Data Protection Declaration

Introduction

Dear User,

As it is important to us that you feel safe and well when visiting our website and the protection of your privacy has a high priority for us, we inform you below about the data processing which takes place on our website.

All data processing is carried out in accordance with legal regulations. The following declaration gives you an overview of what kind of data is collected, how this data is used and passed on, what security measures we take to protect your data and how you obtain information about the information given to us.

Section 1 Collection and Storage of Personal Data

NORD Gear Corporation is responsible for the processing of your data.

When you visit our website, so-called usage data are analyzed on our web server temporarily as a log file for statistical purposes to improve the quality of our website. This dataset consists of

  • Name and address of the content requested
  • Date and time of the request
  • Data volume transmitted
  • Access status (content transmitted, content not found)
  • Description of the web browser and operating system used
  • Referral link which specifies from which site you reached ours
  • IP address of the requesting computer which is shortened in a manner that it is no longer personally identifiable

The log data mentioned are only analyzed anonymized.

Additional personal information is only recorded if you provide it to us voluntarily, for example during an enquiry, registration or when signing a contract.

Handling of Applicant Data

Applicant data will only be stored by NORD for the application process and will be deleted no later than six months after the position has been filled. On receipt of your application documents, we will inform you about the personal data we store in accordance with the requirements of Article 13 GDPR.

Section 2 Use, Disclosure and Deletion of Personal Data

We use the personal data you provide to answer inquiries, process orders, check creditworthiness, and for the purpose of technical administration of the websites according to Art. 6 (1) (b) and (f) GDPR.

Your personal data will only be passed on to third parties if it is necessary for the purpose of the contract, for billing purposes, or for collecting fees if you have expressly consented to this, Art. 6 (1) (a) GDPR. It may also be necessary for us to pass on order data to suppliers when delivery is made directly and our suppliers only receive the information necessary to fulfill their respective tasks. Any other use of the information is not permitted. We are also authorized to pass on personal data to financial service providers or for debt collection purposes. These persons only receive the information which is necessary for them to perform their relevant tasks. If we make advance payments in connection with an order (for example, when purchasing on an account), we can only have the identity and creditworthiness of customers checked by a service provider. If we use service providers for data processing, that data is processed on the basis of a contract processing agreement that complies with the requirements of Art. 28 GDPR.

Additionally, NORD is authorized to provide information on data in individual cases by order of the competent authority and as necessary for the purposes of criminal prosecution, to avert danger by the police authorities of the federal states, to fulfill the legal tasks of the Federal and State Office for the Protection of the Constitution, the Federal Intelligence Service, or the Military Counter-Intelligence Service, or to enforce intellectual property rights.

Section 3 Security information

We have taken a variety of security measures to adequately protect personal information.

Our databases are protected by physical, technical, and procedural measures that restrict access to the information to specially authorized persons in accordance with this Privacy Policy. Our information system is located behind a software firewall to prevent access from other networks connected to the Internet. Only employees who need the information to perform a specific task are permitted access to personal information. Our employees are trained in security and privacy practices.

If personal information is collected via our Internet pages, transmission is encrypted using the industry standard Transport Layer Security (“SSL/TLS”) technology. Sensitive information, such as credit card numbers or account information, is further encrypted for additional protection.

(Never give your myNORD online customer portal password to third parties. If you suspect unauthorized access to your account or are worried that your password may have been compromised, change it immediately. When you leave our website, you should log out and close your browser to prevent unauthorized users from accessing your account. We cannot guarantee complete data security for communications made by e-mail.)

Section 4 Cookies, Web Analysis Tools, and Other Processing

“Cookies” are small files stored on your PC that allow us to capture specific information when you visit our website. Cookies help us to determine the frequency of use and the number of users on our website. They also allow us to make our offers as safe, convenient, and efficient as possible for you.

NORD's web site utilizes “session cookies”, which are stored temporarily and exclusively for the duration of your use of our Internet pages. We use “permanent cookies” to record information about computers that repeatedly access our website. This enables us to "recognize" you, offer user guidance, and present you with as much new content as possible. The content of a permanent cookie is limited to an identification number. The duration of validity and purpose of our cookies can be found here. Please click on “Show details”. Your name, IP address, or other details about your true identity are not saved and we do not create an individual usage profiles.

NORD offers can also be accessed without cookies. You can deactivate the storage of cookies in your respective browser, limit them to certain Internet pages, or set your browser so that it informs you as soon as a cookie is sent. You can also delete cookies from your PC's hard drive at any time. Please note, however, that doing this may limit the display and user guidance of our web site.

Bing Ads

To be able to determine the number of users who clicked on a Bing ad and were forwarded to a conversion site (“remarketing”), we use the service “Bing Ads” by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. If you reached our website via a Microsoft Bing Ad, Microsoft Bing Ads stores a cookie on your computer. The legal basis for processing is your consent in accordance with article 6 (1a) GDPR. You can withdraw your consent here at any time. Further information on Bing Ads is available here.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers based in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Google Display & Video 360 (Formerly Doubleclick Bid Manager)

On this website we use the tool Display & Video 360 by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which records data for analysis, marketing and optimisation purposes and therefore helps us to improve our marketing measures and our website. The data which is recorded is used by Display & Video 360 to link clicks on advertisements with the resulting use of our website. In this way we can determine whether internet users who have seen our advertisements visit our website and if so, the products which they are interested in. This helps us to utilise our advertising budget more efficiently. We can also use the recorded data to provide advertising on the basis of your interests (e.g. products viewed).

Online identification number pseudonyms (e.g. cookie IDs or IP addresses) are used to record the data. For this, no identifiable user-related data such as names or addresses are saved. All of the IDs which we use are only used to identify your terminal device and your internet browser. Without your separate agreement, the recorded data will not be used to personally identify you as a user of our website.

We must point out that for users who are registered with Google, Google may have the possibility of linking the user to their visit to this website. You can find out exactly how Google processes this data by clicking on the Google privacy pages under the following link:
https://privacy.google.de/intl/de/take-control.html?categories_activeEl=sign-in

Under the following link you can find an explanation of how you can deactivate data recording by Google on your computer or your mobile terminal device: https://support.google.com/ads/answer/7395996

The legal basis for processing is your consent, if you have given this.

You can change or withdraw your consent here or here.

Campaign Manager (Previously DoubleClick by Google)

This website uses the online marketing tool “Campaign Manager” by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94042, United States. Campaign Manager uses cookies to place advertising relevant to the user, to improve reports on campaign performance or to prevent users from seeing the same advertisement several times. A cookie records which advertisements are placed in which browser and thus prevents them from being displayed several times. In addition, with the aid of cookie IDs Campaign Manager can record so-called conversions, which are related to advertisement enquiries. This is the case if a user views a Campaign Manager advertisement and opens the website using the same browser and purchases something there. According to Google, Campaign Manager cookies do not contain any personal information.

Due to the marketing tools which are used, your browser automatically establishes a direct connection to Google. To prevent your data from being transmitted directly to Google Inc., we use Zaraz, a website management tool. Regarding the functionality and the processing of your data, we refer to the entry for Zaraz in this data protection declaration.

Furthermore, the Campaign Manager (DoubleClick Floodlight) cookies enable us to understand whether you perform certain actions on our website after you have opened one of our display/video advertisements on Google or on another platform via Campaign Manager or have clicked on these (conversion tracking). Campaign Manager uses this cookie to identify the content with which you have interacted on our websites in order to send you targeted advertising at a later date. Further information on Google data protection is available here.

The legal basis for processing is your consent in accordance with article 6 (1a) GDPR. You can change your consent here or withdraw your consent here.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Captcha

To protect our web forms against automatic queries we use a so-called “Captcha” by der Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94042, United States. In the context of this Captcha function, you will be asked to solve tasks or to click checkboxes. The user inputs and possibly the mouse movements made in this context will be used to estimate if the input comes from a human being or from an automated program. The embedding takes place based on Art. 6 para. 1 lit. f GDPR and in the interest of protection from spam and misuse. If you do not want this data processing, please refrain from using our web forms.

Cloudflare

For the purpose of tracking faults, preventing misuse and detecting attacks concerning our website we process your IP address and the times when you open our websites. To this end we use the service provider Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). In the process the data transfer between your browser and our servers is analysed by Cloudflare whilst Cloudflare uses cookies to enable you to access our website. This processing is within our justified interest in accordance with article 6 (1f) GDPR.

Our justified interest consists in ensuring the functionality and security of our systems for visitors.

Zaraz

This website uses the website management tool Zaraz from Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Zaraz is a cloud platform for managing website settings. Website content – including Google scripts and other third-party tools – is stored on Zaraz cloud servers and distributed to users via these servers. Content is no longer loaded directly from third-party providers, so that they no longer receive any information about website visitors. There is only a data exchange between the user and the Zaraz servers. This increases the security of user data.

Cloudflare maintains log data about events taking place on our network. Some of this log data includes information about visitors and/or authorized users of domains, networks, websites, or application interfaces (“APIs”). This metadata contains extremely limited personally identifiable information, mostly in the form of IP addresses. Cloudflare processes this data – bound by instructions – in the main data centers in the USA and Europe for a limited period of time.

A data processing agreement (DPA) has been concluded with Cloudflare Inc. in accordance with Art. 28 GDPR. The service provider is strictly bound by instructions and processes your data only within the framework of the service contract.

This processing is within our justified interest in accordance with article 6 (1f) GDPR.

Our justified interest consists in improving the quality of our content through a functional website management and thus making our website more pleasant for visitors to use.

If the data is processed outside the EU or the EEA, please note that standard contractual clauses have been concluded with Cloudflare Inc. in accordance with Article 46 (2c) GDPR. However, there is still a residual risk that authorities will access the data for security and surveillance purposes without informing you or giving you legal redress.

Cookiebot

To be able to use a functional cookie consent tool, we use the service Cookiebot by the provider Cybot A/S, Havnegade 39, 1058 Copenhagen. With this tool we can differentiate between different cookie types and the respective information about them. The following data are processed by Cookiebot: Date and time of your consent, technical browser data, the URL of our website and your anonymized IP address. Your data are deleted by Cookiebot 12 months after you declared your consent.

The use of Cookiebot is based on article 6 (1.1f) of GDPR in the interest of the functional and correct administration of your consent required for data protection reasons. Cookies are placed based on your consent in accordance with article 6 (1a) GDPR. Further information on Cookiebot can be found here.

Google Ads Conversion and Remarketing

To count the number of users who have clicked on an advertisement, we use the service “Google Ads Conversion Tracking” by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94042, United States. The service uses cookies stored on your computer which permit an analysis of the use of our website if you have clicked on a Google ad. This allows the detection that you have clicked on an ad and have been forwarded to the target site (conversion). This information is used to prepare conversion statistics. The cookies have a validity of up to 90 days. The legal basis for processing is your consent in accordance with article 6 (1a) GDPR. Further information on Google Ads is available here. If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Google Analytics

We use Google Analytics, a web analysis service by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94042, United States. Google Analytics uses cookies to permit an analysis of your use of our website. The information saved by the cookie about your use of our website is usually transferred to a Google server in the USA and is stored there. However, due to the activation of IP anonymization on our website, Google will shorten your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and will be shortened there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to the website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings in your browser, however, please note that if you do this you may not be able to use the full functionality of our website Furthermore, you may prevent Google from recording and processing data relating to the use of our website in the cookie (including your IP address) by clicking on the link Disable Google Analytics. This sets an opt-out cookie, which prevents future recording of your data when you visit the website.

Further information about this is available in the Google data protection declaration. Please note that the code ""gat.anonymizeIp();"" has been added to Google Analytics on our website in order to ensure anonymous collection of IP addresses (so-called IP masking). You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent future collection of your data when you visit the website: Disable Google Analytics. The legal basis for the processing in the case of your consent is article 6 (1a) GDPR.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Google DoubleClick

To allow the placement of relevant advertisements for visitors of our website, we use the online marketing tool “DoubleClick” by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94042, United States. A cookie ID can record which advertisements are placed in which browser and the ID prevents the multiple placements of the same ad. It also allows recording whether an advertisement has been placed and whether via the same browser the website of the advertiser was later opened or something was bought there. With the DoubleClick tool your browser establishes an automatic connection to the Google server and can – if you are registered with a Google service – assign the visit to your account. To prevent your data from being transmitted directly to Google Inc., we use Zaraz, a website management tool. Regarding the functionality and the processing of your data, we refer to the entry for Zaraz in this data protection declaration. You can disable cookies for conversion tracking. Further information about this is available in the Google data protection declaration. The legal basis for the processing in the case of your consent is article 6 (1a) GDPR.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries and you have given your consent, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Google Fonts

For the functional presentation of our fonts we use the Google Fonts by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When opening our website, your IP address is transmitted by the Google domains fons.googleapis.com and fonts.gstatic.com. According to Google this transmission is separated from other Google services. In addition, information, such as configured language, screen resolution, name and version of the browser are transmitted to Google. Google stores this data for one year. If you want to have this data deleted earlier, you can contact Google Support. How exactly Google handles your data can be found out on the data protection pages of Google.

The legal basis for processing is your consent in accordance with article 6 (1a) GDPR. You can change or revoke your consent.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries and you have given your consent, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Google Maps

On our websites we embed map services by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94042, United States which are not stored on our servers. To prevent the opening of our websites with embedded map services from automatically reloading content of the third party provider, we only display the locally stored thumbnails of the maps as a first step. This does not provide the third-party provider with any information.

Only after clicking on the thumbnail is the content of the third-party provider reloaded. The third-party provider then receives information that you have opened our website and the usage data technically required in this context. We have no influence on the further data processing by the third party provider. By clicking on the thumbnail you grant us consent to reload the content of the third party provider. Embedding is based on your consent if you have previously granted your consent by clicking on the thumbnail, article 6 (1a) GDPR.

Please note that the embedding of several map services results in your data being processed outside the EU or the EEA. In some countries there is the risk that authorities access your data for security and monitoring purposes without you being informed or being given legal redress. If we utilize providers in unsafe third countries, the transmission to the unsafe third country is based on article 49 (1a) GDPR.

Further information about this is available in the Google Data protection declaration and the Additional terms of use for Google Maps.

Google Tag Manager

This website uses Google Tag Manager a service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service allows website tags to be managed via an interface. Google Tool Manager simply implements tags, does not use cookies and does not collect personal data. Google Tag Manager triggers other tags which may collect personal data, if necessary. However, Google Tag Manager does not access these data. If tracking tacks have been disabled on domain or cookie level this applies for all tags being implemented via Google Tag Manager.

Tag Manager is used by us to manage the tools and external services we use on our website and permits the use of so-called tags. A tag is an element of code stored in the source text of the website to, for example, control which pages or service elements and tools are enabled and loaded in which order. The tool provides for the triggering of other tags which in turn might collect data and which are further explained in this data protection declaration. Sometimes the data is processed on a Google server in the USA. Further information about this is available in the information provided by Google on Tag Manager . To prevent your data from being transmitted directly to Google Inc., we use Zaraz, a website management tool. Regarding the functionality and the processing of your data, we refer to the entry for Zaraz in this data protection declaration.

The manager is used based on our justified interest in accordance with article 6 (1f) GDPR.

Please note that the embedding of several map services results in your data being processed outside the EU or the EEA. In some countries there is the risk that authorities access your data for security and monitoring purposes without you being informed or being given legal redress. If we utilize providers in unsafe third countries, the transmission to the unsafe third country is based on article 49 (1a) GDPR.

Newsletter

You can subscribe to our newsletter on our website. With your consent, you confirm that your personal data submitted to us is correct and complete, and that you are the authorized user of the e-mail address. Afterwards, you will receive a confirmation e-mail in which you can complete the newsletter registration (double opt-in). This way, we can verify that you are the owner of the provided e-mail address.

By subscribing to the newsletter, you consent to the evaluation of the newsletters after opening and with regard to selected contents using the system of our processor HubSpot. With the aid of this system, we can better adjust our newsletter to the interests of our newsletter subscribers. Please find more information in the “HubSpot” section below.

You can withdraw your consent at any time without affecting the legality of the previous processing. You can withdraw the consent at any time and free of charge by clicking on the link in our newsletter’s footer. In case you withdraw your consent, you will receive no further newsletters. In accordance with Art. 6 para. 1 lit. f GDPR, your data will be stored for three years after newsletter unsubscription for the purpose of accountability and any damage claims according to Art. 5 para. 2 GDPR. Afterwards, your personal data will be deleted, if there are no statutory storage obligations.

The provision of your personal data is voluntarily without being statutorily or officially mandatory or binding. Failure to provide your personal data would result in you not being able to receive our newsletter. In accordance with Article 22, paragraphs 1 and 4, no automated decision-making and profiling takes place.

HubSpot

For our online marketing activities we use HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland for the following aspects:

  • Email marketing (invitations to exhibitions, newsletters, etc.)
  • Landing pages and contact forms
  • Social Media Publishing & Reporting
  • Reporting (e. g. traffic sources, access etc.)

You have the option to contact us via our contact form. Our contact forms enable visitors to our website to find out more about our company, download content, receive free exhibition tickets and to provide us with contact details and other demographic information.

To use our contact form, we need the data marked mandatory from you. We use this data on the basis of article 6 (1.1f) GDPR to respond to your queries and to guarantee the secure and functional design of the page. If your data transmitted via the contact form are processed on the basis of article 6 (1.1f) GDPR, you can object to the processing at any time.

You can also decide independently whether you want to provide us with additional details. This information is voluntary and not mandatory for making contact. We process your voluntary information on the basis of you consent in accordance with article 6 (1.1a) GDPR. You can withdraw your consent for processing the voluntary information at any time. To do so please contact the email address specified in the imprint.

Your data are only processed to respond to your query. We delete your data if it is no longer required and there are no statutory retention obligations to the contrary.

With the aid of HubSpot we have the option of analyzing the surfing behavior of visitors to our website. The statistical usage data of our online marketing offers are used to optimize website functions and to provide visitors to our website with content which is tailored to their interests We will only do this if you have given your consent on the basis of article 6 (1a) GDPR. You have the option of preventing tracking by HubSpot and withdrawing your consent by clicking on the following link: Disable HubSpot tracking.

A cookie with a validity of 2 years will then be set for you resulting in the discontinuation of HubSpot tracking on our website

Our email server is designed to inform us automatically whether and when an email has been opened and when a link in the email has been clicked. This means that for the email and online marketing activities described above, the complete IP address of the website visitors is also recorded, but it is not permanently stored.

You can view the data protection provisions of HubSpot here, more information on GDPR compliance here. You can find information about the cookies used by HubSpot here. Further information about the processing of data relating to your contact data can be found here.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Informizely

We invite you to participate in a satisfaction survey the conduction of which is supported by Informizely B.V., Wg-plein 425, 1054SH, Amsterdam, The Netherlands. The service provider’s acting is subject to directives in the framework of an order processing contract. We do not submit your data to bodies outside the EU or EEA.

We do not request you to disclose personal data in the satisfaction survey.

E-mail surveys

For your participation in the survey, we use your e-mail address.

We will process your personal data for the purpose of reviewing our rendered service and product performances to improve our performance based on the feedback. The legal basis of the data processing is Article 6 (1f) GDPR in the framework of our aforementioned legitimate interest. There is no statutory or contractual obligation for the provision of data.

Your personal data will be stored only for as long as necessary for the survey.

Website Surveys

For your participation in the survey, we need your IP address, which will be anonymized by the service provider.

Your IP address will only be processed in case you wish to participate in the satisfaction survey. Without the IP address, a participation will not be possible for technical reasons.

The disclosure of your IP address is voluntary and takes place based on Article 6 (1.1a) GDPR. If you do not wish to disclose it in the scope of the survey, please refrain from participating.

Your IP address will be anonymized directly after submitting the survey. After the anonymization, personal identification is no longer possible.

Website Visitor Tracking (Dealfront)

We use the technologies of Dealfront (Echobot Group GmbH, Durlacher Allee 73, 76131 Karlsruhe).

Dealfront helps us recognize which companies are visiting our website. For this purpose your IP address will be processed to recognise if it is a company-related IP address. Dealfront identifies businesses based on their publicly registered IP addresses and Dealfront's database of IP addresses. Only company visits are displayed. All users who visit our website from private IP addresses are automatically filtered out. All visit data is aggregated at the company level. The tracker cookie is only set for the website domain and is used to set a unique identifier to distinguish different visitors. Processing of personal data cannot be completely ruled out when reviewing the linked company information.

The legal basis for processing is your consent in accordance with article 6 (1a) GDPR if granted by you.

Please note that Dealfront uses service providers who may also process data in the USA. For transfers to the U.S., an adequate level of data protection is guaranteed due to the certification of the service providers under the adequacy decision (EU-U.S. Data Privacy Framework).

LinkedIn Insight Tag, Linked Ads, LinkedIn Analytics

We use the conversion tool “LinkedIn Insight Tag” by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, to measure the reach of our website and our marketing activities. This tool creates a cookie in your web browser collecting e. g. the following data: IP address, device and browser properties and site events (e. g. page calls). The IP addresses are shortened or (if they are used to reach members across devices) hashed. The direct IDs of members are removed within seven days to pseudonymize the data. The remaining pseudonymized data are then deleted within 180 days. In this case the LinkedIn Insight Tag is embedded on our website and establishes a connection to the LinkedIn server if you visit our website and are logged in with LinkedIn. LinkedIn does not share the personal data but supplies anonymized reports about website target groups and the display performance to us. Further information on data protection with LinkedIn can be found in the LinkedIn Data protection notice. As a member of LinkedIn you also have the option to disable advertising in the configuration of your LinkedIn account. The legal basis for processing is your consent in accordance with article 6 (1a) GDPR if granted by you.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Monotype Web Fonts

To enable us to display fonts properly on our website we use the service provider Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA. As soon as you open our website a connection with servers of Monotype Imaging Holdings Inc. is established for license and billing reasons, your IP address is transmitted and the required web fonts are loaded by your browser in your browser cache so that the texts and fonts can be displayed. Your IP address is stored by Monotype for 30 days and then deleted. We use Monotype in the interest of an appealing and uniform presentation of our online offering. The legal basis for processing is your consent in accordance with article 6 (1a) GDPR.

Further information about the data protection of Monotype is available in their Data protection declaration.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Closed User Group myNORD and E-Shop

To use our myNORD Internet portal and/or our e-shop we require your registration. All data required for the execution and processing of orders will be requested: Your full name or your full company name together with the person authorized to represent the company, your email address, your address (billing address and, if applicable, different delivery address) and, if applicable, your telephone number (e. g. if the coordination of a delivery date is required on short notice). You must also choose a username and password, both of these enable you to log in more easily without re-entering data. We store the data entered by you for setting up a customer account through which we record, execute and process your orders. We keep your data for further orders (registration) as long as you maintain the registration. Details on current and past orders and envisaged delivery dates can be viewed by you. You have the right to access, correct and delete your registration data at any time. We will delete your account if deletion is required by law but no later than two years after the execution of your last order.

The transmission of data from us to you is encrypted using SSL/TLS. The legal basis for the processing in this case is article 6 (1 f) GDPR for the purpose of processing your orders and article 6 (1 b) GDPR for the execution of the contract signed with you.

Novalnet

In the closed area e-shop we cooperate during payment processing by credit card with the full-service payment provider Novalnet AG, Feringastraße 4, 85774 Unterföhring. For this purpose, your payment details are transmitted encrypted to Novalnet. Beyond the initiation of payment processing we have no further influence on the processing of data by Novalnet. For further information we refer to the data protection declaration of Novalnet AG which is available here. The legal basis for the processing in this case is article 6 (1 f) GDPR for the purpose of processing your orders and article 6 (1 b) GDPR for the execution of the contract signed with you.

YouTube

Occasionally, we use YouTube videos on our website from the provider Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These videos are embedded in the “extended data protection mode” of YouTube. According to YouTube, no information about the visitors of the website are stored, as long as no video is played. If you do play a video, you agree in accordance with article 6 (1 a) GDPR to your data being processed by YouTube as the responsible authority, and we have no further influence on the processing. For further information please refer to the YouTube Data protection declaration.

If the data within this context is to be processed outside the EU or the EEA, please note that there is the risk that authorities access the data for security and monitoring purposes without informing you or giving you legal redress. If we utilize providers in unsafe third countries, the transmission to a third country is based on your consent in accordance with article 49 (1a) GDPR.

Section 5 Deletion of Data

Unless stated specifically in this data protection declaration, data stored with us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing deletion. If the data is not deleted, because it is required for other and legally permitted purposes, its processing is restricted. I. e. the data is blocked and not processed for other purposes. This applies e. g. to data which must be retained for commercial or fiscal reasons.

Section 6 Your Rights as Data Subject

When processing your personal data GDPR grants you as data subject specific rights:

Right to Information (Article 15 GDPR)

You have the right to demand confirmation whether personal data about you is being processed; in this case you have a right to information about this personal data and about the information listed in detail in article 15 GDPR.

Right to Correction (Article 16 GDPR)

You have the right demand immediate correction of incorrect personal data relating to you, or the completion of incomplete personal data.

Right to Deletion (Article 17 GDPR)

You have the right to demand that personal data relating to you is deleted without delay if one of the reasons listed in detail in article 17 GDPR applies.

Right to Restrict Processing (article 18 GDPR)

You have the right to demand the restriction of processing if one of the conditions listed in article 18 GDPR is met, e. g. if you have objected to processing for the duration of review by the data controller.

Right to Data Portability (Article 20 GDPR)

In certain cases listed in detail in article 20 GDPR you have the right to receive the personal data relating to you in a structured, commonly available and machine-readable format or to demand the transmission of this data to a third party.

Right to Revocation (Article 7 GDPR)

If the processing of data is based on your consent you are entitled in accordance with article 7 (3) GDPR to revoke the consent to the use of your personal data at any time. Please note that the right to revocation only takes effect for the future. Processing prior to the revocation is not affected.

Right to Objection (Article 21 GDPR)

If data are collected on the basis of article 6 (1.1 f) GDPR (data processing to safeguard justified interests) or on the basis of article 6 (1.1 e) GDPR (data processing to safeguard the public interest or to exercise public authority) you have the right to object to the processing at any time for reasons related to your specific situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

Right of Appeal to a sSupervisory Authority (Article 77 GDPR)

In accordance with article 77 GDPR you have the right of appeal to a supervisory authority if you consider that the processing of data relating to you contradicts data protection legislation. The right of appeal may be exercised with any data protection authority of the member state of your place of residence, your workplace or the place of the alleged infringement.

Asserting Your Rights

Unless stated otherwise above, please contact the department specified in the imprint to assert your rights as data subject.

Section 7 Notice of a Right to Object to Direct Advertising

We may process your data for the purpose of direct advertising and you have the right to opt out of such processing. Please address your opt out request to: info@nord.com

Contact Details of the Data Protection Officer

Our external data protection officer is happy to provide you with information about data protection via the following contact details:

FIRST PRIVACY GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Germany
Web: www.first-privacy.com
E-Mail: office@first-privacy.com

If you contact our data protection officer, please also mention the data controller specified in the imprint.