Privacy Policy

(Issued: 2024)

The protection of your personal data is important to us. According to the EU General Data Protection Regulation (Article 13 GDPR), we are obliged to inform you about the purpose for which we collect, store or disclose data and what rights you have with regard to data protection. The content and scope of the data processing depends largely on the data provided by you or the data required for the business relationship or communication.

Who is responsible for data processing and who can I contact?

nora systems GmbH – Höhnerweg 2-4, 69469 Weinheim, Germany, Telephone: (+49) 6201 - 80 5666, email: info-de@nora.com – is responsible for the data processing.

Data Protection Officer:  Olga Stepanova, ByteLaw Rechtsanwälte Koch Stepanova Veeck Part mbB, Bockenheimer Landstraße 51-53, D- 60325 Frankfurt am Main, Germany, data-protection@nora.com

Data protection supervisory authority: The State Commissioner for Data Protection and Freedom of Information (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit) Baden-Württemberg, Königstrasse 10 a, D-70173 Stuttgart, Germany.

Which data is processed and where does this data come from?

We process personal data provided by you, by a partner commissioned by you or by one of our business partners during the course of our business relationships. In addition, we process data that we have legitimately obtained from publicly available sources (e.g. commercial register, address directory, media, trade fair participants). Personal data includes your personal details (e.g. title, name, country, address, email address and telephone number, delivery addresses, order and billing information, credit reports, documentation data, trade fair minutes, etc.).

For what purposes and on what legal basis is the data processed?

We process personal data only in the context of our business activities. In addition, data processing takes place on the basis of legal requirements, on the basis of a contractual relationship or a pre-contractual relationship of trust, on the basis of your consent or if you contact us (e.g. at trade fairs, by email, by post, by telephone or via this website).
In particular, personal data is processed in the following business processes or procedures:
• Visit of the website
• Contacting
• Visitor registration, Wi-Fi guest access
• Applications
• Trade fairs, events and product training
• Advice provided by employees or trading partners
• Order processing, delivery, invoicing
• Due to legal obligations (customs and compliance screening, accident reports)
• Temporary work, training, holiday helper programs
• Quality checks and quality certificates, complaints
• Service billing of subcontractors

As part of the business relationship, you must provide the personal data that is necessary for entering into and carrying out the business relationship and that we are required to collect by law. If you do not provide us with this data, we will generally have to decline your request or decline to respond to your contact request, decline to conclude a contract or to execute the contract, or we will terminate an existing contractual relationship.
If you have given us consent to process your personal data, processing will only take place in accordance with the purposes stipulated in the declaration of consent and only to the extent agreed to therein. You may revoke your consent at any time without stating reasons with effect for the future, as far as this is legally permissible.
In addition, we reserve the right to store your first and last name, mailing address and, as far as we have received this additional information from you as part of the contractual relationship, your title, academic degree and your professional, industry or business name, in compiled lists and to use said information for our own advertising purposes, for example, to send interesting offers and information about our products, or to process applications by post. You can object to such storage and use of your data for these purposes at any time by sending a message to the address specified in the postal item.
If we pay in advance, for example in the case of a purchase on account, we reserve the right to obtain identification-related and credit information from specialised service companies (credit reporting agencies) in order to safeguard our legitimate interests.

Who is the recipient of my data?

We only transfer your data to third parties if this is permitted by law, if you have given your consent, or if the transmission is necessary to fulfil our business purposes.
If possible, the data will be anonymised or pseudonymised.
Within our group of companies, your data shall only be provided to those bodies or employees that require this data to fulfil our contractual, statutory and regulatory obligations or to safeguard legitimate interests.

Furthermore, we transfer your data to processors commissioned by us:
• IT and hosting service providers
• Security service provider, visitor registration and registration
• Credit institutions and payment providers to process payment transactions when ordering
• Backoffice service provider for the processing of promotional mailings
• Suppliers for handling product and sample orders
• Laboratories and institutes for testing products
• Transportation companies
• Distributors, if they need your data to process your order
• Agencies for surveys, marketing activities and the organisation of events.

Furthermore, data is transmitted to public authorities and institutions (tax offices, authorities, customs offices), provided that there is a legal or regulatory obligation to do so.
All processors and distributors and trade partners are contractually bound to process your data only as part of the provision of services and in accordance with the applicable data protection regulations.

If we process data in a third country (i.e. outside of the European Union [EU] or the European Economic Area [EEA]) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only be done in order to fulfil our (pre-)contractual obligations and on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we process data, or have said data processed, in a third country only if the special conditions of Art. 44 et seq. GDPR are applicable. That is, the processing is carried out, for example, on the basis of specific guarantees, such as a level of data protection that is in compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).

How long will my data be stored?

We only store your data in accordance with Articles 17 and 18 GDPR as long as it is necessary for processing the business transaction or for complying with documentation requirements. Legal requirements require that commercial letters be kept for at least 6 years, and if it contains tax-relevant content, then for at least 10 years. Our IT systems also have extensive data protection concepts that do not allow premature deletion. In this case, access to data will be restricted after expiry of the permitted storage period. Application documents will be stored or kept 24 months after completion of the recruitment. If the application is made through a recruiting agency, the master data must be kept longer.

Which data protection rights do I have?

You have the right to free information on the data stored by us concerning you as well as a right to correct, block or delete this data. If you have given your consent for the processing of the data, you can revoke such consent for future processing.
In the first instance, please contact the person who last had contact with you. In addition, you can contact our Data Protection Officer.
If you believe that we have violated European data protection laws when processing your data, we ask you to contact us to clarify your concerns. You also have the right to complain to the relevant data protection supervisory authority if you believe that the processing of your personal data is unlawful.

How secure is my data?

We use state-of-the-art security measures to protect your information appropriately. Our employees, subcontractors and trading partners are required to comply with our information security policies. To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.

 

Data protection for this website, online services and marketing

Storage of access data in server log files

You can visit our websites without having to provide any personal information. During your visit to our website, technical data such as your IP address, date, time and time zone, the status of the data requested by you, as well as information about the website from which you visit us, your browser, and the version of the operating system on your computer will be collected for a limited period of time. The data collected during your visit to our website is used solely for the technical administration of the website, for statistical purposes and to improve our online presence. Data usage when subscribing for the email newsletter: Personal data is stored if you provide it voluntarily for a specific purpose, such as via the contact form or subscribing to our newsletter, or consenting to receive electronic information, etc. This data is used solely for the stated purpose by our employees or trusted service partners.

Newsletter and info emails

The following information is intended to inform you about the contents of our newsletter as well as the subscription, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures. Contents of the newsletter: We send newsletters, emails and other electronic notifications with and without promotional information (hereinafter ‘newsletter’) only with the consent of the recipient or with legal permission. If, as part of subscribing to the newsletter, the contents of said newsletter are concretely described, it is decisive for the consent of the users. Otherwise, our newsletter contains information about our services and us.

Opt-in / Double-opt-in and logging/recording:

Subscribing to our newsletter is carried out electronically using a so-called opt-in procedure (or double opt-in). This means that you will receive an email after subscribing requesting you to confirm your subscription. This confirmation is necessary so that no one can subscribe using external email addresses and serves as proof of your consent. Newsletter subscriptions will be logged/recorded in order to prove the subscription process took place in accordance with legal requirements. This includes the storage of the subscription and confirmation time, as well as the IP address. Similarly, changes to your data stored by the delivery service provider will be logged/recorded. Subscription details: To subscribe to the newsletter, all you have to do is enter your email address. Optionally, we ask that you provide a name so that we can personally address you in the newsletter. The dispatch of the Newsletter and the related performance measurement is based on the consent of the recipient pursuant to Art. 6 Para 1 lit. a, Art. 7 of the GDPR in connection with Section 7 Para. 2 No. 3 of the Law Against Unfair Competition or on the basis of the legal permission pursuant to Section 7 Para. 3 of the Law Against Unfair Competition. The logging/recording of the subscription process is based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f of the GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users and which also allows us to prove consent. Unsubscribing/Revocation – you may unsubscribe from receiving our newsletter at any time, i.e. by revoking your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. On the basis of our legitimate interests, we may save the submitted email addresses before we delete them for the purpose of dispatching our newsletter, in order to be able to provide evidence of previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for revocation is possible at any time, provided that the existence of previous consent is simultaneously confirmed.

Newsletter – delivery service provider

The newsletter is sent by the software delivery service Eloqua, provided by Oracle Corporation, 500 Oracle Parway, Redwood Shores, CA 94065, United States of America. You can view the privacy policy of the delivery service provider here. The delivery service provider is employed based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f of the GDPR and on standard contractual clauses. The delivery service provider may use the data of recipients in pseudonymous form (i.e. without assignment to a specific user) in order to optimise or improve its own services, for example, for the technical optimisation of delivery and the design of the newsletter or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients to contact the recipients itself or to disclose data to third parties.

Newsletter – performance measurement

The newsletter contains a so-called ‘web beacon’ – a file the size of a pixel that is retrieved by our server or, where we use a delivery service provider, by that service provider’s server when the newsletter is opened. During this process, initially technical information, such as information on the browser and your system, as well as your IP address and the date and time of retrieval, is collected.

This information is used to improve the technical performance of the services based on the technical data or target groups and their reading habits based on their locations (which can be determined using the IP address) or access times. The statistical data collected includes the determination of whether the newsletter is opened, when it is opened and which links are clicked on. The analyses enable us to determine the reading habits of our users and to adapt our content accordingly or to send different content that corresponds with the interests of our users.

Use of data for email advertising without newsletter subscription and your right to object
If we receive your email address in connection with the sale of goods or services and you have not objected, we reserve the right to email you offers relating to products from our range that are similar to those purchased previously on a regular basis. You may object to this use of your email address at any time using a link provided for this purpose in the email.

Use of cookies

We use cookies on various pages in order to optimise visits to our website and enable the use of certain functions. Cookies are small text files that are stored on your end device. Some of the cookies that we use are deleted when the browser session ends, i.e. when you close your browser (session cookies). Other cookies remain on your end device and enable us to recognise your browser the next time that you visit our site (persistent cookies). You can configure your browser so that you are always informed about the use of cookies and so that you can decide whether to accept them on an individual basis, to allow the acceptance of cookies in certain cases or to exclude them generally. If you do not accept cookies, the functionality of our website may be impaired.

Find details about our cookie policy here.

Tracking and analysis

This website may contain web beacons, also known as pixel tags or tracking pixels. A web beacon is a graphic element that is usually transparent and is normally no larger than 1 x 1 pixel which is placed on the website or in an email in order to obtain further information about the user’s online behaviour. Web beacons are used by third-party technologies to monitor the activity of users on our website; this means that information about your visit to our Site may be shared with those third parties. They allow us to track which computer has accessed a specific website, when this happened and from where (at country/city level). nora uses the analytics software ‘Google Analytics’, among others, to continuously optimise its marketing communications. This enables us to track online usage behaviour with regard to time, geographical origin and use of the website. Any information that is required for the analysis is stored on Google servers.

Retargeting

We use retargeting cookies to design our website so that it is more interesting for users. Retargeting cookies are stored on the online user’s computer or device during browser sessions and enable us to appeal to users who have already shown an interest in nora products or services through ads on partner or social media websites.
These ads are displayed using cookie technology in a completely anonymous manner. No personal data (e.g. IP address or similar) whatsoever is stored and no usage profiles are combined with your personal data. Furthermore, no user-related data relating to you is sent to partner and social media websites. The display of advertising is completely anonymous.

 

Use of Google (Universal) Analytics for web analysis

This website uses Google (Universal) Analytics, a web analytics service provided by Google Inc. (www.google.de). Google (Universal) Analytics uses methods that enable your use of the website to be analysed, such as cookies – text files placed on your computer. The information generated about your use of this website is usually transmitted to and stored on a Google server in the USA. By enabling IP anonymisation on this website, the IP address is truncated within Member States of the European Union or other contracting parties to the Agreement on the European Economic Area before being sent. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. The anonymised IP address sent by your browser in the context of Google Analytics is not combined with other data held by Google.

You can prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being sent to Google and being processed by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
As an alternative to the browser plug-in, you can click on this link to prevent any future data collection by Google Analytics on this website. Doing this activates an opt-out cookie on your end device. If you delete your cookies, you will need to click on the link again.

Google Tag Manager

This website uses GTM (Google Tag Manager) to initiate and control the connection to Google Analytics. It is used primarily to minimise administrative work and analyse reporting problems.

Sitecore

This website uses the web analytics service ‘Sitecore Experience Analytics’ to continually improve the customer-friendliness of our website. Sitecore uses cookies that are stored on your computer and enable the analysis of your use of the website. The information generated by the cookie about your use of this website is transmitted to and stored by our own hosted servers. You can prevent the installation of cookies by configuring the appropriate settings in your browser software. However, please note that if you do this then you may not be able to use all the functions on this website to their full extent.

Eloqua

We use the technology Eloqua provided by Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065, United States of America on our website in order to collect and store data for marketing purposes and to optimise our website. Eloqua uses cookies to analyse your use of our website. Cookies enable the Internet browser to be recognised and allow the creation of usage profiles under a pseudonym.
The information generated by these cookies about your use of our website, including your IP address, is transmitted to and stored by a Eloqua server in the USA.
Further information about data protection is available at https://www.oracle.com/legal/privacy/ .

Google+

The ‘Google+ Share button’ is used on this website. When you click on this link, your browser connects to the Google servers and transmits the URL of our website. Plug-ins are not integrated into our website. If you are logged into Google, Google can link your visit to your account. If you do not want social networks to collect data about you or to link the visit to our website with your member data, you will need to log out before clicking on the social network link. For information about the purpose and scope of the collection and processing of data by Google and your related rights, as well as the configuration options for protecting your privacy, please see the Google privacy policy: http://www.google.com/intl/en/policies/privacy/

YouTube

Our website uses the YouTube video platform provided by YouTube LLC, 901 Cherry Ave. in San Bruno, CA 94066 USA. YouTube is a platform that enables the playback of audio and video files. When you load a page on our website, the integrated YouTube player establishes a connection to YouTube in order to enable the technical transmission of the video or audio file. Once the connection to YouTube is established, the data is transferred to YouTube. For information about the scope and purpose of data collection, the further processing and use of the data by YouTube, as well as your rights and the settings that you can configure to protect your privacy, please see the YouTube privacy policy.
Facebook
The ‘Facebook Share button’ is used on this website. When you click on this link, your browser connects to the Facebook servers and transmits the URL of our website. If you are logged into Facebook, Facebook can link your visit to your account. If you do not want social networks to collect data about you or to link the visit to our website with your member data, you will need to log out before clicking on the social network link. Information about the purpose and scope of the collection and processing of data by Facebook and your related rights, as well as the configuration options for protecting your privacy is available at http://www.facebook.com/policy.php.

Twitter

Our website uses links to the social network Twitter, which is operated by Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (‘Twitter’). If you are logged into Twitter, Twitter can link the visit to your Twitter account. If you do not want social networks to collect data about you or to link the visit to our website with your member data, you will need to log out before clicking on the social network link. For information about Twitter’s privacy policy and your rights, as well as the settings that you can configure to protect your privacy, please refer to the Twitter privacy policy.

Pinterest

This website uses the ‘Pin It share button’ provided by social media network Pinterest Inc. 808 Brannan St, San Francisco, CA 94103, USA. When you click on this link, your browser connects to the Pinterest servers and transmits the URL of our website. If you are logged into Pinterest, Pinterest can link your visit to your account. If you do not want social networks to collect data about you or to link the visit to our website with your member data, you will need to log out before clicking on the social network link. For information about the purpose and scope of the collection and processing of data by Pinterest and your related rights, as well as the configuration options for protecting your privacy, please refer to the Pinterest privacy policy: https://about.pinterest.com/en/privacy-policy.

LinkedIn

Functions and content from LinkedIn, provided by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, may be integrated in our website. This may include content such as photos, videos, text and buttons, which users use to communicate that they like content, and to subscribe to the authors of the content or our articles. If the user is a member of the LinkedIn platform, LinkedIn can link the viewing/use of the above-mentioned content and functions to the user’s LinkedIn profile.
Privacy policy: https://www.linkedin.com/legal/privacy-policy;
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Interior Design Studio – uploaded images

Please note that you cannot use our service for images that include personal information (e.g. persons shown in the room). Therefore, please ensure at all times that no persons are included in your photos.

When using the service, please use only images you intend to transfer to servers of ESIGN Software GmbH (ESIGN Software GmbH, Warmbüchenstr. 17, 30159 Hannover, Germany, e-mail: info@e-sign.com). This is necessary to be able to automatically process your images and to offer the photo service. In addition, you will be able to access the images at a later date. After 30 days of non-usage, the images are typically deleted. Furthermore, it is possible that ESIGN will store individual images for a limited amount of time in order to train and improve our recognition algorithm. If you do not agree to this, please delete your uploaded pictures in our application immediately after usage.

California Residents

This portion of our Privacy Policy advises California residents of rights provided in the California Consumer Privacy Act (“CCPA”) and how to effectuate those rights by communicating with us. Please note, we will seek to verify your identity when we receive an individual rights request from you in order to ensure the security of your personal data.

Please direct any rights requests (as further described below) or additional questions you may have regarding this Privacy Policy via phone, email, or regular mail to:

Höhnerweg 2-4, 69469 Weinheim, Germany
Telephone: (+49) 6201 - 80 5666,
email: info-de@nora.com

If you do, we will need to collect personal data and other information such as your name, email or transaction history in order to verify your identity. You may also authorize an agent to make a request on your behalf, who will need to provide similar information for verification. To designate an authorized agent, you must provide the agent with written permission to submit the request.  We may require you to confirm that you have authorized an agent to act on your behalf and to verify your identity directly (subject to certain exceptions) as permitted by law. We may refuse a request if the agent does not provide adequate proof of their authorization as permitted by law. 

Right to Correct Personal Data

You have the right to correct inaccurate personal information that we maintain about you. Upon verifying your identity and the validity of your request, we will use reasonable efforts to correct your personal information as directed. In certain circumstances, we may not be able to satisfy this request depending on the nature of the personal information and purposes for maintaining it. 

Right to Deletion of Personal Data

California residents have the right to request the deletion of personal data as prescribed in Section 1798.105(a) of the CCPA. nora may not delete some or all requested personal data if such personal data as required or allowed by applicable law. Upon verifying your identity and the validity of your request, we will delete your personal information from our records and instruct our service providers, affiliates, or third parties to delete your information as required by law . We may deny your deletion request if retaining the information is permitted under law.

Right of Access: Right to Request Disclosure of Data Collection and Sharing Practices

You may request to receive details about how we collect, use, and share your personal data. Specifically, you may request to receive the specific pieces of personal data that we have collected about you.

You may also request to receive:

  • the categories of personal data that we have collected about you,
  • the categories of personal data that we have disclosed for a business purpose,
  • the categories of sources from which we collected the personal data,
  • our purposes for collecting that personal data, and
  • the categories of parties with whom we share your personal data.

Right to Opt-Out of Sale

We do not and will not sell (as defined in the CCPA) your personal data.

We do not sell the personal information of individual who we knew to be under 16 years of age.

Right to not be Discriminated Against for Exercising CCPA Rights

We do not discriminate against you for exercising any CCPA rights, such as the access and deletion rights described above. If we choose to offer a product enhancement or financial incentive that is contingent on you sharing personal data, we will ensure that the value provided to us by that collection is reasonably related to the value of the product enhancement or financial incentive.

The below chart summarizes our collection, use, and disclosure of personal data:

 
Types of Personal Data Collected Source of the Personal Data Purpose for Collection Information Disclosed for a Business or Commercial Purpose? (Yes/No) Categories of Third Parties (Which Does Not Include Service Providers) with whom the Personal Data is Shared.
Identifiers (e.g., name, e-mail, postal address, and phone number) Information directly submitted by a consumer online or offline (such as at a trade show); information collected pursuant to a transaction; information collected through communications with our customer service department; and information collected from business partners. To deliver and provide our products and related services.
 
To analyze business and consumer trends.
 
Internal record keeping and operations, including legal compliance.
 
Marketing products and services.
 
To provide customer support.
Yes Not disclosed to third parties.
Demographic Information Information directly submitted by a consumer online or offline (such as at a trade show); information collected pursuant to a transaction; information collected through communications with our customer service department; and information collected from business partners To deliver and provide our products and related services.
 
To analyze business and consumer trends.
 
Internal record keeping and operations, including legal compliance.
 
Marketing products and services.
 
To provide customer support.
Yes Not disclosed to third parties.
Professional or Employment Information Information directly submitted by a consumer online or offline (such as at a trade show); information collected pursuant to a transaction; information collected through communications with our customer service department; and information collected from business partners. To deliver and provide our products and related services.
 
To analyze business and consumer trends.
 
Internal record keeping and operations, including legal compliance.
 
Marketing products and services.
 
To provide customer support.
Yes Not disclosed to third parties.
Commercial Information (e.g., purchase histories) Information directly submitted by a consumer online or offline (such as through a survey); information collected pursuant to a transaction; information collected through communications with our customer service department; and information collected from business partners. To deliver and provide our products and related services.
 
To analyze business and consumer trends.
 
Internal record keeping and operations, including legal compliance.
 
Marketing products and services.
 
To provide customer support.
 
Yes Not disclosed to third parties.
Consumer Preferences Information directly submitted by a consumer online or offline (such as at a trade show); information collected pursuant to a transaction; information collected through communications with our customer service department; and information collected from business partners. To deliver the services and to analyze programming and application usage data.
 
To analyze programming and application usage.
 
Internal record keeping.
 
Marketing products and services.
 
To provide customer support.
 
Yes Not disclosed to third parties.
Website Browsing Activity Web tracking technology such as browser cookies, flash cookies, and web beacons. Website functionality, customization and security.
 
Advertising and marketing.
Yes Third party web tracking providers and marketing partners (but only at your direction).

Certain laws require that we indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. We do not monitor or follow any Do Not Track browser requests.

Adaptation of the privacy policy

Please note that we may make, or may need to make, changes to this information in accordance with Art. 13/14 GDPR on data processing where required. The current version of this information in accordance with Art. 13/14 GDPR can always be found on our website.

 
How to Contact us
Flooring Finder
Room Designer
Find nora on LinkedIn