(1) Novoferm tormatic GmbH appreciates your interest in our company and its products. In order to be able to fulfil your information requests comprehensively, you may be asked to provide personal information. This information is completely voluntary. For information on how we handle your personal data in accordance with the General Data Protection Regulation (hereinafter referred to as GDPR) and data protection laws, please refer to the following privacy policy and our public procedure directory summarised in brief. As the company is based in Germany, the German data protection authorities are responsible on the basis of the Federal Data Protection Act (hereinafter BDSG).
The responsible body is
Novoferm tormatic GmbH Place of jurisdiction: Dortmund Local Court, HRB 14016 Sales tax identification number: DE812890558
Data protection on the TORMATICSALES trading platform for registered users based in Europe The TORMATICSALES trading platform is accessible to registered commercial users throughout Europe. Novoferm GmbH, represented by the Managing Director Mr Rainer Schackmann, Chairman, Schüttensteiner Straße 26, D-46419 Isselburg, Germany, is responsible for our trading platform services under telemedia and data protection law on our behalf in accordance with Art 28 GDPR and § 62 BDSG. You will be expressly informed of this fact when you register. Novoferm GmbH collects and processes the data on our behalf as follows:
Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart), represented by its managing director Sven Heib, is responsible for the website server at the Strasbourg site and for order data processing (storage and forwarding to Novoferm and its sales partners) on behalf of Novoferm GmbH. The host service provider is also subject to German data protection regulations and is contractually obliged in accordance with Art. 28 GDPR.
Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart), represented by its Managing Director Sven Heib, is also responsible for managing the trading platform (including advertising), security monitoring and analysing the Novoferm Group website. The evaluation of the anonymous or pseudonymised data of the platform users is carried out on the basis of an agreement on commissioned data processing in accordance with Art. 28 GDPR and Section 62 BDSG. Beyond Media GmbH, as a service provider of Novoferm GmbH, is also subject to the German data protection regulations and is also contractually obliged to maintain confidentiality and may only process user data collected and stored for us in accordance with the order for the purposes specified in this data protection declaration.
Neither Novoferm GmbH nor the host service provider will have access to your data outside the scope of commissioned data processing on our behalf.
Like Novoferm tormatic GmbH, Novoferm GmbH is subject to the same level of data protection as the Novoferm group of companies and has published an identical data protection declaration on the novoferm.de website and the list of procedures for the Internet services also provided on our behalf. Our data protection officer also monitors the data protection of Novoferm GmbH as a group officer in accordance with Art. 37 para. 2 GDPR.
Our commissioned data processors in accordance with Art. 28 GDPR and Section 62 BDSG (1) Our servers at the Gütersloh site and the commissioned data processing (storage and forwarding to Novoferm and its sales partners) are the responsibility of arvato systems GmbH, An der Autobahn 200, D-33333 Gütersloh.
(2) Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart), represented by its managing director Sven Heib, is also responsible on our behalf for the server of our website at the Strasbourg location and the commissioned data processing (storage and forwarding to Novoferm and its sales partners). Our host service provider is also subject to German data protection regulations.
(3) Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart), represented by its managing director Sven Heib, is also responsible for the maintenance (including advertising), security monitoring and analysis of our website. The evaluation of the anonymous or pseudonymised data of our users is carried out on the basis of an agreement on commissioned data processing in accordance with Art. 28 GDPR and Section 62 BDSG. Beyond Media GmbH as our service provider is also subject to the German data protection regulations and is also contractually obliged to maintain confidentiality.
(4) The "Cookie-Bot" service described in § 9 is a service of Cybot A/S, Havnegade 39, DK-1058 Copenhagen, Denmark. The level of data protection in the EU member state Denmark corresponds to the General Data Protection Regulation, as does German data protection law. All contractual partners of Novoferm tormatic GmbH are also contractually obliged to maintain confidentiality and may only process user data collected and stored for us in accordance with the order for the purposes specified in this data protection declaration.
(5) How our Internet presence is advertised and how we monitor our Group presence and optimise it on the basis of user interests is described in detail below.
(6) Please also note the terms of use for our website and the terms of use for the TORMATICSALES trading platform.
Our data protection provisions and notes
§ 1: Anonymous use, security, analysis and statistics (1) Novoferm tormatic GmbH takes the protection of its website visitors' data seriously and complies with the rules of data protection laws. In the following, we would like to inform you which of your personal data is collected and stored and how we handle this data. Personal data (so-called personal data) is information that makes it possible to identify a person. This includes in particular name, address and telephone number, but also the IP address assigned by your provider or your e-mail address.
(2) We endeavour to make most of the functions of our websites and services available for anonymous use. Since websites must be protected against attacks by hackers, bots and any malware and must be permanently monitored, users must be temporarily identifiable at least via the so-called metadata of the usage process. When using our websites, the following data is therefore logged, whereby the storage serves exclusively system-related and statistical purposes: names of the pages accessed, the browser used, the operating system and the requesting domain, date and time of access, search engines used. Names of downloaded files and your IP address. All usage data, in particular your IP address, will be deleted as soon as possible, at the latest immediately after the end of the usage process.
(3) The statistical analysis of anonymous user data, which can no longer be traced back to you as a user of the website when analysed, helps us to determine the habits of our users in order to make our offer more user-friendly and to adapt it to the wishes and needs of our users. For the anonymised evaluation of the data, our contractor uses the analysis program Google analytics, whose functions and precautions for anonymising user data are described below.
§2. web analysis service "Google Analytics", opt-out procedure vs. cookie bot declaration (1) This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses cookies (small text files, see also § 9 below), which are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The data protection regulations in the USA do not currently correspond in all respects to the legal requirements of the European data protection regulations.
(2) We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) Our contractor uses the latest operating standard of Google Analytics adapted to the data protection level of the GDPR, namely Universal Analytics on the basis of a contract for commissioned data processing in accordance with Art. 28 GDPR and § 62 BDSG. Universal Analytics enables e.g. cross-device tracking via a user ID and allows user-defined measurement values/standards. In accordance with the Universal Analytics terms of use, which apply to all users, no personal data may be sent to Analytics. We have obligated our contractor and our employees to strictly comply with the terms of use.
(4) The user ID is intended to prevent the direct identification of individual users. Due to the programme functions (see above), the Universal Analytics user ID is nevertheless an online identifier within the meaning of Art. 4 para. 1 GDPR and thus a personal data.
(5) We have therefore instructed our contractor and our employees not to even activate the user ID and not to send any personal data to Google. (Link to "Best Practices: https://support.google.com/analytics/answer/6366371?hl=de).
(6) Of course, Google continues to set a cookie. This is used to process the information browser type, operating system used, referrer URL, IP address (shortened/anonymised) and the time of the server request. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. If you do not wish to accept any restrictions on the possibilities of use, it is better to use the function provided by us when you first visit our website to switch off the analysis cookies (cookie bot procedure in § 9) or your right to object to us at any time.
(7) You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de). For opt-out functions (so-called opt-out solutions), however, you must generally take into account that your browser or "cleaning programmes" with access to Internet history data must not be set to delete the opt-out cookies of third-party providers. Your decision in the cookie bot procedure (see § 9) will be stored for one year, after which you will be asked again. We therefore consider this procedure to be better.
(9) You can deactivate Google Analytics here: Deactivate Google Analytics now.
§ 3 Facebook Pixel (1) Within our website, we use the "tracking pixel" of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on some pages with your consent. The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to place adverts on and off Facebook. A cookie may also be stored on your computer for these purposes.
§ 4 Use of Google Maps (1) Some pages of the website use Google Maps API to visually display geographical information. When Google Maps is used, Google also collects, processes and utilises data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google data protection information. You can also change your personal data protection settings there in the data protection centre.
(2) Detailed instructions on managing your own data in connection with Google products can be found here.
§5 Embedded YouTube videos We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video is started, the provider uses cookies that collect information about user behaviour.
If you have deactivated the storage of cookies for the Google Ad programme, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personalised usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
§ 6 Social plugins We offer you the option of using so-called "social media buttons" on our website. To protect your data, we use the "Shariff" solution for implementation. This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you will be redirected to the services of the respective provider. Only then will your data be sent to the respective provider. If you do not click on the graphic, there will be no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers. You can find more information about the Shariff solution here: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
We have integrated the social media buttons of the following companies on some pages of the group website
Facebook Inc (1601 S. California Ave - Palo Alto - CA 94304 - USA) Facebook Ireland Ltd, based at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European legal sphere.
Twitter Inc (795 Folsom St. - Suite 600 - San Francisco - CA 94107 - USA) Twitter Ireland Ltd, with registered office at 1 Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the European legal sphere.
§7 Collection and storage of personal data (1) Further personal information is only collected if you provide it to us voluntarily, for example as part of an enquiry or your registration.
(2) If you contact us by email or using the contact form, the information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions. The personal data will only ever be used within the scope of the consent you have given. You have the option to revoke your consent at any time.
(3) In all data processing operations (e.g. collection, processing and transmission), we proceed in accordance with the statutory provisions. The following statement provides you with an overview of what type of data is collected, how this data is used and passed on, what security measures we take to protect your data and how you can obtain information about the information provided to us.
(4) When registering for the use of our personalised services, some additional personal data is collected, such as name, address, contact and communication data such as telephone number and e-mail address. If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will also be happy to correct or delete this data at your request, provided there are no statutory retention obligations to the contrary.
(5) In the interests of data economy, only the data that we require to answer your enquiries or to execute and process orders will be requested (e.g. your full name or your full company name together with the name of the authorised representative(s), your e-mail address, any existing customer number and your delivery and invoice address. To register, you must also choose a user name and a password, both of which make it easier for you to log in without having to re-enter data. We store the data you enter to set up a customer account.
(6) We process data from other sources if you already have a customer account with us or our sales partners or representatives. The data from your enquiry or your order data will then be added to your customer account. In the case of new customers and commercial customers, creditworthiness data from our commercial credit insurers may be collected and added to the customer account when the contract is initiated.
§ 8 Newsletter (1) As a registered user of our B2B platform Tormaticsales you can subscribe to our e-mail newsletter service. In this case, we must collect and store your e-mail address. We use it exclusively for sending newsletter e-mails to inform you about current offers. Subscribers may also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).
(2) We require a valid e-mail address for an effective registration. We use the "double opt-in" procedure to check that a registration is actually made by the owner of an e-mail address. For this purpose, we log the subscription to the newsletter, the sending of a confirmation email and the receipt of the requested reply. No further data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.
(3) You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in every newsletter. You can also unsubscribe directly on this website at any time by clicking on the "Unsubscribe newsletter" field on our website or by informing us of your wish to do so using the contact option provided at the end of this privacy policy. Your data will be deleted in this case.
§Section 9 Cookies (1) This website uses cookies. Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system via your computer and your connection to the Internet.
(2) Cookies cannot be used to start programmes or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our web pages to be displayed correctly.
(3) Under no circumstances will the data collected by us in this way be passed on to third parties or linked to personal data without your consent.
(4) Of course, you can also view our website without cookies. You can prevent the use of cookies by setting your browser to block cookies. You will then still be able to view at least the main part of these pages. Please note that individual functions of our website and the services accessible via your registration and login on the extranet and the connected trading platforms will not work if you have deactivated the use of cookies.
(5) Cookies have different functions. Some cookies are necessary for certain functions or services on our website, for example to prevent attacks on the website or to recognise you as a registered user of our trading platform. Without the necessary cookies, the functions and services cannot be used and you will receive error messages or notifications instead of the desired function. However, you can revoke or repeat your consent at any time by cancelling the block for the respective cookie and calling up the website again or commanding the website to be updated in your browser.
(6) To make it easier for you to handle cookies on our website, we have implemented the extended cookie notice banner Cookie-Bot and refer you to the following procedural instructions. Cookie-Bot is a service provided by Cybot A/S, Havnegade 39, DK-1058 Copenhagen, Denmark. The cookies required for the functions of the website and the services offered are preset. If you confirm the "Ok" button of the banner, you give your consent to the preset cookies, which can be revoked at any time.
(7) In the cookie list of the service, the other function groups and other functions of the integrated cookies are explained to you and the duration (time limit) of the cookies, at the end of which the cookies automatically lose their effectiveness, is specified. You can switch off the cookies individually or in function groups. Please note that cookies also have functions that are not absolutely necessary but can save your user habits and preferences. An example of this is your decision in a bilingual country in favour of one of the two language versions offered. In order to enable you to use the website as usual, the cookie bot is preset so that you must remove the green tick in the overview bar in order to restrict your declaration of consent accordingly. If you also allow us to use statistics (analysis cookies) and personalised advertising (tracking and profiling cookies), we can inform you individually in the usual way, remind you of content you have already viewed and optimise our websites based on the anonymous analysis of your user behaviour on our pages and in our services and platforms. We thank every user who helps us to become better and better.
(8) The cookies we use are
Error: The domain WWW.TORMATIC.DE is not authorised to show the cookie declaration for domain group ID bfdd57a2-14d8-405d-9180-7f1ded0a121a. Please add it to the domain group in the Cookiebot Manager to authorise the domain.
§ 10 Security information (1) We have taken a variety of security measures to protect personal information to an appropriate extent and adequately.
(2) Our databases are protected by physical, technical and procedural measures that restrict access to the information to specifically authorised persons in accordance with this privacy policy. Our information system is located behind a software firewall to prevent access from other networks connected to the Internet. Only employees who need the information to fulfil a specific task are granted access to personal information. Our employees are trained in security and privacy practices. All our employees and all third parties involved in data processing are obliged to comply with the Federal Data Protection Act and to handle personal data confidentially.
(3) When personal information is collected via our website, the transmission is encrypted using industry standard Secure Socket Layer ("SSL") technology via https.
(4) You should never disclose your password for accessing our website to third parties and you should change this password regularly. When you have left our website, you should log out and close your browser to prevent unauthorised users from gaining access to your user account.
(5) We cannot guarantee complete data security when communicating by e-mail.
§11 Use, disclosure and deletion of personal data (1) We use the personal data you provide to answer your enquiries, to process your order, to check creditworthiness and for the purpose of technical administration of the websites.
(2) Your personal data will only be passed on to third parties if this is necessary for the purpose of processing the contract or if you have expressly consented to this.
(3) Furthermore, we do not rule out the possibility of transmitting anonymised usage data for market research purposes. The identification of users is excluded (see above).
(4) We would like to point out that we are authorised and obliged to provide information about data in individual cases by order of the competent authority, insofar as this is necessary
for the purposes of criminal prosecution,
to avert danger by the police authorities of the federal states,
to fulfil the statutory duties of the federal and state constitution protection authorities, the Federal Intelligence Service or the Military Counter-Intelligence Service
or for the enforcement of intellectual property rights.
(5) The deletion of user data takes place automatically for the visitor to the website immediately upon leaving the site. The duration of the cookies is described in detail in § 9. The data of an enquiry will be deleted after the follow-up correspondence has been completed, at the latest six months after the last unanswered message from the user. The data of a specific offer is deleted either by the user himself or at his request, but no later than three years after the offer has been made. Contract data is deleted after the contractual relationship has been fully processed, in particular after the warranty, guarantee or liability periods have expired. For manufacturers of safety-relevant construction products, these periods can last up to 10 years after delivery of the products or acceptance of the contractual service. Our data protection officer will be happy to answer any queries regarding the erasure concept.
§12 Your data protection rights (1) You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. Sections 34 and 35 BDSG (Federal Data Protection Act) must also be taken into account with regard to the right to information and the right to erasure. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR and Section 19 BDSG).
(2) You have the right to receive information about your personal data stored by us at any time. You also have the right to have your personal data corrected, blocked or, apart from the prescribed data storage for business transactions, deleted. If you have any questions about data protection, you can contact our data protection officer Thorsten Werbeck (thorsten.werbeck@novoferm.de) or the data protection officer or data protection officer of the representative responsible for you.
(3) To ensure that data can be blocked at any time, this data must be kept in a lock file for control purposes. You can also request the deletion of the data, provided there is no legal archiving obligation. If such an obligation exists, we will block your data on request.
(4) You can make changes or revoke your consent by notifying us accordingly with effect for the future. The cancellation is possible at any time informally and without justification. You can use all the address and contact details of Novoferm tormatic GmbH given above for this purpose.
§13 Changes to our privacy policy We reserve the right to amend this privacy policy from time to time to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services or functions. The new privacy policy will then apply to your next visit.
§Section 14 Right to object (1) You have the right, for reasons arising from your particular situation
as a user of the website,
as an interested party after contacting us and our sales partners,
as a registered user in the connected trading platform Tormaticsales,
or as a customer of Novoferm tormatic GmbH,
to object at any time to the processing of personal data concerning you which is based on Article 6(1)(f) of the GDPR (data processing on the basis of a balancing of interests).
(2) If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
(3) The objection can be made in any form and can be sent to our address given in section 1.
Novoferm data protection concept Internet services
List of procedures in accordance with Art. 30 GDPR
Extract from our Tormaticsales platform (see below):
The website, which is legally independent of Novoferm Tormatic GmbH in terms of data protection and telemedia law, but is managed on the same legal basis, according to the same rules and on the basis of the same data protection regulations www.tormatic.de/en including its B2B trading platform Tormaticsales and the connected lead system , which functions as described above, is operated by Novoferm GmbH as a commissioned data processor for the group company.
Full text:
1. the controller on our behalf within the meaning of data protection law (including the data protection provisions of the TMG) is Novoferm GmbH
Place of jurisdiction: Coesfeld Local Court, HRB 7771 Sales tax identification number: DE811152143 Managing Director
Dipl.Ing. Rainer Schackmann, Chairman Dipl.-Kfm. Thomas Hage Dipl.Ing. Dirk Gößling
Home page of the European subsidiary Novoferm GmbH. The portal, known as the "Extranet", provides further product information for registered users from the target groups of architects, fabricators (tradesmen and commercially organised contractors) and dealers. As a pure B2B platform with an exclusively informational character, the platform is only relevant to data protection with regard to the master data of registered users, insofar as personal company data within the meaning of the GDPR is affected. The master site also contains the postcode generator and the garage door configurator for end customers (including consumers), who cannot use the other services of the site, namely the connected services of the NOVOSALES trading platform or the services of the B2B SAP webshop for export trade. All data protection-relevant functions of the site and the services offered via the site are described in the privacy policy. Via the generator, the user can find out the Novoferm sales partner responsible for end customer business for the postcode entered; via the configurator, the user has the option of forwarding the selected (optical and technical) configuration of the garage door of his interest to the Novoferm sales partner responsible for him locally (allocation according to the postcode entered) in order to have further information on the product or a concrete offer sent to him. The user himself determines the purpose and scope of his enquiry. The user also determines the scope of their consent to the forwarding and use of their master and transaction data. The user's consent must be selected as "opt-in"; enquiries without consent are not forwarded to sales partners and are not entered in the lead system for further data processing.
The lead system described below is the central data protection service of the Novoferm group of companies. User enquiries (so-called leads) collected via the system-relevant websites of the Group (see respective information there) are recorded in the system, stored and forwarded to the sales partner obliged to comply with Novoferm's data protection declaration for further process-related processing (answering the user's enquiry) and checked for proper, competent and prompt answers. The process correspondence up to the end customer offer can be processed by registered Novoferm sales partners via the offer function of the NOVOSALES trading platform via the system in compliance with data protection regulations. Completed leads are deleted by the system administrator Novoferm GmbH (transaction and user master data). Representatives or sales partners of Novoferm or sales partners of the representatives in the target countries are only authorised if they have read and accepted the data protection provisions of Novoferm GmbH and the terms of use for the system services (see registration routine and terms of use for the lead system). In the event of breaches of the data protection provisions, the representative or sales partner will be excluded from further use of the system. Email contact details of the Group Data Protection Officer (currently Thorsten Werbeck) are published on all websites (including the respective services and systems) and can be easily accessed at any time using the two-click rule via the main "Privacy Policy" link or the respective notes on the user's declaration of consent in connection with the collection of data (note links to the Privacy Policy). Express reference is made to the user's rights to revoke their declared consent, to correct, block or delete their data, as well as to information about which data is stored about them. The list of procedures is published on the website in the appendix to the privacy policy.
Novoferm GmbH operates the website www.tormatic.de/en including its B2B trading platform Tormaticsales and the connected lead system , which functions as described above, on the same legal basis, according to the same rules and on the basis of the same data protection provisions, and is legally independent from Novoferm Tormatic GmbH in terms of data protection and telemedia law.
Representatives in group presentation with lead system:
Spain
Address: Poligono Induistrial de Guarnizo, 39611 Guarnizo-Cantabria
Responsible representative: Javier Perez Sanchez
without special features
Austria
Address: Roter Hof 1/1,2000 Stockerau
Responsible representative: Robert Gruber
In addition to the B2B trading platform NOVOSALES, we also operate the trading platform NOVOSALES AUSTRIA for our representative in Austria. The same data protection and terms of use apply as for commercial users of the Novosales trading platform
Denmark
Address: Fynsgade 1, 6520 Toftlund
Responsible representative: Anders Majland
without special features
Czech Republic
Address: Petrovice u Karvine 570, 73572 Petrovice u Karvine
Representatives in the group appearance without lead system
France
Address: Z.i. les Redoux, 44270 Machecoul responsible representative: Michel Akoum
without special features
Switzerland
Address: Höchmatt 3, 4616 Kappel (SO) Responsible representative: Thomas Hage
Our representative in Switzerland has checked and confirmed the conformity of our privacy policy with Swiss law on the basis of a local legal audit based on the GDPR.
Romania
Address: Soseaua Gherase 66-70, 23397 Bucharest Responsible representative: Mircea Bosincian
The representatives in the UK with the website www.novoferm.co.uk and in Hungary www.novoferm.hu operate independently of the Group website with websites that they have created, host and operate under their own responsibility under data protection and telemedia law.
Our privacy policy and our process description do not apply to these websites.
2. as group representative pursuant to Art 37 (2) GDPR for the companies
Tor System Technik GmbH, Willi-Bleicher-Str. 7, 52353 Düren
has been appointed:
Mr Thorsten Werbeck
Isselburger Str.31, 46459 Rees
Email: thorsten.werbeck@novoferm.de
3. user data for website services is stored and processed exclusively for the duration of use and deleted at the latest when the session ends. User data collected voluntarily as part of an enquiry will be processed exclusively for the purpose of processing the enquiry and within the scope of the consent given, stored, passed on to the sales partners specified in the notice for processing the enquiry and deleted after the enquiry has been processed. Registration master data is stored for the duration of the user contract and is collected, stored and deleted on the basis of the agreed terms of use. Reference is made to the data protection concept for handling contract transaction data in operational business.
4. the data subjects are initially all users of our website in the described group presence
then interested parties of our products and services offered
then enquiring interested parties, whose master data is recorded for contact purposes and passed on to the locally responsible (see above) representative or sales partner to process the enquiry and stored in the lead system to check processing
then the potential and actual customers whose data is processed by registered users (representatives and sales partners) in the offer function of our online shops to process their enquiries, invitations to submit offers or for further contract processing (repeat orders, warranty claims, etc.). Business transactions are stored for a period of 6 (six) years for the representative or sales partner. As contractual partners of the customer, they are responsible for data protection outside our sphere of influence (lead system, trading platforms).
5. the type of data processed are
firstly, the anonymised user data listed in detail in the privacy policy for statistical purposes and for the purpose of optimising the user-friendliness of our website
When the user contacts us, the master data specified in the respective input mask, which is tailored to the respective purpose of the user enquiry and, in addition to the contact data (address data) marked with *, which is mandatory for processing, contains additional voluntary data fields for more convenient or direct contact (telephone data) and free text fields for limited text messages. In addition to instructions for processing or restricting the declaration of consent, the user can also transmit process data on the content of their enquiry.
When using the postcode search, only the temporary entry of any postcode is required; a personal reference to the user is not established.
When using the configurator, the user's data record is only saved at the user's express request and, with the user's express consent ("opt-in"), forwarded to the local sales partner responsible for the user. The user must also enter the master data for a contact enquiry so that their enquiry about their configuration can be processed. The technical and optical data of his configuration are collected and stored with his master data.
When registering and concluding a user contract, all master data required for contract processing and secure identification of the contractual partner is collected. For the use of the B2B platforms (extranet, trading platforms, online shop, lead system), further master data of the user is required to verify the entrepreneurial status within the meaning of Section 13 of the German Civil Code (BGB) and the master data of authorised representatives. For the use of the offer function of the trading platforms and the use of the lead system functions, further data on the responsible persons in terms of data protection (access control) is collected (e.g. personalised e-mail addresses and secure passwords).
When processing the leads, additional individual transaction data required for processing the respective enquiry may be collected and merged and processed with the enquiry data. This may include queries regarding the suitability of the selected Novoferm product or the specific installation situation (e.g. the garage door) on the user's property or in the building.
6. possible recipients of the data are
the target partners of the data transmission specified in the consent instruction (representatives or sales partners of Novoferm GmbH, e.g. Novoferm Vertriebs GmbH for the B2B market in the Federal Republic of Germany or the respective locally responsible sales partners or, for questions from other European countries, the respective representative in the target country of the user's enquiry).
our own employees who are bound to secrecy with regard to the data protection organisation and Novoferm's privacy policy, in particular in their activities as system administrators and contract data processors.
our contract data processors (host service and service operators) who are contractually bound to confidentiality and also subject to the European level of data protection as described in the privacy policy.
7. data processing outside the direct scope of the GDPR only takes place for users from Switzerland on the basis of Swiss data protection laws. For our users from Switzerland, we also guarantee at least compliance with the European level of data protection.
8. the deletion of non-process-related user data takes place immediately at the latest when the use is terminated. Enquiry data is deleted after the enquiry has been processed, unless it remains permanently stored due to a subsequent business transaction and is only deleted on the basis of the deletion concept for contract data (see above).
9. level of protection and protective measures (Art 32 GDPR)
We consider the level of protection for address data, as it is usually kept in public directories, to be relatively low. We consider individual contact data, but in particular transaction data on specific installation requests, to be critical because in the worst-case scenario of unauthorised data access with criminal intent in connection with the address data, conclusions can be drawn about the temporarily reduced building security during work on doors, gates and other building closures of the user. Data loss risks, on the other hand, would be unproblematic; specific user enquiries can also be easily restored (reproduced) with the functions of the services with little to manageable effort for the user.
We already transmit requests for contract initiation with specific user data via the contact forms or the configurator in encrypted form (SSL technology).
Our system administrators ensure that the transmitted data is only assigned to the specific lead and therefore to the specific user enquiry. The system functions of the lead system ensure that the user's data record can only be read and processed by the local representative responsible for the user and their sales partner. (e.g. user enquiry from Germany > access by Novoferm Vertriebs GmbH, user enquiry from Nuremberg > additional access by the sales partner working in Nuremberg, who submits the contract offer for the delivery of the garage door or the installation of the fire protection door).
All system accesses are personalised accordingly, password-protected and are only used by persons who are contractually obliged to comply with the data protection regulations of Novoferm GmbH and to implement the European (supplementary Swiss, see above) level of data protection in their own work organisation.
The availability and resilience of the systems is guaranteed by physical and technical protective measures (firewall, secure servers in data centres, state-of-the-art backup systems, etc.), as described in the general data protection concept.
The recovery of system data through backups is guaranteed as described in the general recovery concept.
The testing, assessment and evaluation of the effectiveness of the protective measures is ensured by the PBE concept of our Group Data Protection Officer.
