Privacy Statement

Introduction

Thank you for visiting our website and for your interest in our broad range of products. To help us provide you with the best possible service, personal data are collected, processed and transmitted on our web pages.

Personal data (e.g. the name, postal address, email address and telephone number of a data subject) are always processed in accordance with the EU’s General Data Protection Regulation (GDPR) as well as with the specific national data protection rules applicable to us.

As the controller responsible for data processing, we have implemented numerous technical and organisational measures to ensure the fullest possible protection for all personal data which is processed on our website. However, no data transmission over the Internet can be guaranteed to be one hundred percent secure and vulnerabilities can never be completely ruled out.

1. Key concepts and definitions

This Privacy Statement is based on the key concepts and definitions as used by the Community legislature and regulatory authority at the time the GDPR was adopted (Art. 4 GDPR). This Privacy Statement is written in plain language, so that it can be easily understood by anyone. To make doubly sure of this, we shall begin by explaining and defining a few key concepts. The following key concepts and definitions are used in this Privacy Statement:

  1. "Personal data":
    Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, geographical location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. "Data subject":
    Any identified or identifiable natural person whose personal data are processed by the controller responsible for processing;
  3. "Processing":
    Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. "Restriction of processing":
    The marking of stored personal data with the aim of limiting its processing in the future;
  5. "Profiling":
    Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, geographical location or movements;
  6. "Controller":
    The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  7. "Recipient":
    A natural or legal person, public authority, agency or other body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  8. "Third party":
    A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  9. "Consent"
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Contact

Responsible controller

NORRES Schlauchtechnik GmbH
Am Stadthafen 12-16
45881 Gelsenkirchen
GERMANY
Telefon +49 209 8 00 00 0
Phone info(at)norres.com

External Data protection officer

As data protection officer is ordered from us:

Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstraße 45
58095 Hagen
Phone +49 2331 356 832 0
E-Mail datenschutz(at)gdi-mbh.eu

3. Hosting

Our website is operated on servers of NORRES Schlauchtechnik GmbH, Am Stadthafen 12-16, 45881 Gelsenkirchen, Germany.

Collection and storage of personal data and nature and purpose of its processing

When you visit the website

We may, to a limited extent, collect information automatically when you visit the website. These data help us to focus on improving your experience of our website, and we will always use them in a responsible way. Such information is automatically collected and stored in log files on the server of our provider. The data thus collected include:

  • Name of the website you accessed
  • Date and time of the access
  • Volume of data transmitted
  • Confirmation that the access was successful
  • Type of browser
  • Browser version
  • Patch level of the browser
  • Site you visited previously
  • Requesting provider
  • IP addresses [anonymised]

We use information held about you in the following ways:

  • To send you our electronic newsletter (subject to your consent)

We will process this information for the following purposes:

  • To improve our website

The legal basis for processing on our website is Art. 6(1) sentence 1(f) GDPR. Our legitimate interests are derived from the aforementioned data collection purposes.
We also use cookies and analytics services when you visit the website.

Before initiating a business relationship:

We store your contact details (title, first and last name, postal address, email address, landline and / or mobile telephone number and fax number) to enable us to contact you in the course of present or future dealings. These data which we have collected about you are stored until such time as the establishment or continuation of a business relationship is no longer realistic.

We use information held about you in the following ways:

  • For the performance of a contract
  • For the purpose of sending you an offer

We will process this information for the following purposes:

  • To facilitate the maintenance of business relationships
  • To facilitate the proper execution of a contract
  • To facilitate the proper and efficient processing of your enquiry

The legal basis for processing is Art. 6(1) sentences 1(b) and (f) GDPR and is derived from the aforementioned purpose.

4. When do we store personal information?

We collect personal information about you whenever you:

  • Use our website
  • Open a personal customer account
  • Subscribe to our newsletter
  • Fill in a request or quotation form
  • Contact us by email
  • Share such information with us in conversation provided you have given us your consent

5. Who do we share your personal information with?

We share your personal information with the following business partners:

  • Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany
  • Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) (Google Analytics, Google Tag Manager)

To our knowledge, our business partners apply all the required data protection standards and demonstrate compliance with data protection principles.

6. Cookies

We use the following cookies on our website::

Google Analytics/ Google Tag Manager

Name Expires Purpose
_ga 2 years after your last visit to the website Used to track if you have visited before.
_gat 10 minutes after your last visit to the website Used to manage the rate at which page view requests are made.
_gid 24 hours after your last visit to the website Used to store the session ID and to group the entire session’s activity together for each user.
_gac_UA-32375863-1 90 days after your last visit to the website This cookie is set when a user clicks on a Google advertisement to reach the website. It contains information about which ad was clicked, so that achieved successes such as orders or contact requests can be assigned to the ad.

https://policies.google.com/technologies/ads?hl=en

YouTube

Name Expires Purpose
VISITOR_INFO1_LIVE 179 days after your last visit to the website Tries to estimate the user bandwidth on pages with embedded YouTube videos.
PREF 8 months after your last visit to the website Registers a unique ID that is used by Google to keep statistics on how a visitor uses YouTube videos across different websites.
YSC At the end of your session Registers a unique ID to keep statistics on embedded YouTube videos the user has seen.
GPS At the end of your session Registers a unique ID on mobile devices to enable tracking based on the geographical GPS location.
CONSENT 8031 days after your last visit to the website This cookie tracks information about how the end user uses the site and what advertisements the end user may have seen before visiting the site.

https://policies.google.com/technologies/ads?hl=en

Cookie-Einstellungen

Name Ablaufdatum Funktion
cookieChoiceDone 1 year after your last visit to the website Saves the settings of visitors selected in the cookie box and controls the display of cookie settings.
ga-disable
gaOptIn
ytOptIn
 

Session-Cookies der Website

Name Ablaufdatum Funktion
sid At the end of your session Identifies the user to provide essential functionalities such as the shopping cart.
sidb2b
sidcms
sidcatalog
 

How to block cookies

Firefox

  1. Open the Firefox browser.
  2. Press the “Alt” key on your keyboard.
  3. Click the menu button and choose “Options”.
  4. Select the “Privacy & Security” panel.
  5. Under “Firefox will remember history:”, choose “Use custom settings for history”.
  6. Uncheck “Accept cookies” and save your own settings.

You can also find current information here: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

Internet Explorer

  1. Open Internet Explorer.
  2. Click the “Tools” button, then select “Internet options”.
  3. Select the “Privacy” tab.
  4. Under “Cookies”, uncheck the settings and save your own settings.

You can also find current information here: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome

  1. Open Google Chrome.
  2. Choose “Settings”.
  3. Click “Advanced”.
  4. Under “Privacy and security”, click “Content settings”.
  5. In the “Cookies” section you can disable cookies and save your own settings.

You can also find current information here: https://support.google.com/chrome/answer/95647?co=GENIE.Platform&hl=en

Safari

  1. Open Safari.
  2. Choose “Preferences” from the toolbar (grey cog in the top right-hand corner) and click “Privacy”.
  3. In the “Accept cookies” section, you can specify whether, and if so, when Safari should accept cookies from websites. To see an explanation of the options, click the Help button (“?”).
  4. f you want to see which websites store cookies on your computer, click “Display cookies”.

You can also find current information here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Edge

  1. Open the Edge browser.
  2. Click the three dots in the top right-hand corner.
  3. Go to “Settings” -> “View advanced settings”.
  4. Scroll down to “Cookies”.
  5. Click the radio button underneath and set it to “Block all cookies”.

Opera

  1. Open the Opera-browser.
  2. Click the Opera icon in the top left-hand corner.
  3. Go to “Settings”.
  4. Choose “Privacy and security”.
  5. In the “Cookies” section, you can set “Block sites from setting any data”.

7. Applications (email / application form)

Please feel free to apply for vacancies advertised on our website directly or send us a speculative application.

You can do this using the email address indicated. Alternatively, you may complete our online application form.

When you apply for a job with us, we will process the information we receive from you in the course of the application procedure, e.g. in your letter of application, CV, references and correspondence as well as by telephone or verbally. In addition to your contact details, your training, qualifications, work experience and skills are of particular relevance to us. We will only judge you by your suitability for the job, so that you do not need to send us a photograph.

If you send us your application by email, the information you supply to us will not be encrypted for transmission unless your email provider supports SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption. If you prefer, you may instead send us encrypted emails provided you give us advance notification by telephone. Alternatively, you can send us your application details in encrypted files which are protected by password (for example *.zip) and tell us the password which we need to decrypt them by telephone or other means.

If you apply to us using the application form, we will process the data you enter in the input fields (title, first and last name, email address, desired starting date, salary expectations, other voluntary information) as well as any documents uploaded by you to enable us to process your application.

If we conclude a contract of employment with you on the basis of this application, we will store the data transmitted to us for the purpose of processing the employment contract in compliance with legal regulations.

However, if we do not conclude a contract of employment with you, we will erase this data six months after your application is rejected. The legal basis is Art. 6(1) sentence f GDPR (legitimate interests). Our legitimate interests in storage for this period are derived from the exercise or defence of claims, for example in connection with the burden of proof in a procedure under the German General Equal Treatment Act (AGG).

If you have given your consent to the storage of your application details for a longer period, we will transfer these data to our applicant pool (Section 26(2) BDSG (German Data Protection Act) in conjunction with Art. 6(1) sentence a GDPR). The data stored there will be erased after one year has elapsed.

Data are processed for the purpose of carrying out an application procedure.

The legal basis for processing in the context of the application procedure and as part of your personnel file is Section 26(1) sentence 1 BDSG and Art. 6(1) sentence b GDPR as well as – insofar as you have given your consent, for example by communicating other information which is not essential for the application procedure – Art. 6(1) sentence a GDPR.

You may withdraw your consent to the processing of personal data during the application procedure at any time by sending an email to dataprotection(at)norres.eu.

The legal basis for processing after your application has been rejected is Art. 6(1) sentence f GDPR.

Our legitimate interests in processing on the basis of Art. 6(1) sentence f GDPR are derived from the defence of legal claims.

The legal basis for budgetary and tax storage is Art. 6(1) lit. c GDPR in conjunction with § 147 AO.

Applicants wishing to submit their application using the online form should read our Privacy Notices for online applicants.

8. Tracking data

Tracking data are used to

  • Monitor page views and landing page relevance (Google Analytics)

Refer to section 10 for more information.

9. Data protection

We use TLS 256 bit encryption for security reasons and to protect data transmission, for example when entering customer data, etc. The locked padlock in the address line of your browser indicates that the information being transmitted is encrypted.

10. Google Analytics

If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

Legal Basis
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients or Categories of Recipients
The recipient of the collected data is Google.

Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate here.

Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics

11. Fan Page on Facebook / Facebook Page

Our presence on social networking sites and platforms like Facebook enables us to communicate actively with existing and prospective customers using modern methods. We use these sites to provide information on our services, products and any special activities or events at our company which may be of interest. When you visit our online services on social media, your personal data may be automatically collected and stored for market research and advertising purposes. User profiles may then be created under a pseudonym from the data which is processed in this way. These profiles may be used, for example, to place advertisements on or outside platforms which are presumed to match your interests. Cookies are generally placed on your device for this purpose. Our Privacy Statement explains how cookies work; please refer to the notices there for all further information. These cookies track visitor behaviour and users’ interests. This is necessary in order to safeguard our predominantly legitimate interest, based on a balance of interests, in improving the presentation of our products and services as well as in effective communication with existing and prospective customers. The legal basis for processing is therefore Art. 6(1) sentence f of the EU’s GDPR. If the operator of a social media platform asks you to give your consent to the processing of your personal data, for example by checking a box, the legal basis for processing is Art. 6(1) sentence a of the EU’s GDPR. Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: the European Commission has issued an adequacy decision with regard to the United States of America. This decision is based on the EU-US Privacy Shield. You can find a current certificate for the company concerned on the following website: www.privacyshield.gov/list.

For more comprehensive information on the processing and use of personal data by the providers on their respective websites as well as contact details, the rights you have in relation to your data and the settings you can choose to protect your privacy – in particular, how to exercise your right of objection (opt out) – please follow the links below to the providers’ privacy policies:

Facebook: www.facebook.com/about/privacy/

To exercise your right of objection (opt out), go to:

Facebook: www.facebook.com/settings

Please also feel free to contact us (contact details above) if you have any questions in this respect. Data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR which you can access here:

www.facebook.com/legal/terms/page_controller_addendum

12. LinkedIn

Our website employs components and services provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Each time our website receives an access request equipped with a LinkedIn component, the component prompts your browser to download an image of this component from LinkedIn. Through this process, LinkedIn is informed exactly which page of our website is being accessed. We have no control over the data that LinkedIn collects thereby, nor over the extent of the data that LinkedIn collects or how such data are processed. The legal basis is Art. 6(1) sentence 1(f) GDPR.

For more details, follow this link to see LinkedIn’s privacy policy:
https://linkedin.com/legal/privacy-policy

You can change your personal privacy settings in your account settings:
https://linkedin.com/psettings/privacy

13. Xing

Our website employs components and services provided by XING SE, Dammtorstraße 30, 20534 Hamburg, Germany. Each time our website receives an access request equipped with a XING component, the component prompts your browser to download an image of this component from XING. Through this process, XING is informed exactly which page of our website is being accessed. We have no control over the data that XING collects thereby, nor over the extent of the data that XING collects or how such data are processed.

The legal basis is Art. 6(1) sentence 1(f) GDPR.

For more details, follow this link to see XING’s privacy policy:
https://privacy.xing.com/en/privacy-policy

You can change your personal privacy settings in your account settings:
https://xing.com/settings/privacy/data

14. Rights of the data subject

Your rights / exercise of rights

You are entitled to the rights set out below. You may exercise these rights against us. To exercise your rights, please use the aforementioned contact methods or send an email to datenschutz@gdi-mbh.eu

  1. Right of access under Art. 15 GDPR:
    You have the right to request information about your personal data processed by us, in particular about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data as well as to object to such processing, the right to lodge a complaint with a supervisory authority, the origin of your data if they were not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you, and finally, where personal data are transferred to a third country, the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
  2. Right to rectification under Art. 16 GDPR:
    You have the right to demand the rectification of inaccurate personal data concerning you and / or the right to have incomplete personal data completed without undue delay.
  3. Right to erasure under Art. 17 GDPR::
    You have the right pursuant to Art. 17(1) GDPR to demand the erasure of personal data concerning you. This right shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  4. Right to restriction under Art. 18 GDPR:
    You have the right to demand the restriction of processing of your personal data as long as the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims or if you have objected to processing for reasons arising from your particular situation, pending the verification whether our legitimate grounds override your own as the data subject.
  5. Notification obligation under Art. 19 GDPR:
    If you have asserted the right of rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
  6. Right to data portability under Art. 20 GDPR:
    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to have that personal data transmitted directly to another controller, where technically feasible.
  7. Right to withdraw consent under Art. 7(3) GDPR
    If our processing of personal data is based on your consent, you have the right to withdraw your consent to future processing at any time. If you withdraw your consent, we will cease processing of the data for which you have withdrawn consent, unless we have a legal obligation to keep some or parts of your data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to lodge a complaint under Art. 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

15. Right to object

You may object to the future use of your data at any time by email or in writing.
If you exercise your right to object, we will cease processing of the data concerned.

16. Storage period for personal data

The storage period for personal data is determined by the respective legal retention period. After expiry of this period, the data concerned will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and / or there is no longer any legitimate interest on our part in further storage.

17. Updates and changes to this Privacy Statement

This Privacy Statement is regularly reviewed and was last updated in September 2019.
We reserve the right to change this Privacy Statement without prior notice to reflect improvements to our website, or to the services offered on our website, as well as legal and regulatory changes. The most current version of the Privacy Statement can be reviewed on our website and printed out at any time by following this link:

https://www.norres.com/en/legal/privacy-statement/