NT-ware Systemprogrammierungs-GmbH

Privacy Notice

Overview:

  • Data protection at a glance
  • Hosting
  • General notes and mandatory information
    1. data controller
    2. data protection officer
    3. general information on data collection
    4. storage duration
    5. data transfer to third countries
    6. rights of data subjects and security
  • Data collection (detailed)
    1. server log files
    2. enquiries by e-mail, contact form, telephone or fax
    3. applications
    4. creation of user accounts/registration (e.g. uniFLOW, support, partner site)
    5. password reset
    6. surveys
    7. webinars
    8. newsletter
    9. Status page
    10. learning portal (distribution of online trainings
    11. emergency contact
    12. video conference
    13. cookies
  • Social media (e.g. Facebook, Twitter, Instagram)
  • Data exchange with NT-ware subsidiaries
  • Data exchange in special situations
  • Plugins and tools (e.g. YouTube, Xing, Google Maps, MS Teams, MS Forms, Google reCAPTCHA)
  • Changes

 

1. Data protection at a glance

General

The following is a simple overview of what happens to your personal data (personal data is any data that identifies you personally) when you visit this website or other websites for which NT-ware is responsible and depends on which features you use on those websites.

Detailed information about data protection is provided below.

 

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section "Information on the data controller" in this privacy notice.

 

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you send to us via the email function or a contact form. Other data is collected automatically or with your consent by our IT systems when you visit our websites. This is mainly technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter our websites.

Your data may therefore be collected by:

  • you visit our websites and interact directly with us;
  • you create an online profile and register with us or one of our partners for our services and/or products;
  • you purchase products or services from us;
  • automated interactions take place through IT systems;
  • we use publicly available data;
  • interactive forms and tools are used by NT-ware;
  • you want/need to reset your password;
  • you use our ITS support system
  • subscribe to our newsletter(s)
  • you apply to work for us either by applying to one of our vacancies or by sending us your unsolicited curriculum vitae.

 

What data is collected?

The personal data collected from you depends on the use of our services and the use of certain functions available on our websites and the automatic data collection mentioned above.

This can be the following data (list not final):

  • Personal names;
  • Telephone and fax number, e-mail address;
  • Reasons for contacting NT-ware;
  • Product and service preferences;
  • Service orders and maintenance requests;
  • Data you provide when submitting information in connection with your application;
  • Server log files (for more information, see "Server Log Files" in section 4 of this Privacy Notice);
  • Other information relevant to doing business with NT-ware or becoming a customer of NT-ware.

 

What do we use your data for?

Part of the data is collected to ensure the error-free provision of our websites. Furthermore, we use your data so that we can process the enquiries you make, e.g. via the email function or contact forms, offer you the best possible service and support or respond to your applications. 

We use the data that you enter for the purpose of creating user accounts via the input mask on the respective websites for the purpose of activating and generally administering your account so tat you can use the respective product or service in accordance with the contract and as agreed.

 

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the source, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time about this and other questions on the subject of data protection.

 

2. Hosting

Hosting with Hetzner

We host our websites with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter: Hetzner).

When you visit our websites, your personal data is processed on Hetzner's servers. Personal data of European website visitors are generally not hosted on servers located outside the European Union or the European Economic Area, but remain within the European Union or the European Economic Area.

Further information can be found in Hetzner's privacy notice:
https://www.hetzner.com/legal/privacy-policy/

The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

 

Order Processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

3. General notes and mandatory information

Data Privacy

The providers of these websites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy notice.

When you use our websites, various personal data is collected. This privacy notice explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A gapless protection of data against access by third parties is not possible.

 

Note on the data controller

The data controller for this website is:

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstraße 6
49186 Bad Iburg
Germany

Telephone: +49-54 03 - 7243 - 0
E-Mail: privacy@nt-ware.com

 

The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

 

Note on the data protection officer

If you have any questions about your personal data processed by us or this privacy notice, you can contact our data protection officer by email at privacy@nt-ware.com or by post at the address of the data controller (see " Note on the data controller") with the addition of DATA PROTECTION DEPARTMENT.

 

Storage duration

Unless a more specific storage period has been specified within this privacy notice, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

Thus, we treat your personal data with regard to deletion and retention periods as follows:

  • we only store information about your visit to our website for as long as is necessary for the purposes stated.
  • we usually delete users' browser data every 12 months.
  • we generally do not retain information submitted by applicants for longer than 6 months after a relevant recruitment decision. If your application is unsuccessful, we may, subject to your consent, keep your application for longer if you are suitable for another vacancy that may arise in the future within our group companies. If your application is successful, the relevant information will be used for the purpose of managing your subsequent employment.

 

Furthermore, we keep your personal data:

  • to the extent necessary to provide you with our products or services;
  • to the extent necessary for the purposes set out in this privacy notice or at the time of collection;
  • to the extent necessary to comply with our legal obligations and in accordance with legal requirements; and
  • to resolve disputes and to comply with our contracts

 

After expiry of the applicable retention period, the personal data is deleted or made anonymous. This is ensured by the following measures:

  • Deletion of the unique identifiers that allow a record to be associated with a specific individual;
  • Deletion of individual information that identifies the data subject (either alone or in combination with other information);
  • Separation of personal data from non-identifying information (e.g. an order number from a customer's name and address); or
  • Aggregation of personal data in such a way that it can no longer be attributed to an individual.

 

Note on data transfer to the USA and other third countries

Among other things, we use tools and services from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active or the data is passed on to the respective service providers, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

 

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

 

Right to object to the collection of data in specific cases and to direct marketing

If the data processing is based on Art. 6 para 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy notice. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests/reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 para. 2 GDPR).

 

Right of complaint to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of complaint to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

 

Right of data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

 

Security

The security of your personal information is very important to us. We use physical, electronic and administrative security measures to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration and destruction.

We also conduct employee training, regular reviews, assessments and implementation of new (or applicable) technologies, as well as data deletion, encryption, firewalls and access restrictions.

Furthermore, all personal data is located in data centers with security features that comply with legal requirements. All data is protected in accordance with applicable security standards.

However, due to the nature of the Internet, NT-ware cannot guarantee the security of personal data. In the event that your personal information is or is reasonably suspected to be in the hands of an unauthorised person and applicable law requires notification, we will notify you by email, fax, post or other appropriate means. NT-ware will promptly notify you to the extent necessary for law enforcement and/or NT-ware to determine the extent of the breach and to investigate and restore the integrity of the data system.

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, our websites use SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its source and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose and for further questions on the subject of personal data.

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
  • If you have raised an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

 

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

 

4. Data collection

Server log files

The providers of the pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

 

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The providers have a legitimate interest in the technically error-free presentation and optimisation of the website - for this purpose, the server log files must be collected.

 

Enquiry by e-mail, contact form, telephone or fax

If you contact us by e-mail, contact form, telephone or fax, your enquiry including all personal data resulting from it (e.g. name, telephone number, e-mail address, country) will be stored and processed by us for the purpose of processing your request.

The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para 1 lit. f GDPR) or on your consent (Art. 6 para 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Applications

PURPOSES AND LEGAL BASIS OF PROCESSING

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Article 88 DSGVO in conjunction with Section 26 BDSG for purposes of the employment relationship, if this is necessary for the decision on the establishment of an employment relationship. Furthermore, we may process personal data from you if this is necessary for the fulfillment of legal obligations (Art. 6 para. 1 lit. c DSGVO) or for the defense or assertion of legal claims. The legal basis for this is Art. 6 (1) lit. f DSGVO. The legitimate interest is for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) lit. a DSGVO. Consent given can be revoked at any time with effect for the future. If an employment relationship arises between you and us, we may, in accordance with Art. 88 DSGVO in conjunction with Section 26 BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

CATEGORIES OF PERSONAL DATA

We only process data that is related to your application. This may be general data about you (name, address, contact details, etc.), information about your professional qualifications and school education, information about further professional training and, if applicable, other data that you provide to us in connection with your application.

SOURCES OF DATA

We process personal data that we receive from you by mail or e-mail in the context of contacting you or your application, or that you send us via jobs@nt-ware.com.

RECIPIENTS OF THE DATA

We disclose your personal data within our company exclusively to the areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest. Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary to fulfill legal obligations, or if we have your consent.

We may obtain the above data from other (external) sources, including recruitment companies. We may also receive data that you have made public on job-related social networks, such as LinkedIn or Xing, or that you provide to us via other websites, such as Monster job portal. The purpose is to contact you about job offers or to verify the accuracy of your information from the application documents.
The above-mentioned data processing takes place exclusively for the following purposes:

  • To initiate and progress the recruitment process, process your application and potentially establish an employment relationship
  • To contact you should you be considered for an alternative position
  • To contact you on the basis of your unsolicited application
  • To send you personalized information about open positions at NT-ware in accordance with the consent you have given.

For the general storage period of your applicant data, please refer to this privacy notice under point 3 "Storage period".

As part of the application process, the interviews required to establish an employment relationship may also take place virtually. For this purpose, the controller regularly uses the Microsoft application TEAMS. Information on data processing when using Microsoft Teams can be found in this Privacy notice under point 8 and under the following link: docs.microsoft.com/en-us/microsoftteams/teams-privacy.

Creation of the user account for uniFLOW Online Express

To create your user account for uniFLOW Online Express, it is necessary to process your personal data. The user account is necessary so that you can use uniFLOW Online Express in accordance with the contract. When you submit the completed form, the following data entered will be transferred to us for further processing and you will receive your access data from us by email. The following data will be processed by us as described above:

  • Username,
  • Email address,
  • Department (optional),
  • Company address,
  • "Tenant" Name (Domain Name),
  • Telephone number (optional),
  • Place of residence (country),
  • Serial number of the "Dealer Tenant" (optional)

 

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, namely for the fulfilment of the contract for the agreed use of uniFLOW Online Express or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after you have cancelled your account or are no longer authorized to use this account).  Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

NT-ware Customer/Support Portal Registration

We offer users (exclusively reserved for Canon directly or Canon partners) the possibility to register for our NT-ware Customer/Support Portal by providing personal data. The data is collected by means of Microsoft Forms.

By submitting the form, the following personal data will be collected for the purpose of the registration process:

  • First name,
  • Surname,
  • Position,
  • Company,
  • Country/region

 

The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of the enquiries addressed to us and to collect the information required for registration for the NT-ware Customer/Support Portal via an appropriate, reliable and secure platform or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after you have cancelled your account or are no longer authorized to use this account). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

Partner Site Registration

We offer users (Canon directly or Canon partners only) the opportunity to register for our partner site by providing personal data. The data is collected by means of Microsoft Forms.

By submitting the form, the following personal data will be collected for the purpose of the registration process:

  • First name,
  • Surname,
  • Position,
  • Country/region

 

The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of the enquiries addressed to us and to collect the information required for registration for the partner site via an appropriate, reliable and secure platform or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after you have cancelled your account or are no longer authorized to use this account). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Password Reset

To reset your password for the NT-ware Partner Portal, you will be redirected to Microsoft Forms to enter the information required to reset your password.

By submitting the form, your request will be processed, including all personal data resulting from it:

  • First Name,
  • Surname,
  • Email address (optional),
  • "Comment" (optional free text field for further information)

 

The processing of this data is based on Art. 6 para 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of the enquiries addressed to us or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after you have completed resetting your password/processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Surveys (especially using Microsoft Forms)

From time to time, Nt-ware's departments (in particular Marketing, Training and Business Development) conduct surveys or provide special questionnaires which can be addressed internally and externally. The purpose of the particular survey or questionnaire will be explained in the introductory text (this may also be to gain access to certain pages or to generate an account, as described in the "Partner Site Registration" and "Password Reset" sections above). This may involve the processing of personal data about you. The scope of the data processed here depends on the specific survey. Please note that some data can also be provided voluntarily - these fields are marked accordingly.

Access to the data you provide follows a strict need-to-know principle, which means that only authorised persons are granted access to your personal data who really need it.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), which is determined by the purpose stated in the specific survey, or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

We use Microsoft Forms as the medium for data retrieval. For further information on Microsoft Forms, please refer to this data protection policy under the section "Microsoft Forms".

 

Registration for the webinar and performance

In order to be able to conduct webinars via the internet, we use the software solution GoToWebinar from LogMeIn located: The Reflector, 10 Hanover Quay, Dublin 2 D02R573, Ireland.

 

For this purpose, we transmit your registration data to this service provider who, as our order processor, may only use your data on an order-related basis for the performance of the webinar. In addition, the service provider collects further of your data in order to provide the service. This includes, for example, the following information:

  • general data on the use of the service,
  • location data,
  • web browser data,
  • IP data of the device

 

More information on this can be found in LogMeIn´s privacy notice at:  https://www.goto.com/company/legal/privacy/international

You can participate in a webinar if you have previously registered via our website at https://web.nt-ware.net/partner/training-certification/webinars/. The following personal data will be requested for this purpose:

  • first name, last name,
  • company,
  • e-mail address,
  • country

 

We use the above registration data exclusively for the performance of the webinar and general internal organisation for webinar management.

The data entered is processed exclusively on the basis of your consent (Art. 6 para. 1 a GDPR). You can revoke your consent to the processing of your personal data at any time by declaring your revocation directly to the responsible specialist department of NT-ware at the following e-mail address: training@nt-ware.com.

 

Furthermore, your personal data may be shared within the NT-ware Group, the Canon Group and, where applicable, with Canon partners. This is for general organization regarding the actual participation of individual employees and follows a strict need-to-know principle, which means that only authorized persons will be granted access to your personal data who actually need it.

The legal basis for this data processing/exchange is the legitimate interest of the data controller according to Art. 6 para. 1 f GDPR.

The data you enter will remain with us until you request us to delete it, revoke your consent to process it or the purpose for processing the data no longer applies.

Mandatory legal provisions - in particular retention periods - remain unaffected.

 

Newsletter

If you wish to receive one (or more) of our newsletters, the following data may be processed from you (depending on the newsletter, this may vary occasionally):

  • first name, last name,
  • company,
  • e-mail address,
  • country

 

No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information.

We use the service provider Mailchimp (c/o The Rocket Science Group), based in LLC675 Ponce De Leon Ave NESuite 5000, Atlanta, GA 30308 USA, for handling the newsletters. Further information on the processing of your data by this service provider can be found at: https://www.intuit.com/privacy/statement/

 

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that it only processes your personal data according to our instructions and in compliance with the GDPR.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time via the "unsubscribe" link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

 

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. Mandatory legal provisions - in particular retention periods - remain unaffected.
We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para 1 f GDPR.

After your name has been removed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

 

Status Page

If you would like to receive automatic notifications about maintenance work and the status of uniFLOW Online (“status email”) by e-mail, the following data will be processed:

  • Email address

 

No further data will be collected.  We use this data exclusively for sending the requested status information.

We use the service provider OneUpTime (c/o HackerBay, Inc.) based at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808, United States. Your data is transferred to a third country (USA).

We concluded a data processing agreement with the above-mentioned service provider in accordance with Article 28 GDPR (standard contractual clauses of the European Commission). This is a contract required under data protection law, which ensures that the service provider only processes your personal data in accordance with our instructions and in compliance with the GDPR.

The email address entered in the registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the use of your email address for sending status emails at any time by clicking on the “Unsubscribe” link in the respective status email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The email address you provide for the purpose of receiving the status emails will be stored by us until you unsubscribe from the status emails and deleted from the distribution list after you unsubscribe from the status emails or after the purpose for which the data was collected no longer applies.

 

Learning portal (distribution of online trainings)

We offer several online training courses for those who have registered for our Partner Portal (NT-ware or Canon employees, Canon Partners).

Some information is automatically added to your profile when you register on the Partner Site and can be managed there. Other information is optional and can be added and changed. The following data may therefore be processed:

  • first name, last name,
  • email address,
  • username,
  • company,
  • country,
  • title,
  • address,
  • phone number,
  • skype,
  • twitter,
  • job role

 

If you wish to take and start an online training course via our Learning Portal, the following data may be collected and processed from you further to the information above:

  • start and finish date of the course,
  • time to take the course,
  • last login,
  • assigned date,
  • attempts for the test/quiz

 

The processing of this data is based on Art. 6 para 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures like enabling you to use our training service. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective and sustainable performance of the trainings we offer you (in particular the recording of the current state of knowledge and support for personal development by taking into account the test/quiz results) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

We use SAP Litmos for running the Learning Platform. Your data is hosted on data centers within the EU.
Further information on the processing of your data by this service provider can be found at: https://www.litmos.com/privacy-policy

 

We have concluded a data processing agreement (DPA) pursuant to Article 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which ensures that it only processes your personal data according to our instructions and in compliance with the GDPR.

Your data (including the training carried out) can be made available to the so-called "Team Manager". The Team Manager is a role within the system and comprises one or more persons (usually from the Business Development Department) and is responsible for a specific region (e.g. Germany/Netherlands/USA). If you are subordinate to this Team Manager or Managers in the system, access can take place here by the named Managers. This is for the purpose of general organization. Furthermore, it is of central importance for the Team Managers to evaluate the level of knowledge of the training participants, where there is still potential for development and to convey general awareness about the NT-ware products.
The legal basis for this data processing/exchange is the legitimate interest of the controller pursuant to Art. 6 para 1 lit. f GDPR and follows the need-to-know principle where only the Team Managers have access to the data of their subordinate trainees.

The data us will remain with us until you request us to delete it (if legitimate) or the purpose for storing the data no longer applies (e.g. after you have cancelled your account or are no longer authorized to use this account). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Emergency Contact

Our employees have the option of specifying an emergency contact in order to inform a person from their private environment, e.g. in the event of an accident or health hazard. If you have been given as an emergency contact by employees of our company, this is based on their "legitimate interests" (Art. 6 para. 1 lit. f GDPR).

The legitimate interest for the above purposes is that the employer can reach someone from the employee´s private environment as quickly as possible. Depending on the severity of the accident, the employee may in fact no longer be able to do this himself.

In this context, the following data may be processed:

  • first name, last name,
  • relationship to the employee,
  • telephone,
  • e-mail, address

 

The data us will remain with us until you request us to delete it (if legitimate) or the purpose for storing the data no longer applies (e.g. the employee departs from the company or states another emergency contact). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Video conference recording

In rare cases, organizers of a video conference, online training, webinar, etc. (hereinafter referred to as "online conference") may take the opportunity to record it. You will of course be informed verbally by the organizer during the online conference prior to this intention.

The possibility of recording online conferences is an important component, if necessary, in order to avoid having to hold training courses, webinars or other important conferences more than once, to give absent participants (for example, due to illness or conflicting appointments) the opportunity to view them at another time. Furthermore, it can be ensured that the participants can call up the recording on their own for repeat purposes and thus any queries to the organizer of the online conference are no longer necessary. As a consequence, this leads to less workload for both parties (the participant and the organizer of the online conference).

Primarily, there may be a processing of names, images and sound once the recording has started. Furthermore, it cannot be ruled out that sensitive personal data such as political opinions, religious or ideological convictions or similar will be processed as a result of questions and/or comments from participants or comments from the organizer of the online conference. The controller has no control over this and it is up to the participants to decide to what extent they disclose personal data through comments and questions.

The legal basis for this data processing is the legitimate interest of the controller pursuant to Art. 6 para 1 lit. f GDPR. The controller has the legitimate interest in a proper and effective workflow. As the above-mentioned purposes already make clear, the recording of the online conference leads to a clear facilitation of the work of both parties. Furthermore, the legitimacy of this data processing can also be based on your consent (Art. 6 para. 1 lit. a GDPR), if this was requested.

Your data will be deleted after the above-mentioned purposes cease to apply (e.g. if an online conference is no longer relevant or similar), insofar as there are no further legal or operational necessities, usually after 2 years. Mandatory legal provisions - in particular legal retention periods - remain unaffected.

 

Cookies

Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our sites (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. for displaying videos) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this privacy notice and, if necessary, request your consent.

 

Further information on the cookies used on this website is set out in our Cookie Policy and can be found at: https://www.nt-ware.com/en/special-pages/cookie-policy/.

Furthermore, NT-ware uses automated tools that are used to collect certain information. These include:

  • Web beacons: A web beacon is an invisible file located on a web page that is used to track a visitor's navigation and performance on a website. The web beacon can communicate with your computer to determine, among other things, whether you have previously visited a page on the NT-ware website or viewed a particular online advertisement;
  • Embedded links: An "embedded link" is a link to a web page that may be in an email you receive from NT-ware. When you click on an embedded link, NT-ware may collect information about the subsequent interaction, and this information could be linked to your identity. If you do not want NT-ware to collect information about the links you click, you may choose not to click on any links in an email from NT-ware

Furthermore, links from external providers or links to other websites for which NT-ware is responsible are available on some of our websites, which are displayed, for example, in our blog, Trust Center, Useful Links or the News. If you do not want information about you to be collected through these websites, please do not click on these links or ensure that you only enable the cookies that you agree to use as part of the cookie settings on the relevant website.

 

5. Social Media

Facebook Plugins

Plugins of the social network Facebook are integrated on some of our websites. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognise the Facebook plugins by the Facebook logo on some of our websites. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=en_US.

When you visit some of our websites, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited the respective website with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of the respective website on your Facebook profile. This enables Facebook to associate your visit to the respective website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook's privacy notice at: https://www.facebook.com/privacy/explanation.

 

If you do not want Facebook to be able to assign your visit to the respective website to your Facebook user account, please log out of your Facebook user account.

The use of Facebook plugins is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint controllership is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint controllership. The obligations we jointly have have been set out in a joint processing agreement. You can find the text of the agreement at:

https://www.facebook.com/legal/controller_addendum.

 

According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for implementing the tool on our websites in a way that is secure in terms of data protection. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://www.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php

 

Twitter Plugin

Functions of the Twitter service are integrated on some of our websites. These functions are offered by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. You can find more information on this in Twitter's privacy notice at: https://twitter.com/de/privacy.

The use of the Twitter plugin is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can change your Twitter privacy settings in your account settings at https://twitter.com/account/settings.

 

Instagram Plugin

Functions of the Instagram service are integrated on some of our websites. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This enables Instagram to assign the visit to the respective website to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Insofar as personal data is collected on our websites with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint controllership is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint controllership. Our joint obligations have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum.

 

According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a way that is secure in terms of data protection. Facebook is responsible for the data security of the Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

 

For more information, please see Instagram's privacy notice:

https://instagram.com/about/legal/privacy/

 

6. Data exchange with other NT-ware subsidiaries

Unless otherwise stated in this privacy notice, personal information is for internal use only and will not be disclosed to third parties. Notwithstanding the foregoing, information about users of the features on our websites may be shared with other NT-ware Group companies, namely:

  • NT-ware ES (Zettachring 10, 70567 Stuttgart, Germany),
  • NT-ware USA, Inc. (105 Maxess Road, Suite S129, Melville N.Y. 11747, USA),
  • NT-ware Asia, Pte. Ltd. (438 Alexandra Road #04-01 Alexandra Point, 119958, Singapore),
  • NT-ware Japan Inc. (2-4-11, Higashi Shinagawa, Shinagawa, Tokyo, Japan, 140-0002)

 

These are primarily support requests submitted to us by you (via the ITS support system).

These help to offer and improve our products and services, promote sales and respond to your enquiries.

The exchange of personal data with our NT-ware subsidiaries is based on Art. 6 para. 1 lit. f GDPR and is only for internal management purposes. This constitutes a legitimate interest for affiliated companies under the GDPR (recital 48 GDPR "small group privilege"). Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

If the processing of your request has a (pre-)contractual background, we rely on Art. 6 para. 1 lit. b GDPR for the transfer (if this is necessary) of your personal data.

We have concluded a data processing agreement (DPA) with the above-mentioned subsidiaries. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Standard contractual clauses have been concluded with the subsidiaries in the USA and Singapore as a appropriate safeguard for the exchange of personal data pursuant to Art. 46 para. 2 lit. c GDPR. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries. As already mentioned, US companies, for example, are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this.
If personal data is exchanged with the subsidiary in Japan, the adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR will be relied upon. Such an adequacy decision means that the European Commission has decided that a transfer of personal data to a third country may be made because the third country in question offers an adequate level of protection.

 

7. Data exchange under special circumstances

In the event of an acquisition of NT-Ware or substantially all of its assets, customer information may be one of the transferred assets. In addition, in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all of our business, assets or shares (including in connection with a bankruptcy or similar proceeding), the personal information we process may be transferred to the relevant third party.

 

8. Plugins und tools

YouTube

Some of our websites embed videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit some of our websites on which YouTube is embedded, a connection to YouTube's servers is established. This communicates to the YouTube server which of our pages you have visited.

Furthermore, YouTube can save various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to our websites. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy notice at:

https://policies.google.com/privacy?hl=en

 

XING Plugin

Some of our websites use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING functions is requested, a connection to XING servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored.

In addition, there is no evaluation of usage behavior via the use of cookies in connection with the "XING Share Button".

The use of the XING plugin is based on Art. 6 para 1 lit. f GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media.

Further information on data protection and the XING Share button can be found in the XING privacy policy at: https://privacy.xing.com/en/privacy-policy.

 

Google Maps

On some of our websites, we use Google Maps (API) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is a web service for displaying interactive maps in order to provide geographical information. In particular, the use of this service displays the location of the company and facilitates travel.

 

When you visit one of the sub-pages on which the Google Maps map is embedded, information about your use of our website (e.g. your IP address) is transmitted to Google's servers in the United States and stored there. This happens regardless of whether Google provides a user account to which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account.

If you do not wish to be associated with your Google profile, you must log out of your Google account before activating the "Register" button for the test drive. Google stores your data (also for users who are not logged in) as usage profiles and evaluates them.

Pursuant to Art. 6 para. 1 lit. f GDPR, such an evaluation is based on Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise these rights.

Please note: Google LLC is based in the United States. Since the discontinuation of the EU-US Privacy Shield, an adequate level of data protection, such as can be assumed within the European Union, is no longer guaranteed for the United States.

If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. In this case, Google Maps and the map display on this website cannot be used.

 

You can find Google's terms of use at:

https://policies.google.com/terms?hl=en

Further terms of use for Google Maps can be found at:

https://www.google.com/intl/en_US/help/terms_maps/

 

For details on data protection in connection with the use of Google Maps, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en

 

Microsoft- Teams

For conferences, we use online tools (usually Microsoft Teams). In this process, your personal data is transmitted to the provider of the online tool (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland), who then collects and processes it. All data required for the use of the tool is collected. Technical data (e.g. IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection) is also processed to handle online communication. Insofar as content (e.g. chats, videos, photos, files, voicemails, etc.) is provided within the online tools, this is also processed by the provider.

For more information on data processing by the online tools, please refer to the privacy statements (https://docs.microsoft.com/en-us/microsoftteams/teams-privacy) of the tools.

 

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our users and website visitors in accordance with our instructions and in compliance with the GDPR.

 

Microsoft- Forms

For the purpose of surveys, we regularly use the Microsoft Forms application. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland.

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that they only process the personal data of our users and website visitors in accordance with our instructions and in compliance with the GDPR.

Further information on data protection and FAQs can be found at:

https://privacy.microsoft.com/en-us/privacystatement

and

https://support.microsoft.com/en-us/office/security-and-privacy-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9.

 

Google reCAPTCHA

For the purpose of preventing so-called bots (machines/robot programs) from abusing certain interactions such as registrations on websites (e.g. through fake user attacks), we use Google reCAPTCHA (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) on some of our websites. Google reCAPTCHA tests whether it is a user/website visitor or a bot and thus enables access to the website.

When checking (activating the tool) whether it is a "human" user or a bot, the following personal data may be processed and forwarded to Google (transmission to the USA is also possible):

  • IP address
  • Date
  • Referrer URL
  • Browser PlugIns
  • Information about the operating system
  • Cookies (other Google cookies), if applicable
  • Mouse movements and keyboard strokes
  • Dwell time
  • User device settings (e.g. language settings, location, browser, etc.)

 

Google reCAPTCHA is used in the interest of the security of our websites and products. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR (among other things, a prevention of spam). If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

 

9. Changes

This Privacy Notice may be amended from time to time. You should therefore check the websites regularly for changes regarding the privacy notice. If necessary, we will inform you directly about such updates.

 

This privacy notice was updated in September 2022.

© 2022 NT-ware Systemprogrammierungs-GmbH