Data protection
The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is functionally necessary for the technical transmission of the web pages and the secure server operation . A personalised evaluation of this data does not take place.
If you send us data via the contact form, this data will be stored on our servers in the course of data backup. We will only use your data to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.
Responsible Entity
noris network AG
Thomas-Mann-Straße 16–20
90471 Nuremberg
Phone: +49 911 9352-0
E-Mail: info@noris.de
Internet: www.noris.de
Data Protection Officer
Mr. Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Phone: +49 941 2986930
Fax: 0941 29869316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de
All interested parties and visitors to our website are welcome to contact us with questions regarding data protection, e.g. via the responsible entity and/or the data protection officer, as mentioned above.
Purpose and legal basis for the processing of your data
We only process personal data for specific purposes, these are explained below. The way in which your data is processed depends on the services, functionalities and offers of our website that are used. We process data for
- an establishment of contact and communication as well as
- a guarantee of security in the use of the site
The processing of your personal data is only carried out under the conditions of Article 6 paragraph 1 GDPR – lawfulness of the processing.
Visiting and calling up our website
You can visit our website purely for information purposes without transmitting any further personal data. When you visit our website, only the technically necessary information automatically transmitted by the browser is stored, i.e. the name of your internet service provider, the page from which you are visiting us, the date and time of your visit and the type of browser/operating system.
The information collected during the use of our website is only stored for the duration of your visit, as this data is required to achieve the aforementioned purposes. The storage of this data takes place in the form of log files on our web server and is necessary for technical reasons for the functionality of our website.
In case of event attacks on our internet infrastructure can be evaluated through the use of a Web Application Firewall (WAF) – which sets cookies – IP address for prevention and defence measures . In this case, we have a legitimate interest within the meaning of Art. 6 paragraph 1 f) GDPR in processing the IP address. This legitimate interest results from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible and to effectively prevent further attacks . The IP address is deleted after a retention period of 30 days if the evaluation excludes a malicious intention.
In addition, we use cookies to enable an optimised and facilitated use. (more details see below in the section “Cookies”).
Contact and appointment requests
We collect and store personal data when you contact us, e.g. by e-mail and/or our online contact form. It is your free choice which data you provide to us in a contact request. If you contact us by e-mail, we store the data you provide and process it exclusively for the purpose of the initial contact. If you contact us in the context of an existing business relationship and/or wish to receive information in advance about our offer, the information you provide will be processed for the purpose of processing and responding to your request in accordance with Art. 6 paragraph 1 point b) GDPR. We store personal data collected in connection with your contact until the purpose is fulfilled or for the duration of the processing of your enquiry. Further inventory data collected in the context of a subsequent inclusion in the customer database will be stored after the conclusion of a contract.
SnapADDY
At trade fairs and events, we use the SnapADDY app to collect business cards informations; your data will be scanned and digitally recorded. This data is only collected with your consent on the basis of Art. 6 paragraph 1 point a) GDPR or in the context of business negotiations on the basis of Art. 6 paragraph 1 point b, f) GDPR. The contact data is initially collected via the AWS Cloud (server in Frankfurt am Main) and then transferred to our own servers. This serves the purpose of further contact as described in the chapter “Contact and appointment requests”. At the end of a event, the data will be deleted from SnapADDY by noris sales department.
For more information about privacy at SnapADDY, please visit:
https://www.snapaddy.com/de/privacy-security-hub/datenschutz.html
Use of cookies
When you visit our website, we store information on your computer in the form of cookies with your consent. Cookies are small files that are transferred from an internet server to your browser and stored on its hard drive. The legal basis for the use of cookies is Art. 6 paragraph 1 point f) GDPR. This information, which is stored in the cookies, makes it possible to automatically recognise you the next time you visit our website, which makes it easier for you to use it.
If you do not want your computer to be recognised when you visit us, you can refuse the use of cookies, but this may restrict the use of some areas of our website.
In the following, the cookie categories are defined as follows:
Category | Description |
Necessary | Cookies or data that are necessary for technical reasons so that the website functions correctly. |
Functional | Cookies or data that are necessary for certain functions/services of the website to function or to increase the usability of the website. This also includes cookies from third-party providers. |
Statistical | Cookies to perform analyses of data in order to obtain information about the use of our website and the content requested. The processing is carried out with anonymised data. |
Marketing | Cookies to perform analytics on location data, visitor interests / interactions and the like to provide information about website visitors and content requested. These are used across channels for personalised profiling and merged with other personal data. |
Cookie consent with Borlabs
Our website uses Borlabs Cookies consent technology to obtain your consent to store certain cookies in your browser and to document this in a data protection compliant manner.
When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the Borlabs cookie provider. The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
Details on the data processing of Borlabs Cookie can be found at:
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 paragraph 1 point c ) GDPR. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). We have concluded a contract on commissioned processing (CPC) pursuant to Art. 28 GDPR with the provider.
This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Category | Cookie name | Description | Validity |
Necessary | borlabs-cookie | Saves the settings of the visitors selected in the Cookie Box of Borlabs Cookie. | 1 year |
Matomo
Matomo itself is a web application based on PHP and MySQL, which is installed directly on our server. By means of a JavaScript tracking code on our website, individual page views are tracked. The IP of the visitor – pseudonymised – the date and time of the visit, the title and URL of the page visited, the referrer URL, the time zone, downloads, link clicks and the browser language are tracked.
Matomo is an open source project and has no company headquarters; the software is hosted on prem in the noris network data centre.
The legal basis for data processing is your consent in accordance with Art. 6 paragraph 1 point a) GDPR.
Category | Cookie name | Description | Validity |
Statistical | _pk_*.* | Cookie from Matomo for website analytics. Generates statistical data about how the visitor uses the website. | 13 months |
truffle.one
On our website, we use the web technology for company recognition of truffle.one GmbH, Am Weißen Stein 16, 53227 Bonn, Germany (“truffle.one”) to identify companies as website visitors. When you visit our site, your IP address is matched to determine whether you as a website visitor come from a static, i.e. a fixed company IP address.
The domain name and the name of the company are derived from this. In doing so, we can determine how long visitors to our website have stayed on one of our web pages. It is not possible for us to draw a personal line. We can only assign you as a visitor to the website who came from the static IP address. The IP address is then discarded. We use the information to evaluate your use of our website, to compile reports on website activity for us and to improve our marketing and promotional approach. The legal basis for data processing is your consent in accordance with Art. 6 paragraph 1 point a) GDPR.
Category | Cookie name | Description | Validity |
Marketing | truffle.one | Matching user IP address with static, i.e. a fixed company IP address, to derive the domain name and the name of the company. This allows us to determine how long visitors have stayed on our website. | Session cookies: These cookies are deleted from your end device immediately after you close your web browser. Persistent cookies: These cookies remain on your end device even after you close your web browser and enable us, for example, to recognize you the next time you visit our website. |
LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups.
Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also take place across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after 7 days. The remaining pseudonymised data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it in the context of its own advertising measures.
For details, see LinkedIn’s privacy policy at:
https://www.linkedin.com/legal/privacy-policy#choices-oblig.
The use of LinkedIn Insight is based on Art. 6 paragraph 1 point f) GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 paragraph 1 point a) GDPR.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs
You can object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account.
Category | Cookie name | Description | Validity |
External Media/Marketing | LinkedIn Insight Tag | Efficiency measurement for retargeting through conversion tracking, website target groups and website demographics analysis | Members’ direct identifiers are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days. |
Google Maps
This website uses Google Maps to display maps and to create directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Maps on this website, you consent to the collection, processing and use of automatically collected data and data provided by you by Google, one of its agents, or third parties.
The terms of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps/
You can find the Google Maps privacy policy at:
https://policies.google.com/privacy
Category | Cookie name | Description | Validity |
External media/functional | NID | Used to unlock Google Maps content. | 6 months |
Youtube
We use the provider YouTube to embed videos. The videos were embedded in the extended data protection mode. Like most websites, however, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. This also leads to a connection with the Google Double-Click network. When you start the video, this could trigger further data processing operations. We have no influence on this.
For more information about privacy at YouTube, please see their privacy policy at:
http://www.youtube.com/t/privacy_at_youtube
Category | Cookie name | Description | Validity |
External media/functional | NID | Used to unlock YouTube content. | 6 months |
Social Media
As a modern future-oriented company, noris network AG informs potential interested parties through our social media pages.
We have no influence on the scope of the data collected by the social network. Please refer to the data protection information of the respective social network for more information:
Security by means of technical organisational measures (TOM for short)
We have taken technical and organisational security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted by default during transmission using the SSL protocol. This means that your data cannot be misused by third parties.
Our security measures are subject to a continuous improvement process and our data protection declaration is constantly revised. Our TOMs are continuously 1 reviewed and further developed according to the modern state of the art in accordance with Art. 32 GDPR.
Security by means of video surveillance at noris locations
noris network AG monitors security-relevant areas inside and outside its buildings and premises by means of video transmission (livestreams).
At premises/building locations where noris network AG uses video surveillance, this is indicated by a corresponding sign. As part of the security concept of noris network AG, video recording is carried out in order to ensure a quick inspection of the external building fronts including the adjacent environment without endangering the company’s own personnel. General video surveillance of the public space does not take place. As soon as you are within the detection range of the cameras, you are the subject of this data processing.
noris network AG has a legitimate interest in the use of video surveillance (Art. 6 paragraph 1 point f) GDPR). It makes a significant contribution to ensuring the fullest possible building and personal security in a personnel-friendly manner.
With video surveillance, we pursue the following goals depending on the circumstances of the respective locations:
- Securing the site from vandalism
- a (necessary) monitoring of alarm-secured doors
- a detection of illegal access attempts
- a detection of blocked emergency exits
- a preservation of evidence in the case of criminal offences
With the help of video surveillance, measures can be initiated immediately to eliminate grievances from the listed points. It not only serves to protect the building, but also your personal safety.
Video data is only evaluated on an ad hoc basis. noris network AG may commission external service providers to evaluate the video surveillance. In addition to the livestream, these also receive access to recordings of the video cameras in the respective contractually defined area of responsibility. The video surveillance data will be deleted immediately if it is no longer necessary to achieve the purposes for which it was collected. In the event of a violation of the house rules, the commission of a criminal offence or if required by law, the recordings can or must be handed over to security authorities.
Security in the application process through noris applicant portal
Your application data transmitted to us will be collected and processed electronically by us for the purpose of processing the application procedure. This may involve the following personal data in particular: Name, contact details, date of birth, as well as personal data of special categories resulting from Art. 9 paragraph 1 GDPR.
If your application is followed by the conclusion of an employment contract, your transmitted data will be further processed by us in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations.
The processing of your data within the application procedure is based on Art. 6 paragraph 1 point b) GDPR in conjunction with Section 26 Federal Data Protection Act (BDSG).
The deletion of the data you have submitted takes place automatically two months after notification of the rejection or six months after the award of the position if your job application is rejected. This does not apply if longer storage is necessary due to other legal obligations (for example, the duty of proof under the General Equal Treatment Act).
General data subject rights pursuant to Art. 15 ff GDPR
You have the following statutory data protection rights under the respective legal conditions:
- Right to information ( 15 GDPR, Section 34 Federal Data Protection Act (BDSG)
- Right to deletion ( 17 GDPR, Section 35 Federal Data Protection Act (BDSG)
- Right to rectification ( 16 GDPR, Section 34 Federal Data Protection Act (BDSG)
- Right to restriction of processing ( 18 GDPR)
- Right to data portability ( 20 GDPR)
To exercise your rights as described here, you can contact the data controller at any time using the contact details above.
You also have the right to complain to the data protection supervisory authority responsible for us. In Nuremberg, where we have our registered office, the:
competent supervisory authority: |
Bavarian State Office for Data Protection Supervision, P.O. Box 606, 91511 Ansbach, Germany |
Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.
General deletion period according to Art. 17 GDPR
We delete all personal data after the purpose for collecting the information has been fulfilled, unless legal deadlines dictate a different period of time or there is a permanent purpose (e.g. video surveillance) and thus deletion takes place according to fixed routines.
Right of revocation and objection pursuant to Art. 21 GDPR
In accordance with Art. 7 paragraph 2 GDPR, you have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 paragraph 1 f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR and to provide us with reasons that arise from your particular situation and that you believe outweigh your interests worthy of protection. If it is a matter of objecting to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details of the responsible person mentioned above. For the sake of completeness, this information is presented here once again:
Responsible entity: |
noris network AG Thomas-Mann-Strasse 16–20 90471 Nuremberg Phone: +49 911 9352-0 Data protection info@noris.de https://www.noris.de/ |
Changes to privacy notices
Further development of the Internet, as well as the jurisdiction for our website, may also have an effect on this data protection notice. We reserve the right to change this (partly website-specific) data protection notice in the future in order to comply with current legal requirements and/or to reflect additions or changes to our website.
The current version of this data protection notice applies to your visit, which you can access on each sub-page under the link “Data protection”.
Status of this data protection notice June 2023