.
This means that for the respective third country, either an adequacy decision by the EU commission according to article 45 GDPR is in place, or appropriate safeguards according to article 46 GDPR have been provided or binding corporate rules according to article 47 GDPR are in place. Further information is provided in explanations of the respective processing operations in this data privacy information.
b. For some countries, especially the USA, an adequacy decision by the EU commission according to article 45 GDPR does not exist, and it might not be possible to achieve a level of protection that is adequate to the data protection law in the European Union, neither by providing appropriate safeguards according to article 46 GDPR nor by implementing binding corporate rules according to article 47 GDPR. There is a risk that such third countries do not offer an adequate level of protection. It is possible that no data protection authorities and/or principles relating to processing of personal data might exist in such third countries, and/or that the data subject might not be entitled to data protection rights in such third countries. It is possible that there might not be sufficient legal remedies available to you to defend against a violation of your rights in such countries.
II. Individual processing operations
We are using Cookiebot for our website. Cookiebot is a service provided by Cybot A/S, Havnegade 39, 1058 Kopenhagen, Dänemark, Tel.: + 45 50 333 777, E-Mail: email@example.com, companies’ register no.: DK34624607.
Cookiebot creates a cookie banner that lists all cookies that are being used for the operation of our website. If necessary, we also use Cookiebot to ask for your consent. For each cookie, the name of the cookie, its purpose, an eventual third-party access and the lifetime of a cookie respectively the timeframe after which a cookie is deleted, is listed. Session cookies will be deleted when you stop using our services respectively when you close the browser session.
The following information is collected by Cookiebot:
- IP address of the requesting computer;
- Date and time of any given consent;
- The browser used and the operating system of your computer or device.
After IP addresses are transmitted to Cookiebot, IP addresses are anonymized as soon as technically possible by deleting the last 8 bits of an IPv4 or respectively the last 80 bits of an IPv6 address. Your IP address will not be permanently stored by Cookiebot at any time. These measures are being taken to prevent Cookiebot from relating this information personally to you.
If you use the form generated by Cookiebot to give your consent that additional cookies may be stored on your device by our website in addition to the essential cookies, Cookiebot creates an individual identifier and stores it on your device. This individual identifier is assigned by Cookiebot to each consent submitted via Cookiebot on our website. The individual identifier is stored in a cookie together with the enumeration of the consent given. If through Cookiebot you permit us to set all cookies, a special individual identifier for this across-the-board consent is stored in the cookie in your browser. The service life of the cookie is one year. From this cookie, our website can read out which cookies we may set on subsequent visits.
Cookiebot uses Microsoft hosting services to provide its services. Microsoft may also process data on servers in the USA. Microsoft entered into Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). Information about the standard contractual clauses used by Microsoft is available at https://aka.ms/licensingdocs.
In order to make our website available, we use services provided by hosting companies, such as provision of web servers, disk space, database services, and security or maintenance services. We, and our hosting providers on our behalf, process personal data of website visitors in order to provide efficient and secure access to our website.
By visiting our website or its individual pages, your device’s internet browser automatically sends information to the server of our website. This information is stored in log files by us or our hosting provider.
The following information is stored:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the requested file;
- Website from which our site was accessed (referrer URL);
- The browser used and your computer’s operating system;
- Status codes and the amount of data transferred;
- Name of your access providers.
These data will be used for the following purposes:
- The provision of our website, including all of its features and contents;
- To ensure a smooth connection to our website;
- To ensure a more user-friendly experience on our website;
- To ensure system security and stability;
- For anonymized statistical evaluation of website access;
- website optimization;
- For disclosure to law enforcement authorities in the event of unlawful interference/attacks on our systems;
- For further administrative purposes.
These data will be deleted at the latest after 6 months, except it is needed for other purposes, for example for the establishment, exercise or defense of legal claims.
The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above.
III. Contractual Data
1. User Account
You need to register and create a user account to place orders through our web store. The following data is required:
- Email address
- Telephone number
Registration is voluntary and is based on your consent in accordance with Art. 6 (1)(a) GDPR. If you do not give your consent, you cannot use our web store, but you can place orders via other means of communications. Your data will be stored until you delete the user account or instruct us to delete your data. if we are obligated to retain your personal data to comply with statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted until the expiration of the relevant retention periods and then subsequently deleted.
If you register on our web site or access the user account, we will store your IP address and the time of access in order to provide our services and for protection against misuse and other unauthorized use. The legal basis for data processing is Art. 6 (1)(f) GDPR.
the user account and the data collected are used to provide our web store services, in particular to simplify the purchasing process and to enable you to access your order history. The data will be transferred to third parties in accordance with Art. 6 (1)(b) GDPR or Art. 6 (1)(f) GDPR only to the extent necessary for the fulfillment of pre-contractual and contractual obligations or for the pursuit of any claims to which we are entitled, or to comply with a legal obligation in accordance with Art. 6 (1)(c) GDPR. IP addresses will be anonymized or deleted after 7 days at the latest.
2. CAD data
We are using services provided by CADENAS Konstruktions-, Softwareentwicklungs- und Vertriebs GmbH, Schernecker Str. 5, 86167 Augsburg, Germany (hereinafter "CADENAS") to display CAD data related to our products. Your IP address and, if applicable, additional data determined by CADENAS is collected when our web store connects with CADENAS’ services. through this connection, CADENAS is informed which pages on our web store are delivered to an IP address.
We are using a privacy friendly solution to integrate CADENAS. the aforementioned the data transfer only occurs when you click the symbol for CAD data associated with a product and not when the page is loaded. by clicking a symbol for CAD data, you consent to the aforementioned transfer of your personal data to CADENAS. After the transfer, CADENAS is solely responsible for the processing of your personal data. The legal basis for the transfer of your personal data is your consent in accordance with Art. 6 (1)(a) GDPR.
You need a user account for our web store to be able to download CAD models from CADENAS. If you are simultaneously logged in with us or with CADENAS, CADENAS can directly connect your visit to a web page in our web store to your user account. If you use CADENAS to download CAD data, the corresponding information is transmitted to CADENAS and processed there. If you do not want CADENAS to connect the data collected from our web store with your user CADENAS account, you must first log out from CADENAS and from our web store. We use CADENAS to improve our web store services and to provide you with a convenient user experience to quickly that allows you to easily view and retrieve important information on our products as a user of our services.
The collected personal data may be stored on servers in third countries outside the EU or the EEA.
3. Contractual data
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations initiated through our web store, in particular to fulfill your orders, we process personal data required for the fulfilment of the contract with stored in your user account (see section 1) and the following additional data:
- If applicable, alternate delivery or billing address of recipients;
- contractual documentation including subject matter, duration or customer category;
- payment data such as bank details, credit card details, and payment history.
We collect, process and use this data, to ship the goods you ordered to you and to provide you necessary information via email or via other means.
If you are using our services on behalf of your employer, the legal basis for data processing for this purpose is our legitimate interest in providing the services through our web store to our customers and the execution of the resulting purchase contracts according to Art. 6 (1)(f) GDPR.
If you are using our services on your own behalf, the legal basis for data processing for this purpose is the fulfillment of pre-contractual measures you requested or the fulfillment of a contract you are party to according to Art. 6 (1)(b) GDPR.
If you do not have registered a user account with us and do not have provided this data, we cannot fulfill your requests through our web store. In this case, you need to use another means of communication to place an order with us. In this case, we also require your aforementioned data.
The data will be transferred to third parties in accordance with Art. 6 (1)(b) GDPR or Art. 6 (1)(f) GDPR only to the extent necessary for the fulfillment of pre-contractual and contractual obligations, e.g. banks, payment providers and credit card companies for processing the payment, shipping service providers for the shipment of goods, or for the pursuit of any claims to which we are entitled, or to comply with a legal obligation in accordance with Art. 6 (1)(c) GDPR.
4. English version of [Kredit- und Bonitätsinformationen Creditreform Boniversum GmbH]
5. Payment providers
We use PAYONE and Adyen as payment services for our web store. Provider is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/MainAdyen N.V. German Branch, Friedrichstraße 63, 10117 Berlin. We transfer your information provided during the order transaction together with the information about your orders to PAYONE GmbH. If you place an order on your behalf, your data will be transferred in accordance with Art. 6 (1)(b) GDPR for the fulfillment of the purchased contract you entered into with us. If you place an order on behalf of a company or another organization, your data will be transferred in our legitimate interest and the legitimate interest of the company or organization you are acting for to execute the purchased contract entered into with us in accordance with Art. 6 (1)(f) GDPR. The data will be transferred only to the extent necessary for the purpose of payment processing with Adyen as a payment service.
1. Contacting us
If you use the contact form, you will be asked to provide your email address, name and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. If you contact us using the contact details published on our website (for example, by email), you also need to provide us with name and any other contact details, so that we can get in touch with you. If you do not provide this data, we cannot process your request.
The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. Without giving this consent, you cannot use the contact form to contact us.
2. Ordering a catalogue
If you use the catalogue order form, you will be asked to provide your title, name, address, company name, email address and telephone number, so that we can ship our catalogue to you. If you do not specify this data, we cannot process your catalogue order.
The data processing for the purpose of ordering a catalogue takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. Without giving this consent, you cannot use the contact form to contact us.
3. Social Media
Our website is linked to our social media accounts. We do not transfer any data to social media providers when you access our website. Your data is only transferred if you use one of the links to visit our social media accounts.
4. Marketing with mailings
If you are a customer and we have received your data in connection with the sale of goods or services, we may use your data (name, address and your company affiliation if you are interacting on behalf of a company) for direct marketing via mail for goods or services offered by us or by third parties or for customer satisfaction surveys. For these aforementioned marketing purposes, we may store further data that we legally collected in addition to these data, for example your order history or the type of goods you purchased from us.
We transfer your first name and last name as well as the name and address of your company and, if applicable, your department to a processor to post our advertising by mail.
The purpose of this data processing is to approach you as precisely as possible with advertising that is tailored to your interests and to avoid advertising that is irrelevant to you. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR.
If we conduct a customer satisfaction survey, the processor will send out the questionnaires on customer satisfaction by mail or by email and will evaluate the questionnaires. Only anonymized results of the customer satisfaction survey will be provided to us. It is not possible for us to assign answers to individual customers. Participation in the customer satisfaction surveys voluntarily. The legal basis for the processing of data collected through the customer satisfaction survey is, as far as such data is considered personal data, your consent according to Art. 6 (1)(a) GDPR given to us by returning the questionnaire.
Advertising by mail requires a certain lead time before mailing to print and prepare the mailings. In case you object against advertising by mail, as an exception it might happen that you still receive advertising by mail from us. This is the case if the production of the mailing in question had already been started when you objected. This does not imply that we do not take your objection into account.
5. Email direct marketing to customers
If you are a customer and we have received your email address in connection with the sale of goods or services, we may use your email address for direct marketing purposes for of similar goods or services offered by us. This is only applicable if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the email address, and every time we use it for direct marketing purposes thereafter. For email direct marketing, we process your email address, your name, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchase from us. The legal basis of processing is § 7(3) UWG and our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.
If you would like to receive our newsletter we require your email address, name. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the email address given under Clause II.
We transfer your data to a processor to process the data on our behalf to enable you to subscribe and unsubscribe our newsletter and to send out the newsletter.
V. Google Services
Provider of the services below for EU and EEA residents is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google“).
1. Google services requiring your consent
a Google Analytics
Our website uses Google Analytics without cookies. Google Analytics collects anonymized information about the visits of website users and analyzes their behavior. This data serves the purpose of developing a user-friendly website design, the continuous optimization of our services and offers, measuring the success of marketing activities and creating statistical analysis. In this context, pseudonymized device profiles are created. Google Analytics collects information such as browser type/version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. None of this information is retrieved from storage on the device you are using or stored on such device. The data collected about your device is anonymized by calculating a “salted” hash value so that assignment to individual users is practically impossible. The information generated is stored on servers owned by Google. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
You can use our cookie banner to object the storage of cookies in your browser or device. Likewise, you can prevent storage of the cookies by setting your browser or device to reject cookies. If you reject cookies, it is possible that you cannot use all features and services offered on our website. You can also prevent Google from collecting and processing data generated by cookies relating to your use of our website by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
b. Google maps
Our website uses Google maps provided by Google to display locations, maps, terrain data or geographical maps. Google maps collects your IP address, the pages on our website accessed by you as well as search terms and location data. This collected information is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. if you use Google maps, the additional terms for Google maps available at https://www.google.com/intl/de_de/help/terms_maps/ apply.
c. Google Tag Manager
Our website uses Google Tag Manager in order to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager.
2. Other Google services
The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually.
Our website uses Google reCAPTCHA to ensure that the forms provided on our website are used by an actual person and are not abused by bots or automated procedures. We use this service in our legitimate interest in the security of our website and the detection of bot activity. This service collects your IP address and any additional data required by Google for providing the reCAPTCHA service.
The following information may be processed:
- Duration of your session on our website
- IP address of the requesting computer;
- Date and time of access;
- Website from which our site was accessed (referrer URL);
- The browser used and your computer’s operating system;
- Status codes and the transferred amount of data;
The collected information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
Status: February 2023